Solved Virus wreaking havoc on my PC

J

Jules815

Posts: 21   +0
So I was downloading a file on aug 12 and briefly saw a Command window pop up and disappear and just knew in my heart that I had welcomed a virus into my PC. I was right. My computer started acting funny and I had managed to get the XP Security virus. I found some help with it and managed to remove it from my system but my PC has not been the same since...I am fairly certain it did some damage while it was here. Now I get a blue screen after I startup XP displaying a message about a bad Atapi file. I also get random sounds and Google redirects. I did a diagnostic startup running only required services and drivers (no Audio) and my PC was running better than it has since I purchased it. Since I am fairly familiar with computers (no expert but not a beginner) I went through a LOT of forum info and did run all the requested programs listed in the 6 Steps and will post my logs below. I am hoping someone will be able to help me. I have the computer functional (barely) but after a short while it stops responding completely and has to be rebooted (several times a day) I am at a loss and well out of my league.

I appreciate any assistance with this!
 
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7552

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/24/2011 3:19:42 PM
mbam-log-2011-08-24 (15-19-42).txt

Scan type: Quick scan
Objects scanned: 205741
Time elapsed: 41 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D9291F9E-7010-4D7A-8DF6-455DEEF8EF51} (PUP.LivingPlay) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Value: (default) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-08-24 15:51:14
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_6L080P0 rev.BAJ41G10
Running: pjp1vjsv.exe; Driver: C:\DOCUME~1\USER\LOCALS~1\Temp\pwtdapog.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwEnumerateKey [0xF74F2FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xF74F3340]

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T1L0-17 8AA1D51B
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8AA1D51B
Device \Driver\atapi \Device\Ide\IdePort0 [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8AA1D51B
Device \Driver\atapi \Device\Ide\IdePort1 [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-f 8AA1D51B
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f [F7859B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device 8AADC1E8
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device 8A5FF500
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 6/10/2006 1:32:28 PM
System Uptime: 8/24/2011 4:00:29 PM (0 hours ago)
.
Motherboard: Dell Computer Corp. | | 0WF887
Processor: Intel(R) Celeron(R) CPU 2.53GHz | Microprocessor | 2527/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 53 GiB total, 8.292 GiB free.
D: is FIXED (NTFS) - 18 GiB total, 8.59 GiB free.
E: is CDROM (CDFS)
F: is CDROM ()
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_01D51028&REV_02\4&1C660DD6&0&40F0
Manufacturer: Intel
Name: Intel(R) PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_01D51028&REV_02\4&1C660DD6&0&40F0
Service: E100B
.
==== System Restore Points ===================
.
RP1: 8/14/2011 2:43:42 PM - System Checkpoint
RP2: 8/18/2011 3:48:46 PM - System Checkpoint
RP3: 8/22/2011 8:46:26 AM - System Checkpoint
.
==== Installed Programs ======================
.
µTorrent
Acoustica MP3 CD Burner
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 8.1.4
Adzilla Pro
AI RoboForm (All Users)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Avira AntiVir Personal - Free Antivirus
Banner Maker Pro Version 7
Bejeweled 2 Deluxe
Bejeweled Blitz
Bing Bar
Bonjour
camerasoft
Canon CanoScan Toolbox 4.9
Canon ScanGear Starter
CloneDVD 4.3.0.3
CoffeeCup Ad Producer
Compatibility Pack for the 2007 Office system
Conduit Engine
Coupon Printer for Windows
CutePDF Writer 2.7
Dell CinePlayer
Dell Driver Reset Tool
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Digital Content Portal
Dragon NaturallySpeaking 5.0
Dropbox
EarthLink setup files
eBay Toolbar Featuring Yahoo!
eDATA Unerase
EPSON Print CD
EPSON Printer Software
EPSON Stylus Photo R260 User's Guide
EPSON Web-To-Page
FloorPlan 3D v11
Free Video to iPhone Converter version 3.2
GoodSync
Google Earth Plug-in
Google Talk (remove only)
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
InterVideo DeviceService
IP Camera
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 26
Java(TM) SE Runtime Environment 6 Update 1
LeapFrog Connect
LeapFrog Tag Junior Plugin
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Flash Player
Malwarebytes' Anti-Malware version 1.51.1.1800
Manual CanoScan LiDE 60
MCU
Memturbo (TM) 4
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 97, Professional Edition
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Picture It! Publishing 2001
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Web Publishing Wizard 1.52
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Word 2000 SR-1
Microsoft Works 2001 Setup Launcher
Microsoft Works 6.0
MobileMe Control Panel
Mozilla Firefox 5.0.1 (x86 en-US)
MP3 Rocket
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch® Jukebox
MyPoints Point Finder
Napster
Napster Burn Engine
Napster Label Creator
Network Camera Recorder
NetZeroInstallers
OE-Mail Recovery 1.7
office Convert Pdf to Document Free 5.0
OmniPage SE 2.0
OpenOffice.org 3.1
Palm
Photo Frame Maker 2.8
Plan3D
PopCap Browser Plugin
PowerISO
PrintMaster 12
PrintMaster Gold 3.00
Qualxserve Service Agreement
QuickTime
RealPlayer Basic
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Safari
Secunia PSI (2.0.0.3003)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Shockwave
Skype web features
Skype™ 4.1
Snagit 10
Sonic Activation Module
Sonic Update Manager
Stamps.com
Stamps.com Application Support for Microsoft Word 2000-2010
Stamps.com support for Microsoft Word 2000-2010
The Classified Connection Demo
TiVo Desktop
TomTom HOME 2.7.6.2056
TomTom HOME Visual Studio Merge Modules
Total Fonts 2002
TradeManager 2010 Beta1
TwitterBlasterPro
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Upromise TurboSaver (remove only)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin)
Userlytics Studio
Viewpoint Media Player
viraltrafficfrenzy Toolbar
Visual C++ Runtime for Dragon NaturallySpeaking
VLC media player 1.1.0
WebCyberCoach 3.2 Dell
WebFldrs XP
Winamp
WinAVI Video Converter
Windows Defender
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live Upload Tool
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
Windows XP Winter Fun Pack Screensavers
WinRAR archiver
Wisdom-soft ScreenHunter 5.1 Pro
WordPerfect Office 12
Works Suite OS Pack
Works Synchronization
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Zero Assumption Digital Image Recovery 1.2
Zero Assumption Recovery Version 8.5
.
==== Event Viewer Messages From Past Week ========
.
8/24/2011 9:59:39 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/24/2011 9:40:11 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
8/24/2011 10:30:10 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
8/24/2011 10:18:31 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service helpsvc with arguments "" in order to run the server: {833E4010-AFF7-4AC3-AAC2-9F24C1457BCE}
8/24/2011 10:16:40 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
8/23/2011 2:26:07 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
8/23/2011 2:26:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
8/23/2011 2:25:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/23/2011 2:19:09 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb Fips intelppm SCDEmu ssmdrv
8/23/2011 2:16:09 PM, error: Service Control Manager [7024] - The Distributed Transaction Coordinator service terminated with service-specific error 3221229584 (0xC0001010).
8/23/2011 2:16:09 PM, error: Service Control Manager [7023] - The Network Security service terminated with the following error: The specified module could not be found.
8/23/2011 1:09:29 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
.
==== End Of File ===========================
 
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by USER at 16:05:33 on 2011-08-24
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1448 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
svchost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.optimum.net/Home
uSearch Page =
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uSearch Bar =
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uURLSearchHooks: viraltrafficfrenzy Toolbar: {fee90072-01ea-4444-8fca-d460fe44f920} - c:\program files\viraltrafficfrenzy\prxtbvir0.dll
uURLSearchHooks: FCToolbarURLSearchHook Class: {96b985b7-3cf9-456a-9db6-791710e60f5f} - c:\program files\mypoints point finder\Helper.dll
uURLSearchHooks: H - No File
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: eBay Toolbar Helper: {22d8e815-4a5e-4dfb-845e-aab64207f5bd} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: MyPoints Point Finder BHO: {614bda1f-9bef-4cd1-bde4-fa4804929b4a} - c:\program files\mypoints point finder\Toolbar.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: i5 Browser Button Helper: {74549586-617f-448d-a0b9-332af8fcaf21} - i5 Browser Button Helper
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - c:\program files\upromise\dca-bho.dll
BHO: {D100785D-979C-4E15-B963-EEFAEC32DE2D} - No File
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: MP3 Rocket Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
BHO: Upromise TurboSaver: {edc0f17f-f4b7-47e4-b73e-887faeb376fa} - c:\program files\upromise\upromisetoolbar.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
BHO: viraltrafficfrenzy Toolbar: {fee90072-01ea-4444-8fca-d460fe44f920} - c:\program files\viraltrafficfrenzy\prxtbvir0.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: eBay Toolbar: {92085ad4-f48a-450d-bd93-b28cc7df67ce} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: MP3 Rocket Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
TB: viraltrafficfrenzy Toolbar: {fee90072-01ea-4444-8fca-d460fe44f920} - c:\program files\viraltrafficfrenzy\prxtbvir0.dll
TB: Upromise TurboSaver: {06e58e5e-f8cb-4049-991e-a41c03bd419e} - c:\program files\upromise\upromisetoolbar.dll
TB: MyPoints Point Finder: {89a2510a-b4b6-4683-bec9-1b96700bc7f1} - c:\program files\mypoints point finder\Toolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {21B3866C-DD0C-4675-A87C-A62BF21366AF} - No File
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [8DDYX0ZBPZ] c:\windows\temp\Dl1.exe
StartupFolder: c:\docume~1\user\startm~1\programs\startup\memturbo.lnk - c:\program files\memturbo 4\MemTurbo.exe
IE: &Search
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - c:\program files\upromise\upromisetoolbar.dll
IE: {086FBB95-507D-4b52-AEBF-A18347065FBC} - {765D7625-CF96-401D-81DB-B0DD61106D0D}
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: about.com\entrepreneurs
Trusted Zone: discount-fuel.com\www
Trusted Zone: musicmatch.com\online
DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - hxxp://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} - hxxp://www.worldwinner.com/games/v54/zengems/zengems.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://mypoints.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://cabinetstogo.2020.net/Core/Player/2020PlayerAX_Win32.cab
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - hxxp://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} - hxxp://www.worldwinner.com/games/v48/brickout/brickout.cab
DPF: {2E062718-4B2D-4926-9E31-36ECB6F4F273} - hxxp://www.worldwinner.com/games/v46/nhltrivia/nhltrivia.cab
DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} - hxxp://192.168.1.253/JpegInst.cab
DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - hxxp://www.worldwinner.com/games/v50/pool/pool.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo1.walgreens.com/WalgreensActivia.cab
DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - hxxp://coupons.smartsource.com/download/cscmv5X.cab
DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1150053432265
DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v50/jeopardy/jeopardy.cab
DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - hxxp://www.worldwinner.com/games/v41/freecell/freecell.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {94B82441-A413-4E43-8422-D49930E69764} - hxxps://chat1.j2.com/Media/Visitorchat/TLIEFlash.CAB
DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/SCJohnson/Coupons.cab
DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} - hxxp://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab
DPF: {97438FE9-D361-4279-BA82-98CC0877A717} - hxxp://www.worldwinner.com/games/v57/cubis/cubis.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} - hxxp://www.worldwinner.com/games/v49/luxor/luxor.cab
DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - hxxp://www.worldwinner.com/games/v67/swapit/swapit.cab
DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} - hxxp://www.worldwinner.com/games/v45/monopoly/monopoly.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} - hxxp://www.worldwinner.com/games/v43/paint/paint.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - hxxp://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EAEFAD15-8753-45EF-94B0-1BAA7970CC21} - hxxp://192.168.0.253/MpegInst.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5220/mcfscan.cab
DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} - hxxp://192.168.0.253/JpegInst.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\xl6bzh0y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT383545&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - rtnews Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.optimum.net/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=OCYTDF&PC=OCDY&q=
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\xl6bzh0y.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\xl6bzh0y.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\xl6bzh0y.default\extensions\{9e06d377-8c36-46df-9e57-0f6f3f5ee23e}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\xl6bzh0y.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npww.dll
FF - plugin: c:\program files\opera\program\plugins\nppdf32.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-6-22 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-6-22 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-6-22 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-22 66616]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-14 366640]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416]
R2 TivoBeacon2;TiVo Beacon;c:\program files\common files\tivo shared\beacon\TiVoBeacon.exe [2006-7-11 857088]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-14 22712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-3-15 183560]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2009-12-26 18560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-14 41272]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 sysid;sysid;c:\windows\system32\drivers\sysid.sys [2008-10-7 6336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
.
=============== Created Last 30 ================
.
2011-08-14 23:12:29 41272 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-14 23:12:22 22712 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-08-14 23:12:22 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-14 16:56:13 81920 -c----w- c:\windows\system32\ieencode.dll
2011-08-14 16:55:13 19569 -c--a-w- c:\windows\000001_.tmp
2011-08-14 16:41:01 -------- dc----w- C:\67b57d973977e51a102a2704ef657488
2011-08-14 14:25:35 -------- dc----w- c:\documents and settings\all users\application data\ErrorEND
2011-08-13 03:25:42 -------- dc----w- c:\program files\opinionsquare
2011-08-12 23:23:37 64512 -csha-r- c:\windows\system32\wbcache2.dll
2011-08-12 20:56:37 40056 -c--a-w- c:\windows\system32\NicInst.dll
2011-08-12 20:56:37 28272 -c--a-w- c:\windows\system32\NicCo2.dll
2011-08-12 20:55:51 73576 -c--a-w- c:\windows\system32\drivers\LMouFlt2.Sys
2011-08-12 20:55:51 26104 -c--a-w- c:\windows\system32\drivers\LHidFlt2.Sys
2011-08-12 20:55:51 19968 -c--a-w- c:\windows\Logi_MwX.Exe
2011-08-12 20:50:41 -------- dc----w- c:\documents and settings\all users\Uniblue
2011-08-12 20:02:37 0 -c--a-w- c:\documents and settings\user\local settings\application data\rsqs.exe
2011-08-12 20:02:37 0 -c--a-w- c:\documents and settings\all users\application data\xlqk.exe
2011-08-12 20:02:36 0 -c--a-w- c:\documents and settings\user\local settings\application data\maka.exe
2011-08-12 20:02:36 0 -c--a-w- c:\documents and settings\user\local settings\application data\jlpy.exe
2011-08-12 20:02:36 0 -c--a-w- c:\documents and settings\user\local settings\application data\dsgb.exe
2011-08-12 20:02:36 0 -c--a-w- c:\documents and settings\all users\application data\ntfw.exe
2011-08-12 20:02:36 0 -c--a-w- c:\documents and settings\all users\application data\gdie.exe
2011-08-12 20:02:36 0 -c--a-w- c:\documents and settings\all users\application data\echx.exe
2011-08-12 19:50:57 -------- dc-h--w- c:\documents and settings\all users\application data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-08-12 19:50:57 -------- dc----w- c:\program files\Uniblue
2011-08-12 19:50:39 -------- dc----w- c:\documents and settings\user\local settings\application data\PackageAware
2011-08-12 19:29:16 -------- dc----w- c:\documents and settings\user\local settings\application data\Secunia PSI
2011-08-12 19:26:58 -------- dc----w- c:\program files\Secunia
2011-08-11 15:22:33 0 -c--a-w- c:\documents and settings\user\local settings\application data\vcgl.exe
2011-08-11 15:22:33 0 -c--a-w- c:\documents and settings\user\local settings\application data\qoeu.exe
2011-08-11 15:22:33 0 -c--a-w- c:\documents and settings\user\local settings\application data\lcqe.exe
2011-08-11 15:22:33 0 -c--a-w- c:\documents and settings\all users\application data\mucp.exe
2011-08-11 15:22:33 0 -c--a-w- c:\documents and settings\all users\application data\lxhy.exe
2011-08-11 15:22:33 0 -c--a-w- c:\documents and settings\all users\application data\ikdm.exe
2011-08-11 15:22:33 0 -c--a-w- c:\documents and settings\all users\application data\csem.exe
2011-08-11 15:22:32 0 -c--a-w- c:\documents and settings\user\local settings\application data\ubwe.exe
2011-08-10 12:11:10 6881616 -c--a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{32e8e6be-be33-4f9c-8ac0-ed8cfb6abb05}\mpengine.dll
2011-08-01 14:02:10 2106216 -c--a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-08-01 14:02:10 1998168 -c--a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-07-26 18:42:44 -------- dc----w- c:\program files\iPod
2011-07-26 18:42:35 -------- dc----w- c:\program files\iTunes
2011-07-26 18:33:55 -------- dc----w- c:\program files\Bonjour
.
==================== Find3M ====================
.
2011-08-22 17:49:05 404640 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-12 20:56:37 35424 -c--a-w- c:\windows\system32\e100bmsg.dll
2011-08-12 20:56:37 165496 -c--a-w- c:\windows\system32\drivers\e100b325.sys
2011-08-04 00:03:24 72080 -c--a-w- c:\documents and settings\user\g2mdlhlpx.exe
2011-07-15 13:29:31 456320 -c--a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 15:20:54 83816 -c--a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20:54 73064 -c--a-w- c:\windows\system32\dnssd.dll
2011-07-08 14:02:00 10496 -c--a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-04 22:25:21 66616 -c--a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-24 14:10:36 139656 -c--a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 -c--a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 -c----w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 -c--a-w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 -c--a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02:05 1858944 -c--a-w- c:\windows\system32\win32k.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_6L080P0 rev.BAJ41G10 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8AA1C6D0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8aa229d0]; MOV EAX, [0x8aa22a4c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8AB42AB8]
3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E37D5] -> [0x8A9D1608]
\Driver\atapi[0x8AAAEB60] -> IRP_MJ_CREATE -> 0x8AA1C6D0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62d; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8AA1C51B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 16:08:34.20 ===============
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================================================

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Broni thank you so much for your help with this!

