Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My Desktop is gone


  • Please log in to reply

#1
jllaz

jllaz

    Member

  • Member
  • PipPip
  • 95 posts
My computer hung at the welcome screen averytime a booted in Normal Mode, the only way I could log in was in safe mode. I tryed to do a System Restore but, for some reason non of my restore point worked. I did a scan with AVG and found 2 infected files and cleaned them. Rebooted in Normal Mode and I'm able to log in pass the welcome screen but I get an empty desktop that shows only the Recycle Bin Icon and Start Button, tnis is after I press ok on the following error message (C:\Windows\System32\Config\Systemprofile\Desktop refers to a location that is unavailable....) after that I can run some programs but on must of them I get this error message ( Dependency service on group filed to start) If I reboot in Safe Mode a message flag shows up with the following ( Failed to connect to a windows service) and I can't run some of the programs. Thank you for any help that you can give me. I followed you Virus clenning guide and this is the result.

Run TFC No problem shown, no reboot needed

SystemRestore Unhandle exeption has occurred in your application, this service can not be stared in Safe Mode.

ERUNT No registry files found to save for this user, Backup of remaining files will continue.

Malwarebytes Scan compleated successfully, no malicious items detected

Malwarebytes' Anti-Malware 1.41
Database version: 3178
Windows 6.0.6001 Service Pack 1 (Safe Mode)

11/16/2009 6:00:42 PM
mbam-log-2009-11-16 (18-00-42).txt

Scan type: Quick Scan
Objects scanned: 93424
Time elapsed: 3 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/16 13:32
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\Windows\system32\DRIVERS\1394BUS.SYS
Address: 0x8C7EA000 Size: 57344 File Visible: - Signed: -
Status: -

Name: a286reg7.SYS
Image Path: C:\Windows\System32\Drivers\a286reg7.SYS
Address: 0x88F0B000 Size: 413696 File Visible: - Signed: -
Status: -

Name: acpi.sys
Image Path: C:\Windows\system32\drivers\acpi.sys
Address: 0x82F62000 Size: 286720 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x82452000 Size: 3842048 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\Windows\system32\drivers\afd.sys
Address: 0x8D177000 Size: 294912 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: C:\Windows\system32\drivers\atapi.sys
Address: 0x884B4000 Size: 32768 File Visible: - Signed: -
Status: -

Name: ataport.SYS
Image Path: C:\Windows\system32\drivers\ataport.SYS
Address: 0x884BC000 Size: 122880 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\Windows\System32\ATMFD.DLL
Address: 0x81B50000 Size: 311296 File Visible: - Signed: -
Status: -

Name: BATTC.SYS
Image Path: C:\Windows\system32\DRIVERS\BATTC.SYS
Address: 0x82FF3000 Size: 40960 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\Windows\System32\Drivers\Beep.SYS
Address: 0x8D0B0000 Size: 28672 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\Windows\system32\BOOTVID.dll
Address: 0x82C84000 Size: 32768 File Visible: - Signed: -
Status: -

Name: bowser.sys
Image Path: C:\Windows\system32\DRIVERS\bowser.sys
Address: 0x8D2B5000 Size: 102400 File Visible: - Signed: -
Status: -

Name: cdfs.sys
Image Path: C:\Windows\system32\DRIVERS\cdfs.sys
Address: 0x8D353000 Size: 90112 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\Windows\system32\DRIVERS\cdrom.sys
Address: 0x88EF3000 Size: 98304 File Visible: - Signed: -
Status: -

Name: CI.dll
Image Path: C:\Windows\system32\CI.dll
Address: 0x82CCD000 Size: 917504 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS
Address: 0x88DEA000 Size: 135168 File Visible: - Signed: -
Status: -

Name: CLFS.SYS
Image Path: C:\Windows\system32\CLFS.SYS
Address: 0x82C8C000 Size: 266240 File Visible: - Signed: -
Status: -

Name: compbatt.sys
Image Path: C:\Windows\system32\DRIVERS\compbatt.sys
Address: 0x82FF0000 Size: 10496 File Visible: - Signed: -
Status: -