2011/08/24 23:06:37.0671 3832 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/24 23:06:38.0031 3832 ================================================================================
2011/08/24 23:06:38.0031 3832 SystemInfo:
2011/08/24 23:06:38.0031 3832
2011/08/24 23:06:38.0031 3832 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/24 23:06:38.0031 3832 Product type: Workstation
2011/08/24 23:06:38.0031 3832 ComputerName: OFFICE
2011/08/24 23:06:38.0031 3832 UserName: USER
2011/08/24 23:06:38.0031 3832 Windows directory: C:\WINDOWS
2011/08/24 23:06:38.0031 3832 System windows directory: C:\WINDOWS
2011/08/24 23:06:38.0031 3832 Processor architecture: Intel x86
2011/08/24 23:06:38.0031 3832 Number of processors: 1
2011/08/24 23:06:38.0031 3832 Page size: 0x1000
2011/08/24 23:06:38.0031 3832 Boot type: Normal boot
2011/08/24 23:06:38.0031 3832 ================================================================================
2011/08/24 23:06:40.0453 3832 Initialize success
2011/08/24 23:06:43.0500 3680 ================================================================================
2011/08/24 23:06:43.0500 3680 Scan started
2011/08/24 23:06:43.0500 3680 Mode: Manual;
2011/08/24 23:06:43.0500 3680 ================================================================================
2011/08/24 23:06:44.0859 3680 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/08/24 23:06:44.0953 3680 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/24 23:06:45.0093 3680 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/24 23:06:45.0218 3680 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/08/24 23:06:45.0359 3680 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/24 23:06:45.0515 3680 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
2011/08/24 23:06:45.0609 3680 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/24 23:06:45.0796 3680 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/08/24 23:06:45.0890 3680 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/08/24 23:06:46.0000 3680 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/08/24 23:06:46.0109 3680 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/08/24 23:06:46.0171 3680 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/08/24 23:06:46.0328 3680 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/08/24 23:06:46.0437 3680 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/08/24 23:06:46.0515 3680 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/08/24 23:06:46.0625 3680 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/08/24 23:06:46.0750 3680 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/08/24 23:06:46.0859 3680 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/08/24 23:06:47.0046 3680 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/08/24 23:06:47.0140 3680 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2011/08/24 23:06:47.0343 3680 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/24 23:06:47.0437 3680 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/24 23:06:47.0656 3680 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/24 23:06:47.0765 3680 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/24 23:06:47.0921 3680 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/08/24 23:06:48.0046 3680 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/08/24 23:06:48.0203 3680 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/08/24 23:06:48.0296 3680 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/24 23:06:48.0453 3680 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
2011/08/24 23:06:48.0578 3680 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/08/24 23:06:48.0703 3680 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/24 23:06:48.0812 3680 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/08/24 23:06:48.0906 3680 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/24 23:06:49.0093 3680 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/24 23:06:49.0203 3680 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/08/24 23:06:49.0312 3680 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/08/24 23:06:49.0421 3680 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/24 23:06:49.0609 3680 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/08/24 23:06:49.0781 3680 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/08/24 23:06:49.0890 3680 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/08/24 23:06:50.0046 3680 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/08/24 23:06:50.0218 3680 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/24 23:06:50.0390 3680 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/08/24 23:06:50.0468 3680 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/08/24 23:06:50.0515 3680 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/08/24 23:06:50.0671 3680 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/08/24 23:06:50.0750 3680 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/08/24 23:06:50.0812 3680 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/08/24 23:06:50.0968 3680 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/08/24 23:06:51.0093 3680 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/08/24 23:06:51.0171 3680 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/08/24 23:06:51.0343 3680 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/24 23:06:51.0515 3680 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/24 23:06:51.0656 3680 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/24 23:06:51.0781 3680 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/24 23:06:51.0921 3680 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/08/24 23:06:52.0078 3680 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/24 23:06:52.0765 3680 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/08/24 23:06:53.0281 3680 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/08/24 23:06:53.0640 3680 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/08/24 23:06:53.0828 3680 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/08/24 23:06:53.0953 3680 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/08/24 23:06:54.0093 3680 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/24 23:06:54.0265 3680 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/24 23:06:54.0343 3680 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/24 23:06:54.0468 3680 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/24 23:06:54.0593 3680 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/24 23:06:54.0718 3680 FlyUsb (8efa9bfc940d9eb9348d9dafb839fe25) C:\WINDOWS\system32\DRIVERS\FlyUsb.sys
2011/08/24 23:06:54.0890 3680 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/24 23:06:54.0953 3680 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/24 23:06:55.0140 3680 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/24 23:06:55.0281 3680 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/24 23:06:55.0390 3680 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/24 23:06:55.0453 3680 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/08/24 23:06:55.0609 3680 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/24 23:06:55.0718 3680 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/08/24 23:06:55.0890 3680 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/08/24 23:06:56.0031 3680 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/24 23:06:56.0171 3680 ialm (0294a30b302ca71a2c26e582dda93486) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/08/24 23:06:56.0343 3680 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/24 23:06:56.0500 3680 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/08/24 23:06:56.0640 3680 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/08/24 23:06:56.0750 3680 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/24 23:06:56.0875 3680 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/24 23:06:57.0015 3680 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/24 23:06:57.0125 3680 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/24 23:06:57.0218 3680 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/24 23:06:57.0296 3680 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/24 23:06:57.0468 3680 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/24 23:06:57.0562 3680 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/24 23:06:57.0703 3680 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/24 23:06:57.0796 3680 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/24 23:06:57.0890 3680 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/24 23:06:58.0093 3680 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/24 23:06:58.0359 3680 LHidFlt2 (360beca015f67deba9490e204849180e) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
2011/08/24 23:06:58.0484 3680 LMouFlt2 (d8af21830fcd3292617fb798a8538573) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
2011/08/24 23:06:58.0593 3680 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys
2011/08/24 23:06:59.0125 3680 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/08/24 23:06:59.0515 3680 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/24 23:06:59.0625 3680 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/24 23:06:59.0765 3680 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/24 23:06:59.0859 3680 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/24 23:07:00.0031 3680 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/24 23:07:00.0140 3680 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/08/24 23:07:00.0265 3680 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/24 23:07:00.0437 3680 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/24 23:07:00.0671 3680 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/24 23:07:00.0750 3680 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/24 23:07:00.0828 3680 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/24 23:07:00.0984 3680 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/24 23:07:01.0078 3680 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/24 23:07:01.0171 3680 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/24 23:07:01.0343 3680 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/24 23:07:01.0468 3680 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/24 23:07:01.0593 3680 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/24 23:07:01.0671 3680 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/24 23:07:01.0765 3680 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/24 23:07:02.0046 3680 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/24 23:07:02.0125 3680 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/24 23:07:02.0343 3680 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/24 23:07:02.0453 3680 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/24 23:07:02.0656 3680 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/24 23:07:02.0781 3680 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/24 23:07:03.0359 3680 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/24 23:07:03.0437 3680 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/24 23:07:03.0656 3680 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/24 23:07:03.0734 3680 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/24 23:07:03.0812 3680 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/24 23:07:04.0062 3680 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/24 23:07:04.0203 3680 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/24 23:07:04.0328 3680 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/24 23:07:04.0468 3680 Pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\Pcouffin.sys
2011/08/24 23:07:04.0828 3680 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/08/24 23:07:05.0031 3680 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/08/24 23:07:05.0234 3680 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/24 23:07:05.0328 3680 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/24 23:07:05.0484 3680 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
2011/08/24 23:07:05.0546 3680 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/24 23:07:05.0625 3680 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/24 23:07:05.0765 3680 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/08/24 23:07:05.0875 3680 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/08/24 23:07:05.0968 3680 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/08/24 23:07:06.0062 3680 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/08/24 23:07:06.0156 3680 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/08/24 23:07:06.0281 3680 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/24 23:07:06.0375 3680 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/24 23:07:06.0500 3680 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/24 23:07:06.0578 3680 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/24 23:07:06.0671 3680 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/24 23:07:06.0796 3680 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/24 23:07:07.0078 3680 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/24 23:07:07.0343 3680 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/24 23:07:07.0468 3680 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/24 23:07:07.0593 3680 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/08/24 23:07:07.0718 3680 SCDEmu (612a3d69e603dbbe5c3c1079186a0393) C:\WINDOWS\system32\drivers\SCDEmu.sys
2011/08/24 23:07:07.0937 3680 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/24 23:07:08.0093 3680 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2011/08/24 23:07:08.0328 3680 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/24 23:07:08.0406 3680 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/24 23:07:08.0609 3680 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/24 23:07:08.0781 3680 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/08/24 23:07:09.0062 3680 smwdm (0066ff77aeb4ae70066f7e94d5a6d866) C:\WINDOWS\system32\drivers\smwdm.sys
2011/08/24 23:07:09.0437 3680 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/08/24 23:07:09.0562 3680 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/24 23:07:09.0687 3680 sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys
2011/08/24 23:07:09.0687 3680 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329
2011/08/24 23:07:09.0718 3680 sptd - detected LockedFile.Multi.Generic (1)
2011/08/24 23:07:09.0859 3680 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/24 23:07:10.0000 3680 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/24 23:07:10.0171 3680 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/08/24 23:07:10.0328 3680 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/24 23:07:10.0390 3680 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/24 23:07:10.0531 3680 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/08/24 23:07:10.0640 3680 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/08/24 23:07:10.0750 3680 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/08/24 23:07:10.0828 3680 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/08/24 23:07:10.0984 3680 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/24 23:07:11.0078 3680 sysid (b69dad08e137341495b7edb412f20dbf) C:\WINDOWS\System32\drivers\sysid.sys
2011/08/24 23:07:11.0250 3680 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/24 23:07:11.0468 3680 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/24 23:07:11.0593 3680 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/24 23:07:11.0671 3680 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/24 23:07:11.0859 3680 tmcomm (df8444a8fa8fd38d8848bdd40a8403b3) C:\WINDOWS\system32\drivers\tmcomm.sys
2011/08/24 23:07:11.0984 3680 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/08/24 23:07:12.0156 3680 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/24 23:07:12.0265 3680 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/08/24 23:07:12.0421 3680 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/24 23:07:12.0671 3680 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/24 23:07:12.0765 3680 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/08/24 23:07:12.0921 3680 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/24 23:07:13.0015 3680 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/24 23:07:13.0125 3680 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/24 23:07:13.0328 3680 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/24 23:07:13.0390 3680 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/24 23:07:13.0453 3680 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/24 23:07:13.0531 3680 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/24 23:07:13.0687 3680 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/24 23:07:13.0796 3680 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/08/24 23:07:14.0062 3680 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/08/24 23:07:14.0171 3680 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/24 23:07:14.0468 3680 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/24 23:07:14.0718 3680 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/24 23:07:14.0984 3680 MBR (0x1B8) (87f75abb087c82bee3a1fbec42bbabd0) \Device\Harddisk0\DR0
2011/08/24 23:07:15.0000 3680 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/08/24 23:07:15.0015 3680 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR5
2011/08/24 23:07:15.0062 3680 Boot (0x1200) (29f1eec0ad15c4a5da2b96899238cace) \Device\Harddisk0\DR0\Partition0
2011/08/24 23:07:15.0109 3680 Boot (0x1200) (c966739137c87bf51fa0c3cf9aed733e) \Device\Harddisk0\DR0\Partition1
2011/08/24 23:07:15.0140 3680 Boot (0x1200) (d30e4b9b031a36673b28559510ea8153) \Device\Harddisk1\DR5\Partition0
2011/08/24 23:07:15.0140 3680 ================================================================================
2011/08/24 23:07:15.0140 3680 Scan finished
2011/08/24 23:07:15.0140 3680 ================================================================================
2011/08/24 23:07:15.0187 3980 Detected object count: 2
2011/08/24 23:07:15.0187 3980 Actual detected object count: 2
2011/08/24 23:07:32.0468 3980 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/08/24 23:07:32.0500 3980 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/08/24 23:07:32.0500 3980 \Device\Harddisk0\DR0 - ok
2011/08/24 23:07:32.0500 3980 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/08/24 23:07:41.0937 3580 Deinitialize success
 
Very well :)

Is computer doing better?

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

==============================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Thanks Broni, yes a bit better already haven't been redirected online since yesterday...I still get redirected when I try to open any site from a Google Search though. I did have to Uninstall Avira before ComboFix would run but I have not re-installed it per your instructions not to download anything else...otherwise all went smooth here are the logs:

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2192768 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2192768 bytes
0x804D7000 RAW 2192768 bytes
0x804D7000 WMIxWDM 2192768 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF74EC000 PCI_NTPNP0690 958464 bytes
0xF74EC000 sptd.sys 958464 bytes
0xBF070000 C:\WINDOWS\System32\ialmdd5.DLL 901120 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0xB9013000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 831488 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xB8E66000 C:\WINDOWS\system32\drivers\senfilt.sys 733184 bytes (Creative Technology Ltd., Creative WDM Audio Driver)
0xF7B52000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xAF7A9000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB8DE0000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAF92E000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xBF14C000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA342D000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB8F3D000 C:\WINDOWS\system32\drivers\smwdm.sys 262144 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xBF040000 C:\WINDOWS\System32\ialmdev5.DLL 196608 bytes (Intel Corporation, Component GHAL Driver)
0xF74A6000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF7A0B000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA32EF000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xAF841000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xAF906000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xAF75C000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 159744 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0xB8FB4000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 159744 bytes (Intel Corporation, Intel(R) PRO/100 Adapter NDIS 5.1 driver)
0xAF783000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA3C04000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB8F19000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB8FDB000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB8F7D000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xAF8E4000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806EF000 ACPI_HAL 131840 bytes
0x806EF000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7830000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 131072 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF7868000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF7B38000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7850000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA3BBF000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 98304 bytes (Sonic Solutions, Drive Letter Access Component)
0xF74D4000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xA3716000 C:\WINDOWS\system32\drivers\tmcomm.sys 98304 bytes (Trend Micro Inc., TrendMicro Common Module)
0xA3BED000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 94208 bytes (Avira GmbH, Avira Minifilter Driver)
0xF7A38000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB8E4F000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA3BD7000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xA3BA9000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xF795F000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
0xA3B1C000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB8FA0000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB8FFF000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAF987000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7975000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xACFE9000 C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys 69632 bytes (Logitech, Inc., Logitech Filter Driver for Mouse Class.)
0xF7495000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB8E3E000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xAFE54000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB9FDC000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB9FFC000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xBA725000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA735000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF76B7000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7445000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF7637000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA715000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7617000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA6E5000 C:\WINDOWS\System32\Drivers\Pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)
0xF7687000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7887000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB9FEC000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7607000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA705000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xAE258000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 40960 bytes (Sonic Solutions, Device Driver Manager)
0xF75F7000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF7485000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7647000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA6D5000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xA339A000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF7627000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xAE2C8000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA00C000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xA34D6000 C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xBA6F5000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF7405000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xBA06C000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7777000 C:\WINDOWS\system32\drivers\Afc.sys 32768 bytes (Arcsoft, Inc., Arcsoft(R) ASPI Shell)
0xF7787000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF7817000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7727000 C:\WINDOWS\System32\Drivers\SCDEmu.SYS 32768 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)
0xF776F000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xAD443000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xF77FF000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xAF894000 C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys 28672 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0xF7707000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB01BB000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xB018B000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF77F7000 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 24576 bytes (Sonic Solutions, Shared Driver Component)
0xF777F000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF77A7000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF77AF000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF781F000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xF7767000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7807000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF780F000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7797000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF779F000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF778F000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xAD44B000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xA35BE000 C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xAD294000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xAF874000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xAD2A0000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0xBA7CC000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xABE2A000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA7E4000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xB8341000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xA5239000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBA76F000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xBA773000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xAF87C000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA7DC000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xA360E000 C:\WINDOWS\system32\DRIVERS\psi_mf.sys 12288 bytes (Secunia, Secunia PSI Driver)
0xBA76B000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xA413C000 C:\WINDOWS\System32\Drivers\ASCTRM.SYS 8192 bytes (Windows (R) 2000 DDK provider, TR Manager)
0xF7995000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xF798D000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF79E7000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Sonic Solutions, Shared Driver Component)
0xF7A09000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xA4136000 C:\WINDOWS\system32\DRIVERS\dsunidrv.sys 8192 bytes (Gteko Ltd., GUniDriver)
0xB9DFF000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF798B000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF798F000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7991000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF79E9000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0xF79EB000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xB9E03000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7989000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xB9DF6000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7A66000 C:\WINDOWS\System32\Drivers\Cdr4_xp.SYS 4096 bytes (Sonic Solutions, CDR4 CD and DVD Place Holder Driver (see PxHelp))
0xF7A68000 C:\WINDOWS\System32\Drivers\Cdralw2k.SYS 4096 bytes (Sonic Solutions, CDRAL Place Holder Driver (see PxHelp))
0xF7AB8000 C:\WINDOWS\System32\DLA\DLADResN.SYS 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xA8026000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7A69000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8AADC1E8 unknown_irp_handler 3608 bytes
0x8A9631E8 unknown_irp_handler 3608 bytes
0x8A97C1E8 unknown_irp_handler 3608 bytes
0x8AB4C1E8 unknown_irp_handler 3608 bytes
0x8A8BD1E8 unknown_irp_handler 3608 bytes
0x8A40C688 unknown_irp_handler 2424 bytes
0x8A34D790 unknown_irp_handler 2160 bytes
0x8A405790 unknown_irp_handler 2160 bytes
0x8A44A790 unknown_irp_handler 2160 bytes
0x8A5D5790 unknown_irp_handler 2160 bytes
==============================================
>Stealth
==============================================
WARNING: Virus alike driver modification [bthpan.sys]
WARNING: Virus alike driver modification [adpu160m.sys]
WARNING: Virus alike driver modification [sffp_mmc.sys]
WARNING: Virus alike driver modification [tmcomm.sys]
WARNING: Virus alike driver modification [hidusb.sys]
WARNING: Virus alike driver modification [hsfdpsp2.sys]
WARNING: Virus alike driver modification [dxapi.sys]
WARNING: Virus alike driver modification [ndistapi.sys]
WARNING: Virus alike driver modification [atinrvxx.sys]
WARNING: Virus alike driver modification [mup.sys]
WARNING: Virus alike driver modification [sffp_sd.sys]
WARNING: Virus alike driver modification [irenum.sys]
WARNING: Virus alike driver modification [wadv08nt.sys]
WARNING: Virus alike driver modification [sfloppy.sys]
WARNING: Virus alike driver modification [ati1mdxx.sys]
WARNING: Virus alike driver modification [acpiec.sys]
WARNING: Virus alike driver modification [afc.sys]
WARNING: Virus alike driver modification [cpqdap01.sys]
WARNING: Virus alike driver modification [wadv07nt.sys]
WARNING: Virus alike driver modification [mdmxsdk.sys]
WARNING: Virus alike driver modification [wadv09nt.sys]
WARNING: Virus alike driver modification [sffdisk.sys]
WARNING: Virus alike driver modification [wadv11nt.sys]
WARNING: Virus alike driver modification [pcmcia.sys]
WARNING: Virus alike driver modification [amsint.sys]
WARNING: Virus alike driver modification [nikedrv.sys]
WARNING: Virus alike driver modification [rio8drv.sys]
WARNING: Virus alike driver modification [riodrv.sys]
WARNING: Virus alike driver modification [ws2ifsl.sys]
WARNING: Virus alike driver modification [tdpipe.sys]
WARNING: Virus alike driver modification [ati1pdxx.sys]
WARNING: Virus alike driver modification [fsvga.sys]
WARNING: Virus alike driver modification [mouhid.sys]
WARNING: Virus alike driver modification [usbvideo.sys]
WARNING: Virus alike driver modification [tunmp.sys]
WARNING: Virus alike driver modification [nwlnkflt.sys]
WARNING: Virus alike driver modification [ftdisk.sys]
WARNING: Virus alike driver modification [mtlmnt5.sys]
WARNING: Virus alike driver modification [mutohpen.sys]
WARNING: Virus alike driver modification [aha154x.sys]
WARNING: Virus alike driver modification [usb8023.sys]
WARNING: Virus alike driver modification [usb8023x.sys]
WARNING: Virus alike driver modification [slnt7554.sys]
WARNING: Virus alike driver modification [fltmgr.sys]
WARNING: Virus alike driver modification [mtlstrm.sys]
WARNING: Virus alike driver modification [slwdmsup.sys]
WARNING: Virus alike driver modification [packet.sys]
WARNING: Virus alike driver modification [wsp_pkt.sys]
WARNING: Virus alike driver modification [recagent.sys]
WARNING: Virus alike driver modification [avipbb.sys]
WARNING: Virus alike driver modification [atinmdxx.sys]
WARNING: Virus alike driver modification [atinttxx.sys]
WARNING: Virus alike driver modification [hnm_wrls_pkt.sys]
WARNING: Virus alike driver modification [afd.sys]
WARNING: Virus alike driver modification [cbidf2k.sys]
WARNING: Virus alike driver modification [rdpwd.sys]
WARNING: Virus alike driver modification [ks.sys]
WARNING: Virus alike driver modification [diskdump.sys]
WARNING: Virus alike driver modification [wacompen.sys]
WARNING: Virus alike driver modification [asyncmac.sys]
WARNING: Virus alike driver modification [atinpdxx.sys]
WARNING: Virus alike driver modification [fastfat.sys]
WARNING: Virus alike driver modification [usbport.sys]
WARNING: Virus alike driver modification [hdaudbus.sys]
WARNING: Virus alike driver modification [kbdhid.sys]
WARNING: Virus alike driver modification [ndisuio.sys]
WARNING: Virus alike driver modification [smclib.sys]
WARNING: Virus alike driver modification [portcls.sys]
WARNING: Virus alike driver modification [dac960nt.sys]
WARNING: Virus alike driver modification [asc3550.sys]
WARNING: Virus alike driver modification [cpqarray.sys]
WARNING: Virus alike driver modification [tape.sys]
WARNING: Virus alike driver modification [usbscan.sys]
WARNING: Virus alike driver modification [ipnat.sys]
WARNING: Virus alike driver modification [dmio.sys]
WARNING: Virus alike driver modification [mssmbios.sys]
WARNING: Virus alike driver modification [psi_mf.sys]
WARNING: Virus alike driver modification [serenum.sys]
WARNING: Virus alike driver modification [usbintel.sys]
WARNING: Virus alike driver modification [ini910u.sys]
WARNING: Virus alike driver modification [symc810.sys]
WARNING: Virus alike driver modification [netbt.sys]
WARNING: Virus alike driver modification [raspti.sys]
WARNING: Virus alike driver modification [e100b325.sys]
WARNING: Virus alike driver modification [s3gnbm.sys]
WARNING: Virus alike driver modification [bthenum.sys]
WARNING: Virus alike driver modification [kmixer.sys]
WARNING: Virus alike driver modification [mraid35x.sys]
WARNING: Virus alike driver modification [rdbss.sys]
WARNING: Virus alike driver modification [ptilink.sys]
WARNING: Virus alike driver modification [dac2w2k.sys]
WARNING: Virus alike driver modification [ntmtlfax.sys]
WARNING: Virus alike driver modification [mrxdav.sys]
WARNING: Virus alike driver modification [ndis.sys]
WARNING: Virus alike driver modification [FlyUsb.sys]
WARNING: Virus alike driver modification [i2omp.sys]
WARNING: Virus alike driver modification [cdaudio.sys]
WARNING: Virus alike driver modification [acpi.sys]
WARNING: Virus alike driver modification [bthusb.sys]
WARNING: Virus alike driver modification [wpdusb.sys]
WARNING: Virus alike driver modification [nv4_mini.sys]
WARNING: Virus alike driver modification [msfs.sys]
WARNING: Virus alike driver modification [sparrow.sys]
WARNING: Virus alike driver modification [tdi.sys]
WARNING: Virus alike driver modification [hidir.sys]
WARNING: Virus alike driver modification [iqvw32.sys]
WARNING: Virus alike driver modification [rdpdr.sys]
WARNING: Virus alike driver modification [partmgr.sys]
WARNING: Virus alike driver modification [dpti2o.sys]
WARNING: Virus alike driver modification [rmcast.sys]
WARNING: Virus alike driver modification [flpydisk.sys]
WARNING: Virus alike driver modification [secdrv.sys]
WARNING: Virus alike driver modification [usbuhci.sys]
WARNING: Virus alike driver modification [ipinip.sys]
WARNING: Virus alike driver modification [vga.sys]
WARNING: Virus alike driver modification [ati1ttxx.sys]
WARNING: Virus alike driver modification [tsbvcap.sys]
WARNING: Virus alike driver modification [tdtcp.sys]
WARNING: Virus alike driver modification [hsfbs2s2.sys]
WARNING: Virus alike driver modification [watv06nt.sys]
WARNING: Virus alike driver modification [avgntmgr.sys]
WARNING: Virus alike driver modification [asc3350p.sys]
WARNING: Virus alike driver modification [DLARTL_N.SYS]
WARNING: Virus alike driver modification [tcpip6.sys]
WARNING: Virus alike driver modification [mbam.sys]
WARNING: Virus alike driver modification [mouclass.sys]
WARNING: Virus alike driver modification [ABP480N5.SYS]
WARNING: Virus alike driver modification [kbdclass.sys]
WARNING: Virus alike driver modification [hidparse.sys]
WARNING: Virus alike driver modification [pciidex.sys]
WARNING: Virus alike driver modification [sonydcam.sys]
WARNING: Virus alike driver modification [watv10nt.sys]
WARNING: Virus alike driver modification [hidbth.sys]
WARNING: Virus alike driver modification [usbcamd.sys]
WARNING: Virus alike driver modification [usbcamd2.sys]
WARNING: Virus alike driver modification [usbprint.sys]
WARNING: Virus alike driver modification [hpn.sys]
WARNING: Virus alike driver modification [smwdm.sys]
WARNING: Virus alike driver modification [LHidFlt2.Sys]
WARNING: Virus alike driver modification [cinemst2.sys]
WARNING: Virus alike driver modification [ati1snxx.sys]
WARNING: Virus alike driver modification [usbstor.sys]
WARNING: Virus alike driver modification [asc.sys]
WARNING: Virus alike driver modification [http.sys]
WARNING: Virus alike driver modification [GEARAspiWDM.sys]
WARNING: Virus alike driver modification [bthport.sys]
WARNING: Virus alike driver modification [perc2.sys]
WARNING: Virus alike driver modification [fdc.sys]
WARNING: Virus alike driver modification [sym_hi.sys]
WARNING: Virus alike driver modification [ssmdrv.sys]
WARNING: Virus alike driver modification [atinsnxx.sys]
WARNING: Virus alike driver modification [ati1xbxx.sys]
WARNING: Virus alike driver modification [modem.sys]
WARNING: Virus alike driver modification [usbehci.sys]
WARNING: Virus alike driver modification [rndismp.sys]
WARNING: Virus alike driver modification [rndismpx.sys]
WARNING: Virus alike driver modification [ati1raxx.sys]
WARNING: Virus alike driver modification [sym_u3.sys]
WARNING: Virus alike driver modification [npfs.sys]
WARNING: Virus alike driver modification [atmepvc.sys]
WARNING: Virus alike driver modification [atinxbxx.sys]
WARNING: Virus alike driver modification [usbccgp.sys]
WARNING: Virus alike driver modification [nwlnkfwd.sys]
WARNING: Virus alike driver modification [symc8xx.sys]
WARNING: Virus alike driver modification [ati2mtaa.sys]
WARNING: Virus alike driver modification [ipfltdrv.sys]
WARNING: Virus alike driver modification [scdemu.sys]
WARNING: Virus alike driver modification [ql10wnt.sys]
WARNING: Virus alike driver modification [rawwan.sys]
WARNING: Virus alike driver modification [wanarp.sys]
WARNING: Virus alike driver modification [netbios.sys]
WARNING: Virus alike driver modification [ati1xsxx.sys]
WARNING: Virus alike driver modification [msgpc.sys]
WARNING: Virus alike driver modification [atmuni.sys]
WARNING: Virus alike driver modification [srv.sys]
WARNING: Virus alike driver modification [processr.sys]
WARNING: Virus alike driver modification [tcpip.sys]
WARNING: Virus alike driver modification [disk.sys]
WARNING: Virus alike driver modification [intelppm.sys]
WARNING: Virus alike driver modification [ati1tuxx.sys]
WARNING: Virus alike driver modification [bthprint.sys]
WARNING: Virus alike driver modification [ip6fw.sys]
WARNING: Virus alike driver modification [crusoe.sys]
WARNING: Virus alike driver modification [ultra.sys]
WARNING: Virus alike driver modification [hidclass.sys]
WARNING: Virus alike driver modification [isapnp.sys]
WARNING: Virus alike driver modification [amdk6.sys]
WARNING: Virus alike driver modification [amdk7.sys]
WARNING: Virus alike driver modification [bthmodem.sys]
WARNING: Virus alike driver modification [update.sys]
WARNING: Virus alike driver modification [nmnt.sys]
WARNING: Virus alike driver modification [ql1080.sys]
WARNING: Virus alike driver modification [ql1240.sys]
WARNING: Virus alike driver modification [slntamr.sys]
WARNING: Virus alike driver modification [DRVNDDM.SYS]
WARNING: Virus alike driver modification [termdd.sys]
WARNING: Virus alike driver modification [ndproxy.sys]
WARNING: Virus alike driver modification [sisagp.sys]
WARNING: Virus alike driver modification [mbamswissarmy.sys]
WARNING: Virus alike driver modification [raspppoe.sys]
WARNING: Virus alike driver modification [imapi.sys]
WARNING: Virus alike driver modification [beep.sys]
WARNING: Virus alike driver modification [mnmdd.sys]
WARNING: Virus alike driver modification [rdpcdd.sys]
WARNING: Virus alike driver modification [viaagp.sys]
WARNING: Virus alike driver modification [agp440.sys]
WARNING: Virus alike driver modification [mountmgr.sys]
WARNING: Virus alike driver modification [usbaapl.sys]
WARNING: Virus alike driver modification [alim1541.sys]
WARNING: Virus alike driver modification [p3.sys]
WARNING: Virus alike driver modification [amdagp.sys]
WARNING: Virus alike driver modification [swenum.sys]
WARNING: Virus alike driver modification [wmilib.sys]
WARNING: Virus alike driver modification [fips.sys]
WARNING: Virus alike driver modification [uagp35.sys]
WARNING: Virus alike driver modification [agpcpq.sys]
WARNING: Virus alike driver modification [pxhelp20.sys]
WARNING: Virus alike driver modification [mtxparhm.sys]
WARNING: Virus alike driver modification [ql12160.sys]
WARNING: Virus alike driver modification [mrxsmb.sys]
WARNING: Virus alike driver modification [gagp30kx.sys]
WARNING: Virus alike driver modification [usbd.sys]
WARNING: Virus alike driver modification [pcouffin.sys]
WARNING: Virus alike driver modification [raspptp.sys]
WARNING: Virus alike driver modification [ql1280.sys]
WARNING: Virus alike driver modification [stream.sys]
WARNING: Virus alike driver modification [classpnp.sys]
WARNING: Virus alike driver modification [BVRPMPR5.SYS]
WARNING: Virus alike driver modification [mspqm.sys]
WARNING: Virus alike driver modification [toside.sys]
WARNING: Virus alike driver modification [rasl2tp.sys]
WARNING: Virus alike driver modification [tosdvd.sys]
WARNING: Virus alike driver modification [avgntdd.sys]
WARNING: Virus alike driver modification [atinraxx.sys]
WARNING: Virus alike driver modification [volsnap.sys]
WARNING: Virus alike driver modification [aliide.sys]
WARNING: Virus alike driver modification [i8042prt.sys]
WARNING: Virus alike driver modification [dmusic.sys]
WARNING: Virus alike driver modification [dsunidrv.sys]
WARNING: Virus alike driver modification [mspclock.sys]
WARNING: Virus alike driver modification [viaide.sys]
WARNING: Virus alike driver modification [intelide.sys]
WARNING: Virus alike driver modification [perc2hib.sys]
WARNING: Virus alike driver modification [aic78u2.sys]
WARNING: Virus alike driver modification [atmlane.sys]
WARNING: Virus alike driver modification [nwlnkspx.sys]
WARNING: Virus alike driver modification [DLACDBHM.SYS]
WARNING: Virus alike driver modification [swmidi.sys]
WARNING: Virus alike driver modification [ati1btxx.sys]
WARNING: Virus alike driver modification [aic78xx.sys]
WARNING: Virus alike driver modification [ntfs.sys]
WARNING: Virus alike driver modification [redbook.sys]
WARNING: Virus alike driver modification [atinbtxx.sys]
WARNING: Virus alike driver modification [vdmindvd.sys]
WARNING: Virus alike driver modification [dmload.sys]
WARNING: Virus alike driver modification [rootmdm.sys]
WARNING: Virus alike driver modification [smbali.sys]
WARNING: Virus alike driver modification [rfcomm.sys]
WARNING: Virus alike driver modification [usbhub.sys]
WARNING: Virus alike driver modification [atmarpc.sys]
WARNING: Virus alike driver modification [USBAUDIO.sys]
WARNING: Virus alike driver modification [drmk.sys]
WARNING: Virus alike driver modification [arp1394.sys]
WARNING: Virus alike driver modification [sysaudio.sys]
WARNING: Virus alike driver modification [nic1394.sys]
WARNING: Virus alike driver modification [splitter.sys]
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\sptd.sys]
WARNING: Virus alike driver modification [cdrom.sys]
WARNING: Virus alike driver modification [nwlnknb.sys]
WARNING: Virus alike driver modification [sysid.sys]
WARNING: Virus alike driver modification [atinxsxx.sys]
WARNING: Virus alike driver modification [ati1rvxx.sys]
WARNING: Virus alike driver modification [cdfs.sys]
WARNING: Virus alike driver modification [mf.sys]
WARNING: Virus alike driver modification [serial.sys]
WARNING: Virus alike driver modification [udfs.sys]
WARNING: Virus alike driver modification [cmdide.sys]
WARNING: Virus alike driver modification [avgntflt.sys]
WARNING: Virus alike driver modification [parvdm.sys]
WARNING: Virus alike driver modification [pci.sys]
WARNING: Virus alike driver modification [hsfcxts2.sys]
WARNING: Virus alike driver modification [psched.sys]
WARNING: Virus alike driver modification [ati2mtag.sys]
WARNING: Virus alike driver modification [bridge.sys]
WARNING: Virus alike driver modification [atintuxx.sys]
WARNING: Virus alike driver modification [senfilt.sys]
WARNING: Virus alike driver modification [sr.sys]
WARNING: Virus alike driver modification [LMouFlt2.Sys]
WARNING: Virus alike driver modification [ipsec.sys]
WARNING: Virus alike driver modification [mskssrv.sys]
WARNING: Virus alike driver modification [cd20xrnt.sys]
WARNING: Virus alike driver modification [mcd.sys]
WARNING: Virus alike driver modification [sdbus.sys]
WARNING: Virus alike driver modification [fs_rec.sys]
WARNING: Virus alike driver modification [dmboot.sys]
WARNING: Virus alike driver modification [parport.sys]
WARNING: Virus alike driver modification [videoprt.sys]
WARNING: Virus alike driver modification [ialmnt5.sys]
WARNING: Virus alike driver modification [wdmaud.sys]
WARNING: Virus alike driver modification [asctrm.sys]
WARNING: Virus alike driver modification [i2omgmt.sys]
WARNING: Virus alike driver modification [rasacd.sys]
WARNING: Virus alike driver modification [nwlnkipx.sys]
WARNING: Virus alike driver modification [DRVMCDB.SYS]
WARNING: Virus alike driver modification [ndiswan.sys]
WARNING: Virus alike driver modification [ksecdd.sys]
WARNING: Virus alike driver modification [slnthal.sys]
WARNING: Virus alike driver modification [scsiport.sys]
WARNING: Virus alike driver modification [atapi.sys]
WARNING: Virus alike driver modification [atapi1.sys]
 
aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-25 08:17:14
-----------------------------
08:17:14.937 OS Version: Windows 5.1.2600 Service Pack 3
08:17:14.937 Number of processors: 1 586 0x409
08:17:14.937 ComputerName: OFFICE UserName: USER
08:17:15.656 Initialize success
08:17:32.203 AVAST engine defs: 11082401
08:17:37.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
08:17:37.796 Disk 0 Vendor: Maxtor_6L080P0 BAJ41G10 Size: 76293MB BusType: 3
08:17:39.843 Disk 0 MBR read successfully
08:17:39.843 Disk 0 MBR scan
08:17:39.890 Disk 0 unknown MBR code
08:17:39.906 Disk 0 scanning sectors +156248190
08:17:40.000 Disk 0 scanning C:\WINDOWS\system32\drivers
08:18:08.078 Service scanning
08:18:09.140 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
08:18:09.765 Modules scanning
08:18:23.500 Disk 0 trace - called modules:
08:18:23.531 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys sptd.sys hal.dll >>UNKNOWN [0x8aafe8ac]<<
08:18:23.562 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aab1ab8]
08:18:23.578 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ab46d98]
08:18:23.984 AVAST engine scan C:\WINDOWS
08:18:37.203 AVAST engine scan C:\WINDOWS\system32
08:23:40.828 AVAST engine scan C:\WINDOWS\system32\drivers
08:24:21.156 AVAST engine scan C:\Documents and Settings\USER
08:46:48.593 AVAST engine scan C:\Documents and Settings\All Users
08:54:01.812 Scan finished successfully
08:54:24.515 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\USER\Desktop\MBR.dat"
08:54:24.531 The log file has been saved successfully to "C:\Documents and Settings\USER\Desktop\aswMBR.txt"

_____________________________________________________

ComboFix 11-08-24.06 - USER 08/25/2011 9:43.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1623 [GMT -4:00]
Running from: c:\documents and settings\USER\Desktop\ComboFix.exe
AV: *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\USER\Application Data\inst.exe
c:\documents and settings\USER\g2mdlhlpx.exe
c:\documents and settings\USER\Local Settings\Application Data\dsgb.exe
c:\documents and settings\USER\Local Settings\Application Data\ie_runner_app.exe
c:\documents and settings\USER\Local Settings\Application Data\jlpy.exe
c:\documents and settings\USER\Local Settings\Application Data\lcqe.exe
c:\documents and settings\USER\Local Settings\Application Data\maka.exe
c:\documents and settings\USER\Local Settings\Application Data\qoeu.exe
c:\documents and settings\USER\Local Settings\Application Data\rsqs.exe
c:\documents and settings\USER\Local Settings\Application Data\ubwe.exe
c:\documents and settings\USER\Local Settings\Application Data\vcgl.exe
c:\documents and settings\USER\My Documents\~WRL0001.tmp
c:\documents and settings\USER\My Documents\~WRL0004.tmp
c:\documents and settings\USER\My Documents\~WRL0698.tmp
c:\documents and settings\USER\My Documents\~WRL2379.tmp
c:\documents and settings\USER\My Documents\5031.doc
c:\documents and settings\USER\WINDOWS
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\Downloaded Program Files\CpnMgr.dll
c:\windows\Downloaded Program Files\Install.inf
c:\windows\system32\comct332.ocx
c:\windows\system32\office.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_6to4
.
.
((((((((((((((((((((((((( Files Created from 2011-07-25 to 2011-08-25 )))))))))))))))))))))))))))))))
.
.
2011-08-14 23:12 . 2011-07-06 23:52 41272 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-14 23:12 . 2011-08-14 23:12 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-14 23:12 . 2011-07-06 23:52 22712 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-08-14 16:56 . 2008-04-14 09:41 81920 -c----w- c:\windows\system32\ieencode.dll
2011-08-14 16:55 . 2006-12-29 04:31 19569 -c--a-w- c:\windows\000001_.tmp
2011-08-14 16:41 . 2011-08-14 16:42 -------- dc----w- C:\67b57d973977e51a102a2704ef657488
2011-08-14 14:25 . 2011-08-14 14:25 -------- dc----w- c:\documents and settings\All Users\Application Data\ErrorEND
2011-08-13 03:25 . 2011-08-13 03:25 -------- dc----w- c:\program files\opinionsquare
2011-08-12 23:23 . 2011-08-12 23:23 64512 -csha-r- c:\windows\system32\wbcache2.dll
2011-08-12 20:56 . 2011-08-12 20:56 40056 -c--a-w- c:\windows\system32\NicInst.dll
2011-08-12 20:56 . 2011-08-12 20:56 28272 -c--a-w- c:\windows\system32\NicCo2.dll
2011-08-12 20:55 . 2011-08-12 20:55 73576 -c--a-w- c:\windows\system32\drivers\LMouFlt2.Sys
2011-08-12 20:55 . 2011-08-12 20:55 26104 -c--a-w- c:\windows\system32\drivers\LHidFlt2.Sys
2011-08-12 20:55 . 2011-08-12 20:55 19968 -c--a-w- c:\windows\Logi_MwX.Exe
2011-08-12 20:50 . 2011-08-12 20:50 -------- dc----w- c:\documents and settings\All Users\Uniblue
2011-08-12 20:44 . 2011-08-12 20:45 -------- dc----w- c:\documents and settings\Administrator
2011-08-12 20:02 . 2011-08-12 20:02 0 -c--a-w- c:\documents and settings\All Users\Application Data\xlqk.exe
2011-08-12 20:02 . 2011-08-12 20:02 0 -c--a-w- c:\documents and settings\All Users\Application Data\ntfw.exe
2011-08-12 20:02 . 2011-08-12 20:02 0 -c--a-w- c:\documents and settings\All Users\Application Data\gdie.exe
2011-08-12 20:02 . 2011-08-12 20:02 0 -c--a-w- c:\documents and settings\All Users\Application Data\echx.exe
2011-08-12 19:50 . 2011-08-23 18:24 -------- dc----w- c:\program files\Uniblue
2011-08-12 19:50 . 2011-08-12 19:50 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-08-12 19:50 . 2011-08-12 19:50 -------- dc----w- c:\documents and settings\USER\Local Settings\Application Data\PackageAware
2011-08-12 19:29 . 2011-08-12 19:29 -------- dc----w- c:\documents and settings\USER\Local Settings\Application Data\Secunia PSI
2011-08-12 19:26 . 2011-08-12 19:26 -------- dc----w- c:\program files\Secunia
2011-08-11 21:57 . 2011-08-11 21:57 -------- dc----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-08-11 21:45 . 2011-08-11 21:46 -------- dc----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-08-11 15:22 . 2011-08-11 15:22 0 -c--a-w- c:\documents and settings\All Users\Application Data\mucp.exe
2011-08-11 15:22 . 2011-08-11 15:22 0 -c--a-w- c:\documents and settings\All Users\Application Data\lxhy.exe
2011-08-11 15:22 . 2011-08-11 15:22 0 -c--a-w- c:\documents and settings\All Users\Application Data\ikdm.exe
2011-08-11 15:22 . 2011-08-11 15:22 0 -c--a-w- c:\documents and settings\All Users\Application Data\csem.exe
2011-08-10 12:11 . 2011-07-13 03:39 6881616 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{32E8E6BE-BE33-4F9C-8AC0-ED8CFB6ABB05}\mpengine.dll
2011-08-01 14:02 . 2010-01-01 08:00 2106216 -c--a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-08-01 14:02 . 2010-01-01 08:00 1998168 -c--a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-07-26 18:42 . 2011-07-26 18:42 -------- dc----w- c:\program files\iPod
2011-07-26 18:42 . 2011-07-26 18:44 -------- dc----w- c:\program files\iTunes
2011-07-26 18:33 . 2011-07-26 18:33 -------- dc----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-22 17:49 . 2011-05-14 14:04 404640 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-18 22:56 . 2010-10-16 15:47 10240 -c--a-r- c:\documents and settings\USER\Application Data\Microsoft\Installer\{92DE00D8-87E0-4ED0-A94E-AC3443828D53}\Icon92DE00D8.exe
2011-08-12 20:56 . 2006-05-11 12:58 35424 -c--a-w- c:\windows\system32\e100bmsg.dll
2011-08-12 20:56 . 2004-08-10 17:59 165496 -c--a-w- c:\windows\system32\drivers\e100b325.sys
2011-07-15 13:29 . 2006-05-11 12:57 456320 -c--a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-13 03:39 . 2009-03-31 20:45 6881616 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-07-12 15:20 . 2011-07-12 15:20 83816 -c--a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 -c--a-w- c:\windows\system32\dnssd.dll
2011-07-08 14:02 . 2004-08-10 17:51 10496 -c--a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2004-08-10 18:01 139656 -c--a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2004-08-10 17:51 916480 -c--a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2004-08-10 17:51 43520 -c----w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2004-08-10 17:51 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-10 17:51 385024 -c--a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-10 17:51 293376 -c--a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02 . 2004-08-10 17:51 1858944 -c--a-w- c:\windows\system32\win32k.sys
2011-07-08 07:16 . 2011-04-13 14:37 142296 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fee90072-01ea-4444-8fca-d460fe44f920}"= "c:\program files\viraltrafficfrenzy\prxtbvir0.dll" [2011-01-17 175912]
"{96b985b7-3cf9-456a-9db6-791710e60f5f}"= "c:\program files\MyPoints Point Finder\Helper.dll" [2011-03-30 357376]
.
[HKEY_CLASSES_ROOT\clsid\{fee90072-01ea-4444-8fca-d460fe44f920}]
.
[HKEY_CLASSES_ROOT\clsid\{96b985b7-3cf9-456a-9db6-791710e60f5f}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{9FEBEA6D-4801-4D23-97E7-A771B698E442}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 -c--a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A}]
2011-03-30 13:13 1538048 -c--a-w- c:\program files\MyPoints Point Finder\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 17:29 1490312 -c--a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fee90072-01ea-4444-8fca-d460fe44f920}]
2011-01-17 14:54 175912 -c--a-w- c:\program files\viraltrafficfrenzy\prxtbvir0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
"{fee90072-01ea-4444-8fca-d460fe44f920}"= "c:\program files\viraltrafficfrenzy\prxtbvir0.dll" [2011-01-17 175912]
"{89A2510A-B4B6-4683-BEC9-1B96700BC7F1}"= "c:\program files\MyPoints Point Finder\Toolbar.dll" [2011-03-30 1538048]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{fee90072-01ea-4444-8fca-d460fe44f920}]
.
[HKEY_CLASSES_ROOT\clsid\{89a2510a-b4b6-4683-bec9-1b96700bc7f1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{061ED138-E065-4356-82AA-578F7F1EEAF1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
"{FEE90072-01EA-4444-8FCA-D460FE44F920}"= "c:\program files\viraltrafficfrenzy\prxtbvir0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{89A2510A-B4B6-4683-BEC9-1B96700BC7F1}"= "c:\program files\MyPoints Point Finder\Toolbar.dll" [2011-03-30 1538048]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{fee90072-01ea-4444-8fca-d460fe44f920}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{89a2510a-b4b6-4683-bec9-1b96700bc7f1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{061ED138-E065-4356-82AA-578F7F1EEAF1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 -c--a-w- c:\documents and settings\USER\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 -c--a-w- c:\documents and settings\USER\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 -c--a-w- c:\documents and settings\USER\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 -c--a-w- c:\documents and settings\USER\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\USER\Start Menu\Programs\Startup\
MemTurbo.lnk - c:\program files\Memturbo 4\MemTurbo.exe [2009-6-13 2314752]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
2011-05-17 17:29 395144 -c--a-w- c:\program files\Ask.com\Updater\Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 16:48 58656 -c--a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2009-05-21 14:55 206064 -c--a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 10:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
2009-03-19 15:12 632048 -c--a-w- c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 -c--a-w- c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-04-06 00:19 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-04-06 00:22 94208 -c--a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 15:44 249856 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
2011-08-12 20:55 19968 -c--a-w- c:\windows\Logi_MwX.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2009-11-10 15:14 443728 -c--a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 21:44 3883856 -c--a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2005-04-06 00:23 114688 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-15 00:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 16:59 254696 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-08-24 09:38 247144 -c--a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Upromise Tray]
2010-12-14 15:10 241360 -c--a-w- c:\program files\Upromise\UpromiseTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Upromise Update]
2010-12-02 19:22 175800 -c--a-w- c:\program files\Upromise\dca-ua.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 23:20 866584 -c--a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wisdom-soft ScreenHunter 5.1 Pro]
2010-05-10 16:09 5634560 -c--a-w- c:\program files\Wisdom-soft ScreenHunter 5 Pro\ScreenHunter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TiVo\\Desktop\\TiVoServer.exe"=
"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\MP3 Rocket\\MP3Rocket.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Documents and Settings\\USER\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\trademanager\\AliIM.exe"=
"c:\\Program Files\\MyPoints Point Finder\\TroubleShooter.exe"=
"c:\\Program Files\\MyPoints Point Finder\\ToolbarUpdate.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:mad:xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:mad:xpsp2res.dll,-22016
"500:UDP"= 500:UDP:mad:xpsp2res.dll,-22017
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/29/2009 12:11 PM 685816]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/14/2011 7:12 PM 366640]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/19/2011 2:44 AM 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [4/19/2011 2:44 AM 399416]
R2 TivoBeacon2;TiVo Beacon;c:\program files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [7/11/2006 8:22 AM 857088]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/24/2010 5:38 AM 92008]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/14/2011 7:12 PM 22712]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 4:30 AM 15544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 6:53 PM 135664]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [3/15/2011 10:27 PM 183560]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [12/26/2009 11:26 AM 18560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 6:53 PM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/14/2011 7:12 PM 41272]
S3 sysid;sysid;c:\windows\system32\drivers\sysid.sys [10/7/2008 12:05 PM 6336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
terlfsc REG_MULTI_SZ TermServices
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 -c--a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 22:52]
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 22:52]
.
2011-08-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
2011-08-25 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-05-17 17:29]
.
2011-08-25 c:\windows\Tasks\User_Feed_Synchronization-{A17FAAF1-5649-488B-A8D5-E1386C59E2C5}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.optimum.net/Home
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {{086FBB95-507D-4b52-AEBF-A18347065FBC} - {765D7625-CF96-401D-81DB-B0DD61106D0D} -
Trusted Zone: about.com\entrepreneurs
Trusted Zone: discount-fuel.com\www
Trusted Zone: musicmatch.com\online
TCP: DhcpNameServer = 192.168.1.1
DPF: {EAEFAD15-8753-45EF-94B0-1BAA7970CC21} - hxxp://192.168.0.253/MpegInst.cab
DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} - hxxp://192.168.0.253/JpegInst.cab
FF - ProfilePath - c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\xl6bzh0y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT383545&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - rtnews Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.optimum.net/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=OCYTDF&PC=OCDY&q=
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{74549586-617F-448D-A0B9-332AF8FCAF21} - (no file)
BHO-{D100785D-979C-4E15-B963-EEFAEC32DE2D} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
Notify-teldvw32 - (no file)
Notify-terlfsvses - (no file)
MSConfigStartUp-3314072689 - c:\documents and settings\USER\Local Settings\Application Data\owi.exe
MSConfigStartUp-590945864 - c:\documents and settings\USER\Local Settings\Application Data\ccq.exe
MSConfigStartUp-Advanced SystemCare 3 - c:\program files\IObit\Advanced SystemCare 3\AWC.exe
MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-PowerSuite - c:\progra~1\Uniblue\POWERS~1\launcher.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-25 09:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\documents and settings\USER\Application Data\Dropbox\shellext\l\4e565671 124 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2468)
c:\windows\system32\WININET.dll
c:\documents and settings\USER\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
.
**************************************************************************
.
Completion time: 2011-08-25 10:08:22 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-25 14:08
.
Pre-Run: 8,814,698,496 bytes free
Post-Run: 9,380,950,016 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 30169CCC4568FF8191EB15AF155C1B5C
 
Uninstall Ask Toolbar, typical foistware.