Name: crashdmp.sys
Image Path: C:\Windows\System32\Drivers\crashdmp.sys
Address: 0x8D257000 Size: 53248 File Visible: - Signed: -
Status: -

Name: crcdisk.sys
Image Path: C:\Windows\system32\drivers\crcdisk.sys
Address: 0x88E0B000 Size: 36864 File Visible: - Signed: -
Status: -

Name: dfsc.sys
Image Path: C:\Windows\System32\Drivers\dfsc.sys
Address: 0x8D240000 Size: 94208 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: C:\Windows\system32\drivers\disk.sys
Address: 0x88DD9000 Size: 69632 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8D26F000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8D264000 Size: 45056 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\Windows\System32\drivers\Dxapi.sys
Address: 0x8D277000 Size: 40960 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\Windows\System32\drivers\dxg.sys
Address: 0x81A90000 Size: 94208 File Visible: - Signed: -
Status: -

Name: ecache.sys
Image Path: C:\Windows\System32\drivers\ecache.sys
Address: 0x88DB2000 Size: 159744 File Visible: - Signed: -
Status: -

Name: fileinfo.sys
Image Path: C:\Windows\system32\drivers\fileinfo.sys
Address: 0x8850C000 Size: 65536 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: C:\Windows\system32\drivers\fltmgr.sys
Address: 0x884DA000 Size: 204800 File Visible: - Signed: -
Status: -

Name: framebuf.dll
Image Path: C:\Windows\System32\framebuf.dll
Address: 0x81B40000 Size: 32768 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS
Address: 0x8D0A0000 Size: 36864 File Visible: - Signed: -
Status: -

Name: fwpkclnt.sys
Image Path: C:\Windows\System32\drivers\fwpkclnt.sys
Address: 0x8877F000 Size: 110592 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
Address: 0x8C400000 Size: 21120 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\Windows\system32\hal.dll
Address: 0x8241F000 Size: 208896 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\Windows\system32\DRIVERS\HDAudBus.sys
Address: 0x88E48000 Size: 73728 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\Windows\system32\DRIVERS\i8042prt.sys
Address: 0x88E98000 Size: 77824 File Visible: - Signed: -
Status: -

Name: intelide.sys
Image Path: C:\Windows\system32\drivers\intelide.sys
Address: 0x88462000 Size: 28672 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys
Address: 0x88EAB000 Size: 45056 File Visible: - Signed: -
Status: -

Name: kdcom.dll
Image Path: C:\Windows\system32\kdcom.dll
Address: 0x82C0B000 Size: 32768 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\Windows\system32\DRIVERS\ks.sys
Address: 0x8D01A000 Size: 172032 File Visible: - Signed: -
Status: -

Name: ksecdd.sys
Image Path: C:\Windows\System32\Drivers\ksecdd.sys
Address: 0x88B7E000 Size: 462848 File Visible: - Signed: -
Status: -

Name: LPCFilter.sys
Image Path: C:\Windows\system32\DRIVERS\LPCFilter.sys
Address: 0x82FB0000 Size: 40960 File Visible: - Signed: -
Status: -

Name: mcupdate_GenuineIntel.dll
Image Path: C:\Windows\system32\mcupdate_GenuineIntel.dll
Address: 0x82C13000 Size: 393216 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\Windows\system32\DRIVERS\mouclass.sys
Address: 0x88EE8000 Size: 45056 File Visible: - Signed: -
Status: -

Name: mountmgr.sys
Image Path: C:\Windows\System32\drivers\mountmgr.sys
Address: 0x884A4000 Size: 65536 File Visible: - Signed: -
Status: -

Name: mpsdrv.sys
Image Path: C:\Windows\System32\drivers\mpsdrv.sys
Address: 0x8D2CE000 Size: 86016 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys
Address: 0x8D2E3000 Size: 126976 File Visible: - Signed: -
Status: -

Name: mrxsmb10.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Address: 0x8D302000 Size: 233472 File Visible: - Signed: -
Status: -