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box
  • Click OK
Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\windows\system32\wbcache2.dll
c:\documents and settings\All Users\Application Data\xlqk.exe
c:\documents and settings\All Users\Application Data\ntfw.exe
c:\documents and settings\All Users\Application Data\gdie.exe
c:\documents and settings\All Users\Application Data\echx.exe
c:\documents and settings\All Users\Application Data\csem.exe
c:\documents and settings\All Users\Application Data\ikdm.exe
c:\documents and settings\All Users\Application Data\lxhy.exe
c:\documents and settings\All Users\Application Data\mucp.exe
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job


Folder::
c:\documents and settings\All Users\Uniblue


DDS::
Trusted Zone: about.com\entrepreneurs
Trusted Zone: discount-fuel.com\www
Trusted Zone: musicmatch.com\online

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"=-


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
ComboFix 11-08-25.03 - USER 08/25/2011 21:43:20.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1559 [GMT -4:00]
Running from: c:\documents and settings\USER\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\USER\Desktop\CFScript.txt
AV: *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
FILE ::
"c:\documents and settings\All Users\Application Data\csem.exe"
"c:\documents and settings\All Users\Application Data\echx.exe"
"c:\documents and settings\All Users\Application Data\gdie.exe"
"c:\documents and settings\All Users\Application Data\ikdm.exe"
"c:\documents and settings\All Users\Application Data\lxhy.exe"
"c:\documents and settings\All Users\Application Data\mucp.exe"
"c:\documents and settings\All Users\Application Data\ntfw.exe"
"c:\documents and settings\All Users\Application Data\xlqk.exe"
"c:\windows\system32\wbcache2.dll"
"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\csem.exe
c:\documents and settings\All Users\Application Data\echx.exe
c:\documents and settings\All Users\Application Data\gdie.exe
c:\documents and settings\All Users\Application Data\ikdm.exe
c:\documents and settings\All Users\Application Data\lxhy.exe
c:\documents and settings\All Users\Application Data\mucp.exe
c:\documents and settings\All Users\Application Data\ntfw.exe
c:\documents and settings\All Users\Application Data\xlqk.exe
c:\documents and settings\All Users\Uniblue
c:\documents and settings\USER\Local Settings\Application Data\ie_runner_app.exe
c:\windows\system32\wbcache2.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-07-26 to 2011-08-26 )))))))))))))))))))))))))))))))
.
.
2011-08-25 15:14 . 2004-08-04 10:00 185344 -c--a-w- c:\windows\system32\Thawbrkr.dll
2011-08-25 15:14 . 2004-08-04 10:00 185344 -c--a-w- c:\windows\system32\dllcache\thawbrkr.dll
2011-08-25 15:14 . 2004-08-04 10:00 10752 -c--a-w- c:\windows\system32\dllcache\c_iscii.dll
2011-08-25 15:14 . 2004-08-04 10:00 10752 -c--a-w- c:\windows\system32\c_iscii.dll
2011-08-25 15:14 . 2004-08-04 10:00 5632 -c--a-w- c:\windows\system32\kbdusa.dll
2011-08-25 15:14 . 2004-08-04 10:00 5632 -c--a-w- c:\windows\system32\dllcache\kbdusa.dll
2011-08-25 15:13 . 2004-08-04 10:00 6144 -c--a-w- c:\windows\system32\ftlx041e.dll
2011-08-25 15:13 . 2004-08-04 10:00 6144 -c--a-w- c:\windows\system32\dllcache\ftlx041e.dll
2011-08-14 23:12 . 2011-07-06 23:52 41272 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-14 23:12 . 2011-08-14 23:12 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-14 23:12 . 2011-07-06 23:52 22712 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-08-14 16:56 . 2008-04-14 09:41 81920 -c----w- c:\windows\system32\ieencode.dll
2011-08-14 16:55 . 2006-12-29 04:31 19569 -c--a-w- c:\windows\000001_.tmp
2011-08-14 16:41 . 2011-08-14 16:42 -------- dc----w- C:\67b57d973977e51a102a2704ef657488
2011-08-14 14:25 . 2011-08-14 14:25 -------- dc----w- c:\documents and settings\All Users\Application Data\ErrorEND
2011-08-13 03:25 . 2011-08-13 03:25 -------- dc----w- c:\program files\opinionsquare
2011-08-12 20:56 . 2011-08-12 20:56 40056 -c--a-w- c:\windows\system32\NicInst.dll
2011-08-12 20:56 . 2011-08-12 20:56 28272 -c--a-w- c:\windows\system32\NicCo2.dll
2011-08-12 20:55 . 2011-08-12 20:55 73576 -c--a-w- c:\windows\system32\drivers\LMouFlt2.Sys
2011-08-12 20:55 . 2011-08-12 20:55 26104 -c--a-w- c:\windows\system32\drivers\LHidFlt2.Sys
2011-08-12 20:55 . 2011-08-12 20:55 19968 -c--a-w- c:\windows\Logi_MwX.Exe
2011-08-12 20:44 . 2011-08-12 20:45 -------- dc----w- c:\documents and settings\Administrator
2011-08-12 19:50 . 2011-08-23 18:24 -------- dc----w- c:\program files\Uniblue
2011-08-12 19:50 . 2011-08-12 19:50 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-08-12 19:50 . 2011-08-12 19:50 -------- dc----w- c:\documents and settings\USER\Local Settings\Application Data\PackageAware
2011-08-12 19:29 . 2011-08-12 19:29 -------- dc----w- c:\documents and settings\USER\Local Settings\Application Data\Secunia PSI
2011-08-12 19:26 . 2011-08-12 19:26 -------- dc----w- c:\program files\Secunia
2011-08-11 21:57 . 2011-08-11 21:57 -------- dc----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-08-11 21:45 . 2011-08-11 21:46 -------- dc----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-08-10 12:11 . 2011-07-13 03:39 6881616 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{32E8E6BE-BE33-4F9C-8AC0-ED8CFB6ABB05}\mpengine.dll
2011-08-01 14:02 . 2010-01-01 08:00 2106216 -c--a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-08-01 14:02 . 2010-01-01 08:00 1998168 -c--a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-22 17:49 . 2011-05-14 14:04 404640 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-18 22:56 . 2010-10-16 15:47 10240 -c--a-r- c:\documents and settings\USER\Application Data\Microsoft\Installer\{92DE00D8-87E0-4ED0-A94E-AC3443828D53}\Icon92DE00D8.exe
2011-08-12 20:56 . 2006-05-11 12:58 35424 -c--a-w- c:\windows\system32\e100bmsg.dll
2011-08-12 20:56 . 2004-08-10 17:59 165496 -c--a-w- c:\windows\system32\drivers\e100b325.sys
2011-07-15 13:29 . 2006-05-11 12:57 456320 -c--a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-13 03:39 . 2009-03-31 20:45 6881616 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-07-12 15:20 . 2011-07-12 15:20 83816 -c--a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 -c--a-w- c:\windows\system32\dnssd.dll
2011-07-08 14:02 . 2004-08-10 17:51 10496 -c--a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2004-08-10 18:01 139656 -c--a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2004-08-10 17:51 916480 -c--a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2004-08-10 17:51 43520 -c----w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2004-08-10 17:51 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-10 17:51 385024 -c--a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2004-08-10 17:51 293376 -c--a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02 . 2004-08-10 17:51 1858944 -c--a-w- c:\windows\system32\win32k.sys
2011-07-08 07:16 . 2011-04-13 14:37 142296 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-25_13.58.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-25 17:04 . 2011-08-25 17:04 16384 c:\windows\Temp\Perflib_Perfdata_24c.dat
+ 2007-01-29 08:58 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe
- 2007-01-29 08:58 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
+ 2008-09-20 15:28 . 2007-04-02 18:26 19456 c:\windows\system32\dllcache\agt040d.dll
+ 2008-09-20 15:28 . 2007-04-02 18:25 19456 c:\windows\system32\dllcache\agt0401.dll
+ 2008-09-20 15:28 . 2007-04-02 18:26 19456 c:\windows\msagent\intl\agt040d.dll
+ 2008-09-20 15:28 . 2007-04-02 18:25 19456 c:\windows\msagent\intl\agt0401.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5632 c:\windows\system32\kbdvntc.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5632 c:\windows\system32\kbdurdu.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 6144 c:\windows\system32\kbdth3.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 6144 c:\windows\system32\kbdth2.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5632 c:\windows\system32\kbdth1.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5632 c:\windows\system32\kbdth0.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5632 c:\windows\system32\kbdsyr2.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5632 c:\windows\system32\kbdsyr1.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5632 c:\windows\system32\kbdintel.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5632 c:\windows\system32\kbdintam.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 6144 c:\windows\system32\kbdinpun.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5632 c:\windows\system32\kbdinmar.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5632 c:\windows\system32\kbdinkan.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5632 c:\windows\system32\kbdinhin.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5632 c:\windows\system32\kbdinguj.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5632 c:\windows\system32\kbdindev.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5632 c:\windows\system32\kbdheb.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5120 c:\windows\system32\kbdgeo.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5632 c:\windows\system32\kbdfa.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5632 c:\windows\system32\kbddiv2.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5632 c:\windows\system32\kbddiv1.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5120 c:\windows\system32\kbdarmw.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5120 c:\windows\system32\kbdarme.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5632 c:\windows\system32\kbda3.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5632 c:\windows\system32\kbda2.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5632 c:\windows\system32\kbda1.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5632 c:\windows\system32\dllcache\kbdvntc.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5632 c:\windows\system32\dllcache\kbdurdu.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 6144 c:\windows\system32\dllcache\kbdth3.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 6144 c:\windows\system32\dllcache\kbdth2.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5632 c:\windows\system32\dllcache\kbdth1.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5632 c:\windows\system32\dllcache\kbdth0.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5632 c:\windows\system32\dllcache\kbdsyr2.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5632 c:\windows\system32\dllcache\kbdsyr1.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5632 c:\windows\system32\dllcache\kbdintel.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5632 c:\windows\system32\dllcache\kbdintam.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 6144 c:\windows\system32\dllcache\kbdinpun.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5632 c:\windows\system32\dllcache\kbdinmar.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5632 c:\windows\system32\dllcache\kbdinkan.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5632 c:\windows\system32\dllcache\kbdinhin.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5632 c:\windows\system32\dllcache\kbdinguj.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5632 c:\windows\system32\dllcache\kbdindev.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5632 c:\windows\system32\dllcache\kbdheb.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5120 c:\windows\system32\dllcache\kbdgeo.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5632 c:\windows\system32\dllcache\kbdfa.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5632 c:\windows\system32\dllcache\kbddiv2.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5632 c:\windows\system32\dllcache\kbddiv1.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5120 c:\windows\system32\dllcache\kbdarmw.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5120 c:\windows\system32\dllcache\kbdarme.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5632 c:\windows\system32\dllcache\kbda3.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5632 c:\windows\system32\dllcache\kbda2.dll
+ 2004-08-10 17:40 . 2004-08-04 10:00 5632 c:\windows\system32\dllcache\kbda1.dll
+ 2004-08-10 17:57 . 2011-08-25 15:18 875944 c:\windows\system32\FNTCACHE.DAT
+ 2008-09-20 15:33 . 2009-07-31 14:05 1372672 c:\windows\system32\msxml6.dll
+ 2008-09-20 15:33 . 2009-07-31 14:05 1372672 c:\windows\system32\dllcache\msxml6.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fee90072-01ea-4444-8fca-d460fe44f920}"= "c:\program files\viraltrafficfrenzy\prxtbvir0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{fee90072-01ea-4444-8fca-d460fe44f920}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 -c--a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fee90072-01ea-4444-8fca-d460fe44f920}]
2011-01-17 14:54 175912 -c--a-w- c:\program files\viraltrafficfrenzy\prxtbvir0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{fee90072-01ea-4444-8fca-d460fe44f920}"= "c:\program files\viraltrafficfrenzy\prxtbvir0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{fee90072-01ea-4444-8fca-d460fe44f920}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FEE90072-01EA-4444-8FCA-D460FE44F920}"= "c:\program files\viraltrafficfrenzy\prxtbvir0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{fee90072-01ea-4444-8fca-d460fe44f920}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 -c--a-w- c:\documents and settings\USER\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 -c--a-w- c:\documents and settings\USER\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 -c--a-w- c:\documents and settings\USER\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 -c--a-w- c:\documents and settings\USER\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\USER\Start Menu\Programs\Startup\
MemTurbo.lnk - c:\program files\Memturbo 4\MemTurbo.exe [2009-6-13 2314752]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 16:48 58656 -c--a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2009-05-21 14:55 206064 -c--a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 10:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
2009-03-19 15:12 632048 -c--a-w- c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 -c--a-w- c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-04-06 00:19 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-04-06 00:22 94208 -c--a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 15:44 249856 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
2011-08-12 20:55 19968 -c--a-w- c:\windows\Logi_MwX.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2009-11-10 15:14 443728 -c--a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2005-04-06 00:23 114688 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-15 00:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 16:59 254696 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-08-24 09:38 247144 -c--a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 23:20 866584 -c--a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wisdom-soft ScreenHunter 5.1 Pro]
2010-05-10 16:09 5634560 -c--a-w- c:\program files\Wisdom-soft ScreenHunter 5 Pro\ScreenHunter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TiVo\\Desktop\\TiVoServer.exe"=
"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Documents and Settings\\USER\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\trademanager\\AliIM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:mad:xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:mad:xpsp2res.dll,-22016
"500:UDP"= 500:UDP:mad:xpsp2res.dll,-22017
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/29/2009 12:11 PM 685816]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/14/2011 7:12 PM 366640]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/19/2011 2:44 AM 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [4/19/2011 2:44 AM 399416]
R2 TivoBeacon2;TiVo Beacon;c:\program files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [7/11/2006 8:22 AM 857088]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/24/2010 5:38 AM 92008]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/14/2011 7:12 PM 22712]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 4:30 AM 15544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 6:53 PM 135664]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [3/15/2011 10:27 PM 183560]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [12/26/2009 11:26 AM 18560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 6:53 PM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/14/2011 7:12 PM 41272]
S3 sysid;sysid;c:\windows\system32\drivers\sysid.sys [10/7/2008 12:05 PM 6336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
terlfsc REG_MULTI_SZ TermServices
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 -c--a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 22:52]
.
2011-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 22:52]
.
2011-08-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
2011-08-26 c:\windows\Tasks\User_Feed_Synchronization-{A17FAAF1-5649-488B-A8D5-E1386C59E2C5}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.optimum.net/Home
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {{086FBB95-507D-4b52-AEBF-A18347065FBC} - {765D7625-CF96-401D-81DB-B0DD61106D0D} -
TCP: DhcpNameServer = 192.168.1.1
DPF: {EAEFAD15-8753-45EF-94B0-1BAA7970CC21} - hxxp://192.168.0.253/MpegInst.cab
DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} - hxxp://192.168.0.253/JpegInst.cab
FF - ProfilePath - c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\xl6bzh0y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT383545&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - rtnews Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.optimum.net/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=OCYTDF&PC=OCDY&q=
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-Upromise Tray - c:\program files\Upromise\UpromiseTray.exe
MSConfigStartUp-Upromise Update - c:\program files\Upromise\dca-ua.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-25 21:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-08-25 21:59:08
ComboFix-quarantined-files.txt 2011-08-26 01:59
ComboFix2.txt 2011-08-25 14:08
.
Pre-Run: 8,986,615,808 bytes free
Post-Run: 9,180,082,176 bytes free
.
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - A6DC35FB239CD6D085D02731AB24FE12
 
How is redirection?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Looking MUCH better today THANK YOU...no more redirection from Google searches and I did not have to reboot at all today...I also noticed that the the RAM tool I have, Memturbo never fell below 75% available RAM when I would ALWAYS wind up less than 50% whenever I even looked at the computer for too long :)
Here are the OTL and Extras logs:
OTL logfile created on: 8/25/2011 10:19:59 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\USER\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 70.37% Memory free
4.85 Gb Paging File | 4.49 Gb Available in Paging File | 92.61% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.71 Gb Total Space | 8.57 Gb Free Space | 16.26% Space Free | Partition Type: NTFS
Drive D: | 18.50 Gb Total Space | 8.59 Gb Free Space | 46.43% Space Free | Partition Type: NTFS
Drive E: | 561.05 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 982.13 Mb Total Space | 434.17 Mb Free Space | 44.21% Space Free | Partition Type: FAT

Computer Name: OFFICE | User Name: USER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/25 22:18:44 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\USER\Desktop\OTL.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/04/19 02:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/03/15 15:56:18 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/08/24 05:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/11/10 10:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2006/07/11 08:22:40 | 000,857,088 | ---- | M] (TiVo Inc.) -- C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe


========== Modules (No Company Name) ==========

MOD - [2010/02/05 14:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/13 20:12:03 | 000,386,048 | ---- | M] () -- C:\WINDOWS\system32\qdvd.dll
MOD - [2008/04/13 20:12:03 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\qcap.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/06/08 09:07:10 | 000,087,808 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/04/19 02:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/03/15 22:27:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/15 15:56:18 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/08/24 05:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/11/10 10:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2009/07/30 17:19:45 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/03/06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/07/11 08:22:40 | 000,857,088 | ---- | M] (TiVo Inc.) [Auto | Running] -- C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe -- (TivoBeacon2)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/08/12 16:55:51 | 000,073,576 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2011/08/12 16:55:51 | 000,026,104 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/11/10 10:27:06 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2009/07/29 12:11:06 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/10/07 12:05:01 | 000,006,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sysid.sys -- (sysid)
DRV - [2008/05/21 12:26:40 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/08/06 20:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/08/01 17:47:26 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/18 03:00:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/10/18 03:00:00 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/05/11 09:22:28 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/09/08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/09/17 15:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2110085197-3623661637-2055784002-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2110085197-3623661637-2055784002-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKU\S-1-5-21-2110085197-3623661637-2055784002-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-2110085197-3623661637-2055784002-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.optimum.net/Home
IE - HKU\S-1-5-21-2110085197-3623661637-2055784002-1006\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2110085197-3623661637-2055784002-1006\..\URLSearchHook: {fee90072-01ea-4444-8fca-d460fe44f920} - C:\Program Files\viraltrafficfrenzy\prxtbvir0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2110085197-3623661637-2055784002-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2110085197-3623661637-2055784002-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: "rtnews Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT383545&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "rtnews Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.optimum.net/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {9e06d377-8c36-46df-9e57-0f6f3f5ee23e}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=OCYTDF&PC=OCDY&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.2: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2010/06/16 09:51:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/01 10:02:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/28 07:45:52 | 000,000,000 | ---D | M]

[2010/04/17 11:09:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Extensions
[2010/04/17 11:09:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Extensions\home2@tomtom.com
[2011/08/25 21:26:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xl6bzh0y.default\extensions
[2010/07/11 13:59:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xl6bzh0y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/01 10:47:12 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xl6bzh0y.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/08/01 10:03:30 | 000,000,000 | ---D | M] (Coupons.com Community Toolbar) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xl6bzh0y.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}
[2011/08/02 12:20:38 | 000,000,000 | ---D | M] (rtnews Community Toolbar) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xl6bzh0y.default\extensions\{9d6b51ce-25c0-461c-893e-ff0ef332745c}
[2010/06/30 11:55:34 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xl6bzh0y.default\searchplugins\bing.xml
[2011/07/31 19:18:16 | 000,000,913 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xl6bzh0y.default\searchplugins\conduit.xml
[2011/08/01 10:02:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/19 09:11:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/23 07:48:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/18 08:10:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/21 09:23:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/01 09:33:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/08 08:24:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/07/08 03:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/16 10:46:33 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/04/16 10:46:33 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol500.dll
[2011/03/18 13:33:21 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 13:33:22 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2009/05/16 16:55:54 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\mozilla firefox\plugins\nppopcaploader.dll
[2010/09/13 05:37:24 | 000,112,024 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npww.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/25 21:53:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (eBay Toolbar Helper) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\Epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (viraltrafficfrenzy Toolbar) - {fee90072-01ea-4444-8fca-d460fe44f920} - C:\Program Files\viraltrafficfrenzy\prxtbvir0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (eBay Toolbar) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\Epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (viraltrafficfrenzy Toolbar) - {fee90072-01ea-4444-8fca-d460fe44f920} - C:\Program Files\viraltrafficfrenzy\prxtbvir0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2110085197-3623661637-2055784002-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2110085197-3623661637-2055784002-1006\..\Toolbar\WebBrowser: (no name) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - No CLSID value found.
O3 - HKU\S-1-5-21-2110085197-3623661637-2055784002-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2110085197-3623661637-2055784002-1006\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2110085197-3623661637-2055784002-1006\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-2110085197-3623661637-2055784002-1006\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\Epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-2110085197-3623661637-2055784002-1006\..\Toolbar\WebBrowser: (viraltrafficfrenzy Toolbar) - {FEE90072-01EA-4444-8FCA-D460FE44F920} - C:\Program Files\viraltrafficfrenzy\prxtbvir0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\USER\Start Menu\Programs\Startup\MemTurbo.lnk = C:\Program Files\Memturbo 4\MemTurbo.exe (SoftwareOnline.com, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2110085197-3623661637-2055784002-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2110085197-3623661637-2055784002-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2110085197-3623661637-2055784002-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-2110085197-3623661637-2055784002-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2110085197-3623661637-2055784002-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: eBay Search - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: i5 Browser Button - {086FBB95-507D-4b52-AEBF-A18347065FBC} - Reg Error: Value error. File not found
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} http://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab (ScrabbleCubes Control)
O16 - DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} http://www.worldwinner.com/games/v54/zengems/zengems.cab (ZenGems Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://mypoints.worldwinner.com/games/v47/shared/FunGamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://cabinetstogo.2020.net/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinner.com/games/v50/tpir/tpir.cab (TPIR Control)
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab (DownloadManager Control)
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} http://www.worldwinner.com/games/v48/brickout/brickout.cab (Brickout Control)
O16 - DPF: {2E062718-4B2D-4926-9E31-36ECB6F4F273} http://www.worldwinner.com/games/v46/nhltrivia/nhltrivia.cab (Slapshot Hockey Trivia Control)
O16 - DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} http://192.168.1.253/JpegInst.cab (pmjpegaudio Class)
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} http://www.worldwinner.com/games/v50/pool/pool.cab (Pool Control)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo1.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} http://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab (Bejeweled Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1150053432265 (WUWebControl Class)
O16 - DPF: {64CD313F-F079-4D93-959F-4D28B5519449} http://www.worldwinner.com/games/v50/jeopardy/jeopardy.cab (Jeopardy Control)
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} http://www.worldwinner.com/games/v41/freecell/freecell.cab (FreeCell Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} https://chat1.j2.com/Media/Visitorchat/TLIEFlash.CAB (TLIEFlashObj Class)
O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} http://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab (BejeweledTwist Control)
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} http://www.worldwinner.com/games/v57/cubis/cubis.cab (Cubis Control)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinner.com/games/v57/wof/wof.cab (WoF Control)
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} http://www.worldwinner.com/games/v49/luxor/luxor.cab (WwLuxor Control)
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} http://www.worldwinner.com/games/v67/swapit/swapit.cab (SwapIt Control)
O16 - DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} http://www.worldwinner.com/games/v45/monopoly/monopoly.cab (Monopoly Control)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} http://www.worldwinner.com/games/v43/paint/paint.cab (Paint Control)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab (FamilyFeud Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: {EAEFAD15-8753-45EF-94B0-1BAA7970CC21} http://192.168.0.253/MpegInst.cab (pmpeg4cam Class)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5220/mcfscan.cab (McFreeScan Class)
O16 - DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} http://192.168.0.253/JpegInst.cab (pmjpegcam Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/04 16:07:24 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1997/08/06 12:21:00 | 000,000,054 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.G7xx - G7xxCodec.acm File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - HisiDVFW.dll File not found
Drivers32: vidc.HISI - HisiDVFW.dll File not found
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - HisiDVFW.dll File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/25 22:18:43 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\USER\Desktop\OTL.exe
[2011/08/25 09:40:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/25 09:36:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/25 09:36:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/25 09:36:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/25 09:36:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/25 09:18:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/25 09:16:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/25 08:58:46 | 004,183,754 | R--- | C] (Swearware) -- C:\Documents and Settings\USER\Desktop\ComboFix.exe
[2011/08/24 23:34:39 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\USER\Desktop\aswMBR.exe
[2011/08/24 23:05:52 | 001,406,768 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\USER\Desktop\tdsskiller.exe
[2011/08/24 17:27:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/08/24 15:55:42 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\USER\Desktop\dds.scr
[2011/08/14 19:12:29 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/14 19:12:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/14 19:12:22 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/14 19:12:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/14 14:46:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/08/14 12:41:01 | 000,000,000 | ---D | C] -- C:\67b57d973977e51a102a2704ef657488
[2011/08/14 10:25:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ErrorEND
[2011/08/12 23:25:42 | 000,000,000 | ---D | C] -- C:\Program Files\opinionsquare
[2011/08/12 15:50:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/08/12 15:50:57 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2011/08/12 15:50:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Local Settings\Application Data\PackageAware
[2011/08/12 15:29:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Local Settings\Application Data\Secunia PSI
[2011/08/12 15:26:58 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/08/12 12:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2011/08/12 10:09:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/08/12 10:09:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/08/11 17:57:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/08/11 17:45:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/08/11 17:45:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/08/11 11:34:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/08/11 11:34:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2008/03/28 15:27:14 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\USER\Application Data\pcouffin.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/25 22:24:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A17FAAF1-5649-488B-A8D5-E1386C59E2C5}.job
[2011/08/25 22:18:44 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\USER\Desktop\OTL.exe
[2011/08/25 21:53:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/08/25 21:40:36 | 004,183,754 | R--- | M] (Swearware) -- C:\Documents and Settings\USER\Desktop\ComboFix.exe
[2011/08/25 21:39:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/25 13:04:23 | 000,000,678 | ---- | M] () -- C:\Documents and Settings\USER\Start Menu\Programs\Startup\MemTurbo.lnk
[2011/08/25 13:04:13 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/25 13:04:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/25 11:18:36 | 000,875,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/25 09:40:13 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/08/25 09:34:30 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/08/25 08:54:24 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\MBR.dat
[2011/08/24 23:35:17 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\USER\Desktop\aswMBR.exe
[2011/08/24 23:28:23 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\RKUnhookerLE.EXE
[2011/08/24 23:06:02 | 001,406,768 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\USER\Desktop\tdsskiller.exe
[2011/08/24 21:50:28 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/24 15:55:47 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\USER\Desktop\dds.scr
[2011/08/24 15:41:46 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2011/08/24 15:36:47 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\Microsoft Word.lnk
[2011/08/24 15:31:40 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\pjp1vjsv.exe
[2011/08/23 14:31:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/22 07:51:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/18 18:59:37 | 000,000,163 | ---- | M] () -- C:\WINDOWS\ScreenHunter.INI
[2011/08/18 18:56:43 | 000,002,361 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\ScreenHunter 5.1 Pro.lnk
[2011/08/15 00:38:27 | 000,000,058 | -H-- | M] () -- C:\WINDOWS\popcreg.dat
[2011/08/15 00:38:27 | 000,000,044 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2011/08/14 19:12:30 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/14 15:16:46 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/08/14 14:56:43 | 000,014,770 | -HS- | M] () -- C:\Documents and Settings\USER\Local Settings\Application Data\8t4845xs1s51e3f64021x07j28d27ls1ytja
[2011/08/14 14:56:43 | 000,014,770 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\8t4845xs1s51e3f64021x07j28d27ls1ytja
[2011/08/14 14:50:21 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/08/14 14:45:03 | 000,487,922 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/14 14:45:03 | 000,082,546 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/14 13:04:14 | 000,002,833 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011/08/14 13:01:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/13 15:34:22 | 000,014,480 | -HS- | M] () -- C:\Documents and Settings\USER\Local Settings\Application Data\v528oxe2480s33lio720x04eb6dr
[2011/08/13 15:34:22 | 000,014,480 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\v528oxe2480s33lio720x04eb6dr
[2011/08/12 16:56:37 | 000,005,590 | ---- | M] () -- C:\WINDOWS\System32\e100b325.din
[2011/08/11 12:12:43 | 000,000,275 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\Shortcut to iExplore.lnk
[2011/08/04 09:15:16 | 000,000,036 | -H-- | M] () -- C:\WINDOWS\System32\f9t.dat
[2011/08/01 10:02:16 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/01 10:02:16 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/07/31 19:40:42 | 000,942,592 | ---- | M] () -- C:\Documents and Settings\USER\My Documents\Pam Thank you 40th.not
[2011/07/31 18:25:56 | 001,915,392 | ---- | M] () -- C:\Documents and Settings\USER\My Documents\Network Camera_20110731182522.Avi
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/25 09:40:12 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/08/25 09:40:09 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/08/25 09:36:39 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/25 09:36:39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/25 09:36:39 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/25 09:36:39 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/25 09:36:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/25 08:54:24 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\USER\Desktop\MBR.dat
[2011/08/24 23:28:22 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\USER\Desktop\RKUnhookerLE.EXE
[2011/08/24 15:31:37 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\USER\Desktop\pjp1vjsv.exe
[2011/08/24 10:51:19 | 000,000,678 | ---- | C] () -- C:\Documents and Settings\USER\Start Menu\Programs\Startup\MemTurbo.lnk
[2011/08/14 19:12:30 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/14 12:57:10 | 000,002,833 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011/08/13 16:37:34 | 000,000,420 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A17FAAF1-5649-488B-A8D5-E1386C59E2C5}.job
[2011/08/12 16:02:40 | 000,014,480 | -HS- | C] () -- C:\Documents and Settings\USER\Local Settings\Application Data\v528oxe2480s33lio720x04eb6dr
[2011/08/12 16:02:40 | 000,014,480 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\v528oxe2480s33lio720x04eb6dr
[2011/08/12 15:28:22 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2011/08/11 13:14:43 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/11 12:12:43 | 000,000,275 | ---- | C] () -- C:\Documents and Settings\USER\Desktop\Shortcut to iExplore.lnk
[2011/08/11 11:22:33 | 000,014,770 | -HS- | C] () -- C:\Documents and Settings\USER\Local Settings\Application Data\8t4845xs1s51e3f64021x07j28d27ls1ytja
[2011/08/11 11:22:33 | 000,014,770 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8t4845xs1s51e3f64021x07j28d27ls1ytja
[2011/07/31 19:28:37 | 000,942,592 | ---- | C] () -- C:\Documents and Settings\USER\My Documents\Pam Thank you 40th.not
[2011/07/31 18:25:26 | 001,915,392 | ---- | C] () -- C:\Documents and Settings\USER\My Documents\Network Camera_20110731182522.Avi
[2011/06/18 10:49:16 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\USER\Application Data\PFP120JPR.{PB
[2011/06/18 10:49:16 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\USER\Application Data\PFP120JCM.{PB
[2010/12/01 09:49:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2010/11/19 12:02:05 | 000,000,013 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ÄÐ3113.sys
[2010/11/19 11:42:26 | 000,000,083 | ---- | C] () -- C:\WINDOWS\forminfo.ini
[2010/10/16 11:50:58 | 000,000,163 | ---- | C] () -- C:\WINDOWS\ScreenHunter.INI
[2010/10/07 14:01:59 | 000,000,058 | -H-- | C] () -- C:\WINDOWS\popcreg.dat
[2010/10/07 14:01:59 | 000,000,044 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/09/13 13:52:38 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\OctaneARM.dll
[2010/07/17 15:51:51 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\IPCamera.exe
[2010/04/09 15:34:55 | 000,197,028 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/08 13:12:29 | 000,009,483 | ---- | C] () -- C:\WINDOWS\extend.dat
[2010/01/14 14:09:37 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\ptj.exe
[2010/01/14 14:09:35 | 004,369,408 | ---- | C] () -- C:\WINDOWS\System32\pdftk.exe
[2010/01/12 22:41:18 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\USER\Local Settings\Application Data\FASTWiz.html
[2009/12/26 11:25:18 | 000,000,110 | ---- | C] () -- C:\WINDOWS\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
[2009/10/18 11:56:00 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/08/06 15:02:16 | 000,003,315 | ---- | C] () -- C:\Documents and Settings\USER\Application Data\SAS7_000.DAT
[2009/02/27 23:38:04 | 000,000,085 | ---- | C] () -- C:\WINDOWS\aebconfig.ini
[2008/12/18 18:55:52 | 001,163,504 | ---- | C] () -- C:\WINDOWS\System32\SSCProt.dll
[2008/10/07 12:05:01 | 000,006,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\sysid.sys
[2008/04/28 18:10:13 | 000,036,363 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2008/04/20 23:16:36 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/03/28 15:27:27 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll
[2008/03/28 15:27:14 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\USER\Application Data\ezpinst.exe
[2008/03/28 15:27:14 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\USER\Application Data\pcouffin.cat
[2008/03/28 15:27:14 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\USER\Application Data\pcouffin.inf
[2008/03/04 18:52:34 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2007/11/16 23:51:32 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\f9t.dat
[2007/10/31 09:39:54 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/06/19 09:52:51 | 000,087,808 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/05/17 13:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2007/05/09 09:42:32 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\USER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/07 19:18:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\audio.INI
[2007/04/26 16:52:30 | 000,000,414 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2007/04/26 16:52:23 | 000,000,173 | ---- | C] () -- C:\WINDOWS\srlink.ini
[2007/04/26 16:52:23 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\sx96.ini
[2007/03/30 19:25:55 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/03/30 19:25:54 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007/03/30 19:25:54 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2007/03/30 19:25:54 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007/03/30 19:25:54 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2007/03/30 19:25:54 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2007/03/30 19:25:54 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2007/03/30 19:25:54 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2007/03/30 19:25:54 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2007/03/30 19:25:54 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2007/03/30 19:25:54 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2007/03/30 19:25:54 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2007/03/30 19:25:54 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2007/03/30 19:25:54 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2007/03/30 19:25:54 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2007/03/30 19:25:54 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2007/03/30 19:24:47 | 000,000,083 | ---- | C] () -- C:\WINDOWS\EPSPR260.ini
[2007/03/06 13:58:42 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\mp4spvd.dll
[2007/01/20 19:33:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2006/10/07 10:41:05 | 000,196,608 | R--- | C] () -- C:\WINDOWS\System32\HPBVNSTP.dll
[2006/10/07 10:41:05 | 000,000,209 | R--- | C] () -- C:\WINDOWS\System32\HPBVNSTP.dat
[2006/09/02 15:10:56 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/08/20 19:05:49 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\USER\Application Data\dvd.bmk
[2006/08/09 21:56:48 | 000,000,649 | ---- | C] () -- C:\WINDOWS\hpstatusx.ini
[2006/08/09 21:50:03 | 000,008,717 | ---- | C] () -- C:\WINDOWS\hplj1500.ini
[2006/07/19 18:25:45 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2006/06/16 09:16:05 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/06/16 09:16:05 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\77195D51F7.sys
[2006/06/12 18:44:36 | 000,000,274 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2006/06/12 18:16:37 | 000,000,372 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2006/06/12 17:49:37 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/06/11 20:40:03 | 000,040,711 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/06/11 19:19:44 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/06/11 14:05:25 | 000,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/11 12:13:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2006/06/11 10:07:13 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\USER\Local Settings\Application Data\fusioncache.dat
[2006/05/11 09:39:41 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/11 09:36:30 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/05/11 09:31:11 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/05/11 09:28:32 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/05/11 09:21:23 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/05/11 08:58:54 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/05/11 08:58:30 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 09:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 14:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:52 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:57:15 | 000,875,944 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:51:20 | 000,487,922 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 13:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 13:51:20 | 000,082,546 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 13:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 13:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 13:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 13:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 13:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 13:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 13:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 13:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/04/16 00:00:00 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2003/01/30 08:04:00 | 000,618,496 | ---- | C] () -- C:\WINDOWS\System32\StlpMt45.dll
[2002/03/16 20:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000079.DLL
[2001/05/19 02:46:17 | 000,282,112 | ---- | C] () -- C:\WINDOWS\System32\Cncs232.dll
[1997/07/11 00:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
[1997/07/11 00:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\XLREC.DLL
[1997/07/11 00:00:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\RECNCL.DLL
[1997/07/11 00:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/07/11 00:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 00:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2011/08/12 16:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Uniblue
[2011/06/16 09:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Banner Maker Pro 7
[2006/06/11 12:10:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2006/06/11 12:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2010/07/19 14:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVDXStudio
[2009/10/05 13:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2007/03/30 19:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/08/14 10:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ErrorEND
[2008/10/28 13:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FunGames
[2010/06/28 11:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoodSync
[2007/01/20 19:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2010/03/05 15:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2009/12/26 11:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2011/07/20 12:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2006/11/27 21:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2009/08/06 11:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/04/14 13:18:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nova Development
[2009/05/16 16:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2011/08/14 22:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/07/19 10:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/11/17 09:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2010/07/19 14:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/04/28 17:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2008/04/28 17:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2008/01/31 19:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/11/19 13:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/07/19 14:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/17 11:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/04/14 14:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2007/12/18 19:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/07/14 23:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2011/04/13 10:57:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3B110E2F-4A35-4D0E-98E2-CF2668A86D50}
[2011/08/12 15:50:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2010/05/27 10:13:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/17 17:05:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/13 22:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/04/13 10:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{C243CCC8-5474-45FC-A546-7FBC284A692E}
[2006/08/28 20:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Acoustica
[2006/07/15 18:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Canon
[2011/04/16 10:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Catalina Marketing Corp
[2010/11/19 12:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\CoffeeCup Software
[2010/02/08 15:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\com.desktoplightning.airapp.E46A8636380668D0309964F39136B84A726B34C4.1
[2011/07/22 21:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Dropbox
[2010/09/29 12:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\DVDVideoSoft
[2009/10/07 08:40:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\eBay
[2006/08/01 16:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\eFax Messenger
[2011/02/17 14:02:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\GetRightToGo
[2010/11/14 13:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\GoodSync
[2007/01/20 19:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\HotSync
[2009/11/11 09:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\IObit
[2007/08/13 18:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\iWin
[2006/06/11 12:42:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Leadertech
[2011/08/25 21:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\MP3Rocket
[2010/05/04 16:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\muvee Technologies
[2010/07/19 14:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\NCH Swift Sound
[2009/04/28 12:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\OfficeUpdate12
[2010/04/12 12:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\OpenCandy
[2010/02/11 11:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\OpenOffice.org
[2008/06/22 15:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Opera
[2006/06/12 17:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\ScanSoft
[2009/04/13 16:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Snapfish
[2011/04/13 11:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Stamps.com Internet Postage
[2007/12/27 15:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\TomTom
[2007/05/09 19:43:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Ulead Systems
[2011/08/14 18:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\uTorrent
[2007/12/18 19:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Viewpoint
[2010/07/19 14:49:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Vso
[2011/08/14 15:16:46 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/08/25 22:24:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A17FAAF1-5649-488B-A8D5-E1386C59E2C5}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/07/13 09:33:25 | 000,003,151 | ---- | M] () -- C:\additdiag.txt
[2010/05/04 16:07:24 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/08/25 09:34:30 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/08/25 09:40:13 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/08/25 21:59:09 | 000,029,233 | ---- | M] () -- C:\ComboFix.txt
[2004/08/10 14:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/10/11 19:39:33 | 000,000,081 | ---- | M] () -- C:\CTX.DAT
[2006/05/11 09:03:18 | 000,005,118 | RH-- | M] () -- C:\dell.sdr
[2008/11/09 01:39:28 | 000,003,485 | ---- | M] () -- C:\DTLog.txt
[2007/07/09 22:31:44 | 000,004,908 | -H-- | M] () -- C:\ffastun.ffa
[2007/07/09 22:31:44 | 001,286,144 | -H-- | M] () -- C:\ffastun.ffl
[2007/07/09 22:31:44 | 002,007,040 | -H-- | M] () -- C:\ffastun.ffo
[2007/07/09 22:31:44 | 002,519,040 | -H-- | M] () -- C:\ffastun0.ffx
[2007/07/10 11:54:48 | 001,286,144 | ---- | M] () -- C:\ffastunT.ffl
[2006/06/11 10:04:26 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/10 14:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2006/05/11 09:22:51 | 000,000,829 | -H-- | M] () -- C:\IPH.PH
[2008/10/06 22:01:08 | 000,176,857 | ---- | M] () -- C:\logfile
[2004/08/10 14:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/11/01 00:09:17 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/08/25 13:04:01 | 3215,982,592 | -HS- | M] () -- C:\pagefile.sys
[2011/08/22 10:24:58 | 000,000,442 | ---- | M] () -- C:\rkill.log
[2007/11/17 01:21:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2007/11/23 01:57:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2007/11/30 14:51:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2007/12/02 22:42:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2007/12/08 01:00:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2007/12/15 16:05:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2007/12/17 01:49:38 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2007/12/19 01:51:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2007/12/20 01:56:39 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2007/12/20 18:32:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2008/01/05 20:31:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2008/01/07 20:02:55 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2008/01/08 15:57:13 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2008/01/11 01:00:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2008/01/14 00:27:55 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2008/01/14 20:12:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2008/01/16 09:36:07 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2008/01/16 21:42:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2008/01/19 13:47:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2008/01/22 09:52:55 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2007/11/17 01:21:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2007/11/23 01:57:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2007/11/30 14:51:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2007/12/02 22:42:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2007/12/08 01:00:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2007/12/15 16:05:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2007/12/17 01:49:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2007/12/19 01:51:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2007/12/20 01:56:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2007/12/20 18:32:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2008/01/05 20:31:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2008/01/07 20:02:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2008/01/08 15:57:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2008/01/11 01:00:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2008/01/14 00:27:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2008/01/14 20:12:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2008/01/16 09:36:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2008/01/16 21:42:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2008/01/19 13:47:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2008/01/22 09:52:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2006/05/11 09:23:02 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2011/08/24 23:07:41 | 000,054,508 | ---- | M] () -- C:\TDSSKiller.2.5.17.0_24.08.2011_23.06.37_log.txt
[2006/09/13 06:45:18 | 000,004,096 | -HS- | M] () -- C:\VSNAP.IDX
[2006/07/01 14:14:56 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/10 14:03:42 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2010/02/15 11:46:27 | 000,001,754 | -H-- | M] () -- C:\Documents and Settings\USER\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/10 13:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/08/10 13:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/08/10 13:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >
[2009/05/13 09:03:18 | 000,000,000 | ---D | M] -- C:\Program Files\IObit\Advanced SystemCare 3\Bak