Name: mrxsmb20.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Address: 0x8D33B000 Size: 98304 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\Windows\System32\Drivers\Msfs.SYS
Address: 0x8D0F9000 Size: 45056 File Visible: - Signed: -
Status: -

Name: msisadrv.sys
Image Path: C:\Windows\system32\drivers\msisadrv.sys
Address: 0x82FA8000 Size: 32768 File Visible: - Signed: -
Status: -

Name: msiscsi.sys
Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys
Address: 0x88F70000 Size: 188416 File Visible: - Signed: -
Status: -

Name: msrpc.sys
Image Path: C:\Windows\system32\drivers\msrpc.sys
Address: 0x88631000 Size: 176128 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys
Address: 0x8D044000 Size: 40960 File Visible: - Signed: -
Status: -

Name: mup.sys
Image Path: C:\Windows\System32\Drivers\mup.sys
Address: 0x88DA3000 Size: 61440 File Visible: - Signed: -
Status: -

Name: ndis.sys
Image Path: C:\Windows\system32\drivers\ndis.sys
Address: 0x88526000 Size: 1093632 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys
Address: 0x88FEA000 Size: 45056 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\Windows\system32\DRIVERS\ndisuio.sys
Address: 0x8D2AB000 Size: 40960 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys
Address: 0x887B1000 Size: 143360 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\Windows\System32\Drivers\NDProxy.SYS
Address: 0x8D08F000 Size: 69632 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\Windows\system32\DRIVERS\netbios.sys
Address: 0x8D1EC000 Size: 57344 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\Windows\System32\DRIVERS\netbt.sys
Address: 0x8D145000 Size: 204800 File Visible: - Signed: -
Status: -

Name: NETIO.SYS
Image Path: C:\Windows\system32\drivers\NETIO.SYS
Address: 0x8865C000 Size: 237568 File Visible: - Signed: -
Status: -

Name: NETw5v32.sys
Image Path: C:\Windows\system32\DRIVERS\NETw5v32.sys
Address: 0x8C408000 Size: 3706880 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\Windows\System32\Drivers\Npfs.SYS
Address: 0x8D104000 Size: 57344 File Visible: - Signed: -
Status: -

Name: nsiproxy.sys
Image Path: C:\Windows\system32\drivers\nsiproxy.sys
Address: 0x8D236000 Size: 40960 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: C:\Windows\System32\Drivers\Ntfs.sys
Address: 0x88C03000 Size: 1110016 File Visible: - Signed: -
Status: -

Name: ntoskrnl.exe
Image Path: C:\Windows\system32\ntoskrnl.exe
Address: 0x82452000 Size: 3842048 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\Windows\System32\Drivers\Null.SYS
Address: 0x8D0A9000 Size: 28672 File Visible: - Signed: -
Status: -

Name: nwifi.sys
Image Path: C:\Windows\system32\DRIVERS\nwifi.sys
Address: 0x8D281000 Size: 172032 File Visible: - Signed: -
Status: -

Name: ohci1394.sys
Image Path: C:\Windows\system32\DRIVERS\ohci1394.sys
Address: 0x8C7DA000 Size: 61952 File Visible: - Signed: -
Status: -

Name: pacer.sys
Image Path: C:\Windows\system32\DRIVERS\pacer.sys
Address: 0x8D1D6000 Size: 90112 File Visible: - Signed: -
Status: -

Name: partmgr.sys
Image Path: C:\Windows\System32\drivers\partmgr.sys
Address: 0x82FE1000 Size: 61440 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: C:\Windows\system32\drivers\pci.sys
Address: 0x82FBA000 Size: 159744 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\Windows\system32\drivers\PCIIDEX.SYS
Address: 0x88469000 Size: 57344 File Visible: - Signed: -
Status: -

Name: pcmcia.sys
Image Path: C:\Windows\system32\DRIVERS\pcmcia.sys
Address: 0x88477000 Size: 184320 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x82452000 Size: 3842048 File Visible: - Signed: -
Status: -