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2005/06/09 12:33:42 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\3 Months Free NetZero.exe
[2011/08/14 12:56:50 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006/06/10 13:33:06 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\USER\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/08/10 14:08:38 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2009/02/27 23:37:16 | 002,251,953 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\aeb422a.exe
[2006/07/07 19:20:26 | 000,631,496 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\ampx_2_6_1_11_en.exe
[2011/08/24 23:35:17 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\USER\Desktop\aswMBR.exe
[2011/08/25 21:40:36 | 004,183,754 | R--- | M] (Swearware) -- C:\Documents and Settings\USER\Desktop\ComboFix.exe
[2008/02/12 11:03:05 | 001,248,592 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\CouponPrinter.exe
[2006/08/01 22:13:48 | 013,130,032 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\USER\Desktop\IE7BETA3-WindowsXP-x86-enu.exe
[2008/07/23 00:06:36 | 001,495,112 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\USER\Desktop\install_flash_player.exe
[2006/08/01 16:53:03 | 003,838,056 | ---- | M] (j2 Global Communications, Inc.) -- C:\Documents and Settings\USER\Desktop\msgrplus.exe
[2011/08/25 22:18:44 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\USER\Desktop\OTL.exe
[2011/08/24 15:31:40 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\pjp1vjsv.exe
[2011/08/24 23:28:23 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\RKUnhookerLE.EXE
[2011/08/24 23:06:02 | 001,406,768 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\USER\Desktop\tdsskiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2006/07/19 19:39:16 | 000,557,056 | ---- | M] (Citrix Online) -- C:\Documents and Settings\USER\chatlnk.exe
[2006/07/02 23:12:03 | 003,167,744 | ---- | M] (Citrix Online) -- C:\Documents and Settings\USER\gosetup.exe

< %systemroot%\ADDINS\*.* >
[2004/08/04 06:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2006/06/10 13:33:04 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\USER\Favorites\Desktop.ini
[2009/01/08 16:13:38 | 000,000,400 | ---- | M] () -- C:\Documents and Settings\USER\Favorites\My TiVo.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
No captured output from command...

< dir /b "%systemroot%\*.exe" | find /i " " /c >
No captured output from command...

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/11/10 10:15:51 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\USER\Cookies\desktop.ini
[2011/08/25 22:02:16 | 001,638,400 | ---- | M] () -- C:\Documents and Settings\USER\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2004/09/15 13:27:54 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 02:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 02:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 02:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 02:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 02:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 02:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 02:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F4CE9946

< End of report >
 
OTL Extras logfile created on: 8/25/2011 10:19:59 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\USER\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 70.37% Memory free
4.85 Gb Paging File | 4.49 Gb Available in Paging File | 92.61% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.71 Gb Total Space | 8.57 Gb Free Space | 16.26% Space Free | Partition Type: NTFS
Drive D: | 18.50 Gb Total Space | 8.59 Gb Free Space | 46.43% Space Free | Partition Type: NTFS
Drive E: | 561.05 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 982.13 Mb Total Space | 434.17 Mb Free Space | 44.21% Space Free | Partition Type: FAT

Computer Name: OFFICE | User Name: USER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"1723:TCP" = 1723:TCP:*:Enabled:mad:xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:mad:xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:mad:xpsp2res.dll,-22017

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabled:mad:xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:mad:xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:mad:xpsp2res.dll,-22017

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\TiVo\Desktop\TiVoServer.exe" = C:\Program Files\TiVo\Desktop\TiVoServer.exe:*:Enabled:TiVo Server -- (TiVo Inc.)
"C:\Program Files\Java\jre1.6.0_01\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_01\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\USER\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\USER\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\trademanager\AliIM.exe" = C:\Program Files\trademanager\AliIM.exe:*:Enabled:AliIM -- (Alibaba software (Shanghai) Corporation.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00170409-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000 SR-1
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{15D9EB74-998E-4A04-B468-51C2E7B32182}" = Microsoft Picture It! Publishing 2001
"{16FD907B-FA72-4F3C-B959-E076C8238F80}" = Napster Label Creator
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel(R) PROSet for Wired Connections
"{189EBD65-3177-477C-87FC-8EB758BEFEFD}" = camerasoft
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23B72D50-1C7E-491C-8086-9E060051D316}" = Manual CanoScan LiDE 60
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{27D0C7AB-59F1-4D4D-A0BB-05A31AC919EA}" = Windows XP Winter Fun Pack Screensavers
"{2A304FDE-F4E3-446D-AA0D-31425C897B71}" = PrintMaster 12
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB5FD00-BB93-4AF3-B925-77DAA0E4E2F4}" = eBay Toolbar Featuring Yahoo!
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4613D63D-52C3-4BC5-BB65-622A801997E2}" = Plan3D
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
"{4E839090-3B68-436A-B3CF-A2A08C38DD26}" = TiVo Desktop
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10
"{66349B1A-A8CB-4DBF-8643-FEBE86F8AF16}" = Dragon NaturallySpeaking 5.0
"{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{73F80A0C-11B2-4BB2-A9F9-0F14ECF39980}" = Bing Bar
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}" = LeapFrog Connect
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{7F652F66-2C9D-4E41-9B2C-62F60E5C0BE2}" = The Classified Connection Demo
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8B0527BE-427B-459B-93B1-D30ED8CB4F93}" = Network Camera Recorder
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8E7A41FE-5026-4224-9D7E-2DA3F0B41270}" = FloorPlan 3D v11
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92DE00D8-87E0-4ED0-A94E-AC3443828D53}" = Wisdom-soft ScreenHunter 5.1 Pro
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A005B38F-D5AB-4E35-93DD-9886E449FAF1}" = Palm
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
"{B702CCCE-3176-4DBF-B932-D1B8F402F330}" = Digital Content Portal
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = Canon CanoScan Toolbox 4.9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D00C9584-FD5D-4546-BD82-144E13233121}" = Adzilla Pro
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D9DE9E03-71CA-423B-B101-57F13A751003}" = LeapFrog Tag Junior Plugin
"{DAD4DE93-9438-4823-AE5E-93A1BE846FE0}" = Stamps.com Application Support for Microsoft Word 2000-2010
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8D0829C-9C6F-11D3-8080-00C04FA329AA}" = Microsoft Works 6.0
"{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}" = Works Suite OS Pack
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"Acoustica MP3 CD Burner" = Acoustica MP3 CD Burner
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AI RoboForm" = AI RoboForm (All Users)
"Banner Maker Pro 7_is1" = Banner Maker Pro Version 7
"Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe
"Bejeweled Blitz" = Bejeweled Blitz
"CoffeeCup Ad Producer" = CoffeeCup Ad Producer
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"conduitEngine" = Conduit Engine
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"eDATA Unerase" = eDATA Unerase
"EPSON Printer and Utilities" = EPSON Printer Software
"Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 3.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IP Camera" = IP Camera
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"MainApp.exe_is1" = CloneDVD 4.3.0.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Memturbo (TM) 4_is1" = Memturbo (TM) 4
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 5.0.1 (x86 en-US)" = Mozilla Firefox 5.0.1 (x86 en-US)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OE-Mail Recovery_is1" = OE-Mail Recovery 1.7
"office Convert Pdf to Document Free_is1" = office Convert Pdf to Document Free 5.0
"Office8.0" = Microsoft Office 97, Professional Edition
"Photo Frame Maker_is1" = Photo Frame Maker 2.8
"Plan3D" = Plan3D
"PopCap Browser Plugin" = PopCap Browser Plugin
"PowerISO" = PowerISO
"PrintMaster Gold 3.00" = PrintMaster Gold 3.00
"Product_Name" = Total Fonts 2002
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer Basic
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"Shockwave" = Shockwave
"Stamps.com" = Stamps.com
"Stamps.com support for Microsoft Word 2000-2010" = Stamps.com support for Microsoft Word 2000-2010
"TagJuniorPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin)
"TomTom HOME" = TomTom HOME 2.7.6.2056
"TradeManager 2010 Beta1" = TradeManager 2010 Beta1
"Uninstall_is1" = Uninstall 1.0.0.1
"UPCShell" = LeapFrog Connect
"Userlytics Studio" = Userlytics Studio
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"viraltrafficfrenzy Toolbar" = viraltrafficfrenzy Toolbar
"VLC media player" = VLC media player 1.1.0
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Winamp" = Winamp
"WinAVI Video Converter_is1" = WinAVI Video Converter
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Works2001Setup" = Microsoft Works 2001 Setup Launcher
"Yahoo! Messenger" = Yahoo! Messenger
"Zero Assumption Digital Image Recovery_is1" = Zero Assumption Digital Image Recovery 1.2
"Zero Assumption Recovery_is1" = Zero Assumption Recovery Version 8.5