Name: PSHED.dll
Image Path: C:\Windows\system32\PSHED.dll
Address: 0x82C73000 Size: 69632 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: C:\Windows\System32\Drivers\PxHelp20.sys
Address: 0x8851C000 Size: 37056 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\Windows\System32\DRIVERS\rasacd.sys
Address: 0x8D112000 Size: 36864 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys
Address: 0x8879A000 Size: 94208 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys
Address: 0x88BEF000 Size: 61440 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\Windows\system32\DRIVERS\raspptp.sys
Address: 0x887D4000 Size: 81920 File Visible: - Signed: -
Status: -

Name: rassstp.sys
Image Path: C:\Windows\system32\DRIVERS\rassstp.sys
Address: 0x887E8000 Size: 86016 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x82452000 Size: 3842048 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\Windows\system32\DRIVERS\rdbss.sys
Address: 0x8D1FA000 Size: 245760 File Visible: - Signed: -
Status: -

Name: rdpencdd.sys
Image Path: C:\Windows\system32\drivers\rdpencdd.sys
Address: 0x8D0F1000 Size: 32768 File Visible: - Signed: -
Status: -

Name: REDLIGHT.SYS
Image Path: C:\Windows\System32\drivers\REDLIGHT.SYS
Address: 0x88806000 Size: 3637248 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x8D369000 Size: 49152 File Visible: No Signed: -
Status: -

Name: Rtlh86.sys
Image Path: C:\Windows\system32\DRIVERS\Rtlh86.sys
Address: 0x8C791000 Size: 192512 File Visible: - Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\Windows\System32\Drivers\SCSIPORT.SYS
Address: 0x82F3C000 Size: 155648 File Visible: - Signed: -
Status: -

Name: smb.sys
Image Path: C:\Windows\system32\DRIVERS\smb.sys
Address: 0x8D131000 Size: 81920 File Visible: - Signed: -
Status: -

Name: sprr.sys
Image Path: C:\Windows\System32\Drivers\sprr.sys
Address: 0x82E36000 Size: 1036288 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: storport.sys
Image Path: C:\Windows\system32\DRIVERS\storport.sys
Address: 0x88F9E000 Size: 266240 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\Windows\system32\DRIVERS\swenum.sys
Address: 0x8D018000 Size: 4992 File Visible: - Signed: -
Status: -

Name: SynTP.sys
Image Path: C:\Windows\system32\DRIVERS\SynTP.sys
Address: 0x88EB6000 Size: 201984 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\Windows\System32\drivers\tcpip.sys
Address: 0x88696000 Size: 954368 File Visible: - Signed: -
Status: -

Name: tdcmdpst.sys
Image Path: C:\Windows\system32\DRIVERS\tdcmdpst.sys
Address: 0x8C7FA000 Size: 16128 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\Windows\system32\DRIVERS\TDI.SYS
Address: 0x88FDF000 Size: 45056 File Visible: - Signed: -
Status: -

Name: tdx.sys
Image Path: C:\Windows\system32\DRIVERS\tdx.sys
Address: 0x8D11B000 Size: 90112 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\Windows\system32\DRIVERS\termdd.sys
Address: 0x8D008000 Size: 65536 File Visible: - Signed: -
Status: -

Name: tos_sps32.sys
Image Path: C:\Windows\system32\DRIVERS\tos_sps32.sys
Address: 0x88D50000 Size: 307200 File Visible: - Signed: -
Status: -

Name: TSDDD.dll
Image Path: C:\Windows\System32\TSDDD.dll
Address: 0x81AC0000 Size: 36864 File Visible: - Signed: -
Status: -

Name: tunmp.sys
Image Path: C:\Windows\system32\DRIVERS\tunmp.sys
Address: 0x88E3F000 Size: 36864 File Visible: - Signed: -
Status: -

Name: tunnel.sys
Image Path: C:\Windows\system32\DRIVERS\tunnel.sys
Address: 0x88E34000 Size: 45056 File Visible: - Signed: -
Status: -