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2110085197-3623661637-2055784002-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/25/2011 9:57:16 AM | Computer Name = OFFICE | Source = MSDTC | ID = 4163
Description = MS DTC log file not found. After ensuring that all Resource Managers
coordinated by MS DTC have no indoubt transactions, please run msdtc -resetlog
to create the log fil

Error - 8/25/2011 9:57:16 AM | Computer Name = OFFICE | Source = MSDTC | ID = 4185
Description = MS DTC Transaction Manager start failed. LogInit returned error 0x

Error - 8/25/2011 9:57:16 AM | Computer Name = OFFICE | Source = MSDTC | ID = 4112
Description = Could not start the MS DTC Transaction Manage

Error - 8/25/2011 11:18:48 AM | Computer Name = OFFICE | Source = MSDTC | ID = 4163
Description = MS DTC log file not found. After ensuring that all Resource Managers
coordinated by MS DTC have no indoubt transactions, please run msdtc -resetlog
to create the log fil

Error - 8/25/2011 11:18:48 AM | Computer Name = OFFICE | Source = MSDTC | ID = 4185
Description = MS DTC Transaction Manager start failed. LogInit returned error 0x

Error - 8/25/2011 11:18:48 AM | Computer Name = OFFICE | Source = MSDTC | ID = 4112
Description = Could not start the MS DTC Transaction Manage

Error - 8/25/2011 1:04:22 PM | Computer Name = OFFICE | Source = MSDTC | ID = 4163
Description = MS DTC log file not found. After ensuring that all Resource Managers
coordinated by MS DTC have no indoubt transactions, please run msdtc -resetlog
to create the log fil

Error - 8/25/2011 1:04:22 PM | Computer Name = OFFICE | Source = MSDTC | ID = 4185
Description = MS DTC Transaction Manager start failed. LogInit returned error 0x

Error - 8/25/2011 1:04:22 PM | Computer Name = OFFICE | Source = MSDTC | ID = 4112
Description = Could not start the MS DTC Transaction Manage

Error - 8/25/2011 9:26:24 PM | Computer Name = OFFICE | Source = MsiInstaller | ID = 11704
Description = Product: MP3 Rocket Toolbar -- Error 1704.An installation for Microsoft
Word 2000 SR-1 is currently suspended. You must undo the changes made by that
installation to continue. Do you want to undo those changes?

[ System Events ]
Error - 8/25/2011 9:29:01 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/25/2011 9:29:02 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/25/2011 9:29:02 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/25/2011 9:29:02 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/25/2011 9:29:02 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/25/2011 9:29:02 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/25/2011 9:29:02 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/25/2011 9:29:02 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/25/2011 9:29:02 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/25/2011 9:29:05 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >
 
Very good :)

Make sure to reinstall Avira.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
DRV - [2007/08/01 17:47:26 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKU\S-1-5-21-2110085197-3623661637-2055784002-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2110085197-3623661637-2055784002-1006\..\Toolbar\WebBrowser: (no name) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - No CLSID value found.
O3 - HKU\S-1-5-21-2110085197-3623661637-2055784002-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/...ndows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2011/08/14 14:56:43 | 000,014,770 | -HS- | M] () -- C:\Documents and Settings\USER\Local Settings\Application Data\8t4845xs1s51e3f64021x07j28d27ls1ytja
[2011/08/14 14:56:43 | 000,014,770 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\8t4845xs1s51e3f64021x07j28d27ls1ytja
[2011/08/13 15:34:22 | 000,014,480 | -HS- | M] () -- C:\Documents and Settings\USER\Local Settings\Application Data\v528oxe2480s33lio720x04eb6dr
[2011/08/13 15:34:22 | 000,014,480 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\v528oxe2480s33lio720x04eb6dr
[2011/08/04 09:15:16 | 000,000,036 | -H-- | M] () -- C:\WINDOWS\System32\f9t.dat
[2010/11/19 12:02:05 | 000,000,013 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ÄÐ3113.sys
[2006/06/16 09:16:05 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\77195D51F7.sys
[2007/12/18 19:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/12/18 19:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Viewpoint
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F4CE9946

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=====================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
I reinstalled Avira...But for some reason OTL keeps hanging up on Killing Processes. I left the computer for 3 hours figuring I wouldn't have to sit and watch and when I came back it still said Killing Processes...any suggestions?
 
Broni, thaks...I had to run it from Safe Mode...even after I disable Avira. Here you go...
All processes killed
========== OTL ==========
Service tmcomm stopped successfully!
Service tmcomm deleted successfully!
C:\WINDOWS\system32\drivers\tmcomm.sys moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2110085197-3623661637-2055784002-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-2110085197-3623661637-2055784002-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{06E58E5E-F8CB-4049-991E-A41C03BD419E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06E58E5E-F8CB-4049-991E-A41C03BD419E}\ not found.
Registry value HKEY_USERS\S-1-5-21-2110085197-3623661637-2055784002-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Error: No service named tmcomm was found to stop!
Service\Driver key tmcomm not found.
File C:\WINDOWS\system32\drivers\tmcomm.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ not found.
Registry value HKEY_USERS\S-1-5-21-2110085197-3623661637-2055784002-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-2110085197-3623661637-2055784002-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{06E58E5E-F8CB-4049-991E-A41C03BD419E} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06E58E5E-F8CB-4049-991E-A41C03BD419E}\ not found.
Registry value HKEY_USERS\S-1-5-21-2110085197-3623661637-2055784002-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\WINDOWS\000001_.tmp deleted successfully.
C:\WINDOWS\D9DE9E0371CA423BB10157F13A751003.TMP\WiseCustomCall.dll deleted successfully.
C:\WINDOWS\D9DE9E0371CA423BB10157F13A751003.TMP\WiseCustomCalla.dll deleted successfully.
C:\WINDOWS\D9DE9E0371CA423BB10157F13A751003.TMP\WiseCustomCalla2.exe deleted successfully.
C:\WINDOWS\D9DE9E0371CA423BB10157F13A751003.TMP\WiseData.ini deleted successfully.
C:\WINDOWS\D9DE9E0371CA423BB10157F13A751003.TMP folder deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\System32\ConduitEngine.tmp deleted successfully.
C:\Documents and Settings\USER\Local Settings\Application Data\8t4845xs1s51e3f64021x07j28d27ls1ytja moved successfully.
C:\Documents and Settings\All Users\Application Data\8t4845xs1s51e3f64021x07j28d27ls1ytja moved successfully.
C:\Documents and Settings\USER\Local Settings\Application Data\v528oxe2480s33lio720x04eb6dr moved successfully.
C:\Documents and Settings\All Users\Application Data\v528oxe2480s33lio720x04eb6dr moved successfully.
C:\WINDOWS\system32\f9t.dat moved successfully.
C:\Documents and Settings\All Users\Application Data\ÄÐ3113.sys moved successfully.
C:\WINDOWS\system32\77195D51F7.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome\BH00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
C:\Documents and Settings\USER\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\USER\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\USER\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\USER\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\USER\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
C:\Documents and Settings\USER\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
C:\Documents and Settings\USER\Application Data\Viewpoint folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F4CE9946 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56504 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32969 bytes
->Flash cache emptied: 56504 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 847 bytes
->Flash cache emptied: 8351 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 6160518 bytes
->Java cache emptied: 3399 bytes
->Flash cache emptied: 30871 bytes

User: USER
->Temp folder emptied: 262471 bytes
->Temporary Internet Files folder emptied: 110843398 bytes
->Java cache emptied: 4746858 bytes
->FireFox cache emptied: 49914495 bytes
->Google Chrome cache emptied: 6187222 bytes
->Opera cache emptied: 30138437 bytes
->Flash cache emptied: 107837 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 255 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 199.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: USER
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Error: Unable to interpret <O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)> in the current context!
Error: Unable to interpret <[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]> in the current context!
Error: Unable to interpret <[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]> in the current context!
Error: Unable to interpret <[2011/08/14 > in the current context!
Error: Unable to interpret <| 000,014,770 | -HS- | M] () -- C:\Documents and Settings\USER\Local Settings\Application Data\8t4845xs1s51e3f64021x07j28d27ls1ytja> in the current context!
Error: Unable to interpret <[2011/08/14 14:56:43 | 000,014,770 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\8t4845xs1s51e3f64021x07j28d27ls1ytja> in the current context!
Error: Unable to interpret <[2011/08/13 15:34:22 | 000,014,480 | -HS- | M] () -- C:\Documents and Settings\USER\Local Settings\Application Data\v528oxe2480s33lio720x04eb6dr> in the current context!
Error: Unable to interpret <[2011/08/13 15:34:22 | 000,014,480 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\v528oxe2480s33lio720x04eb6dr> in the current context!
Error: Unable to interpret <[2011/08/04 09:15:16 | 000,000,036 | -H-- | M] () -- C:\WINDOWS\System32\f9t.dat> in the current context!
Error: Unable to interpret <[2010/11/19 12:02:05 | 000,000,013 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ÄÐ3113.sys> in the current context!
Error: Unable to interpret <[2006/06/16 09:16:05 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\77195D51F7.sys> in the current context!
Error: Unable to interpret <[2007/12/18 19:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint> in the current context!
Error: Unable to interpret <[2007/12/18 19:25:51 |:OTL> in the current context!
Error: Unable to interpret <DRV - [2007/08/01 17:47:26 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)> in the current context!
Error: Unable to interpret <O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.> in the current context!
Error: Unable to interpret <O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-21-2110085197-3623661637-2055784002-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-21-2110085197-3623661637-2055784002-1006\..\Toolbar\WebBrowser: (no name) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-21-2110085197-3623661637-2055784002-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/...ndows-i586.cab (Reg Error: Value error.)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Value error.)> in the current context!
Error: Unable to interpret <O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)> in the current context!
Error: Unable to interpret <[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]> in the current context!
Error: Unable to interpret <[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]> in the current context!
Error: Unable to interpret <[2011/08/14 14:56:43 | 000,014,770 | -HS- | M] () -- C:\Documents and Settings\USER\Local Settings\Application Data\8t4845xs1s51e3f64021x07j28d27ls1ytja> in the current context!
Error: Unable to interpret <[2011/08/14 14:56:43 | 000,014,770 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\8t4845xs1s51e3f64021x07j28d27ls1ytja> in the current context!
Error: Unable to interpret <[2011/08/13 15:34:22 | 000,014,480 | -HS- | M] () -- C:\Documents and Settings\USER\Local Settings\Application Data\v528oxe2480s33lio720x04eb6dr> in the current context!
Error: Unable to interpret <[2011/08/13 15:34:22 | 000,014,480 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\v528oxe2480s33lio720x04eb6dr> in the current context!
Error: Unable to interpret <[2011/08/04 09:15:16 | 000,000,036 | -H-- | M] () -- C:\WINDOWS\System32\f9t.dat> in the current context!
Error: Unable to interpret <[2010/11/19 12:02:05 | 000,000,013 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ÄÐ3113.sys> in the current context!
Error: Unable to interpret <[2006/06/16 09:16:05 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\77195D51F7.sys> in the current context!
Error: Unable to interpret <[2007/12/18 19:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint> in the current context!
Error: Unable to interpret <[2007/12/18 19:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Viewpoint> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F4CE9946> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: USER
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: USER
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Error: Unable to interpret <[Reboot] 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Viewpoint> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F4CE9946> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: USER
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: USER
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.5 log created on 08262011_203925

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 26
Java(TM) SE Runtime Environment 6 Update 1
Java 2 Runtime Environment, SE v1.4.2_03
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader 8.1.4
Out of date Adobe Reader installed!
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

ESET
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{0501A104-0BEB-4CE3-B38F-40AF937AA2E2} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{121A6D40-2E79-4F92-A852-9BF058B0E6CA} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{1E104DF3-F065-4F14-9977-569F5CA24C5D} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{24550571-BC34-4304-90A1-0F6BC0920020} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{2ABC4AF5-21A3-4509-AEB0-FCE81BED25F5} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{2C443A65-F3FE-4B4E-ADCB-D00655B30A80} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{3854996B-FEF9-483B-9444-F95D4190E975} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{38BD4B68-A27A-4064-843C-7BC162DB22B9} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{3F8EC361-0A7B-4007-9D28-5CAF0B644519} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{40ED2075-42C4-4C09-8E8A-2186B8E03937} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{4B66672B-C456-409E-884D-D1324DB4FE05} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{5746E58B-B8F6-4488-A8B6-4217CEFC6F99} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{7427E2D7-3A0A-4E1F-BECB-E2615F992E26} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{752E2F31-F58D-4C5D-9F77-4BF8586BE0DF} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{83599615-DA65-463B-AD52-E40613289256} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{83F65312-2FF6-482C-B8DC-1DC91BD21454} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{91777A41-5742-40B4-86EE-728566232D75} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{919C5C2A-1248-4519-9E2B-87EDBFE3FBF5} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{A0C49D03-82E6-4F13-B3E5-93D0C711867E} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{AED9D7A6-B7A0-41AA-9A9D-CD7994741C18} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{AEFB60C7-9B9F-41C2-9F8C-8FC7491EECA4} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{C0EA2548-E03A-4A2C-9616-CF1D39892D2D} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{C59BDA3F-642D-4D87-8867-BBB938E593C3} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{D004B390-BE96-4A27-B7E1-FF600EBCA20C} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{D2091F96-08CA-4F13-9C87-73D88541A7A0} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{D2683C47-2B3A-4F17-BA33-574D1BF3087D} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{D39984CD-6A39-4BC3-BE8E-D13A02EB6CF4} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{D6AA18C5-ECDA-4C35-8FA5-273FB16A63CE} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{D7F37A75-89B6-4002-901F-FEBD89D42BD5} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{DE73A57F-D7F0-4FE8-B67F-3FCE54D1A6A2} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{DFA04697-B408-4D4A-AC9F-C77C9D311908} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{E5DC6BB1-2D51-436B-9FFD-8D89190E17A0} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{ED1EB319-3751-4B10-9826-32DAB5993737} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{F2530C24-9706-47EB-9D17-04146DBBDBA4} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{FA1ABA5C-B03C-4D8F-80A1-1039B211B4A4} Win32/Qhost trojan cleaned by deleting - quarantined
C:\Program Files\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\wbcache2.dll.vir a variant of Win32/Kryptik.RLE trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001045.exe a variant of Win32/Kryptik.RSX trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0007051.dll a variant of Win32/Wimpixo.AA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0007052.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0007053.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0007054.DLL Win32/Toolbar.MyWebSearch.B application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0007056.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0007058.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0007059.DLL Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0007060.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0007062.DLL Win32/Toolbar.MyWebSearch.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0007063.exe a variant of Win32/Kryptik.RQK trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0007081.DLL Win32/Toolbar.MyWebSearch.I application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0040450.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0040451.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0013158.scr Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0025442.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0025443.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0025444.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0025445.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0025446.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0025447.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0025511.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0025512.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0025513.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0025514.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP9\A0036698.dll a variant of Win32/Kryptik.RLE trojan cleaned by deleting - quarantined
 
Uninstall:
Java(TM) SE Runtime Environment 6 Update 1
Java 2 Runtime Environment, SE v1.4.2_03

================================================================

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

===================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
Do I check any of the boxes when I close the ESET Scanner? there are options to Uninstall the Application and Delete the Quarantined files
 
OK before I run anything else..I have a new BIG problem. I have a program that I use for my freelance graphic art business. When I try to open the sw from the shortcut or the programs list I get an error saying "Cannot Determine Configuration"

After digging through every box of program disks I have, I finally found the install cd's and when I try to remove the program si I can reinstall it I get the error I have attached (screen shot of the error)

What can I do? I have a job I was running and it needs to be completed by tomorrow as we are bracing for Hurriane Irene here and I need to get this job out.

Help Please...
 

Attachments

  • pmw.jpg
    pmw.jpg
    24.3 KB · Views: 1

Similar threads

heisenberg123
Discord 2FA lockout, locked out of my account for over 2 months now with sensitive and vital information inside my discord account. please help.
Replies
1
Views
143
heisenberg123
heisenberg123
S
Problem with computer installation
Replies
0
Views
110
Smilady
S
wiyosaya
Windows 11 - WiFi hotspot prevents PC from hibernating
Replies
2
Views
118
wiyosaya
wiyosaya

Latest posts

Back