Name: TVALZ_O.SYS
Image Path: C:\Windows\system32\DRIVERS\TVALZ_O.SYS
Address: 0x88D4B000 Size: 16768 File Visible: - Signed: -
Status: -

Name: umbus.sys
Image Path: C:\Windows\system32\DRIVERS\umbus.sys
Address: 0x8D04E000 Size: 53248 File Visible: - Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\Windows\system32\DRIVERS\usbccgp.sys
Address: 0x8D1BF000 Size: 94208 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\Windows\system32\DRIVERS\USBD.SYS
Address: 0x8C7F8000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\Windows\system32\DRIVERS\usbehci.sys
Address: 0x8C7CB000 Size: 61440 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\Windows\system32\DRIVERS\usbhub.sys
Address: 0x8D05B000 Size: 212992 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS
Address: 0x88E5A000 Size: 253952 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\Windows\system32\DRIVERS\usbuhci.sys
Address: 0x8C7C0000 Size: 45056 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\Windows\System32\drivers\vga.sys
Address: 0x8D0B7000 Size: 49152 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\Windows\System32\drivers\VIDEOPRT.SYS
Address: 0x8D0C3000 Size: 135168 File Visible: - Signed: -
Status: -

Name: volmgr.sys
Image Path: C:\Windows\system32\drivers\volmgr.sys
Address: 0x88409000 Size: 61440 File Visible: - Signed: -
Status: -

Name: volmgrx.sys
Image Path: C:\Windows\System32\drivers\volmgrx.sys
Address: 0x88418000 Size: 303104 File Visible: - Signed: -
Status: -

Name: volsnap.sys
Image Path: C:\Windows\system32\drivers\volsnap.sys
Address: 0x88D12000 Size: 233472 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\Windows\System32\drivers\watchdog.sys
Address: 0x8D0E4000 Size: 53248 File Visible: - Signed: -
Status: -

Name: Wdf01000.sys
Image Path: C:\Windows\system32\drivers\Wdf01000.sys
Address: 0x82DAD000 Size: 507904 File Visible: - Signed: -
Status: -

Name: WDFLDR.SYS
Image Path: C:\Windows\system32\drivers\WDFLDR.SYS
Address: 0x82E29000 Size: 53248 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0x81880000 Size: 2105344 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\Windows\System32\win32k.sys
Address: 0x81880000 Size: 2105344 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\Windows\System32\Drivers\WMILIB.SYS
Address: 0x82F33000 Size: 36864 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x82452000 Size: 3842048 File Visible: - Signed: -
Status: -





OTL logfile created on: 11/16/2009 1:40:58 PM - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Users\Jerry\Desktop\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 76.92% Memory free
4.00 Gb Paging File | 3.94 Gb Available in Paging File | 98.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 184.84 Gb Total Space | 63.96 Gb Free Space | 34.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JERRY-PC
Current User Name: Jerry
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/16 13:35:47 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\Jerry\Desktop\Desktop\OTL.exe
PRC - [2009/09/05 22:38:15 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/18 22:33:40 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe


========== Modules (SafeList) ==========

MOD - [2009/11/16 13:35:47 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\Jerry\Desktop\Desktop\OTL.exe
MOD - [2008/01/18 22:26:36 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/09/08 20:09:30 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/06 19:42:27 | 00,085,096 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/09/06 07:49:44 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/05 21:58:14 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009/09/05 21:58:10 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2009/09/05 21:58:05 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009/09/05 21:43:04 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/09/05 20:27:38 | 00,182,768 | ---- | M] (Google) -- C:\Virtual\Untrusted\C_\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc_Untrusted_BZ)
SRV - [2009/09/05 20:27:38 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/22 17:14:26 | 00,797,080 | ---- | M] () -- C:\Program Files\BufferZone\ClntSvc.exe -- (BufferZoneSvc)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/19 18:23:16 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/08/15 04:46:20 | 00,284,016 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/07/18 12:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 12:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/07/07 08:42:02 | 00,809,296 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/03/25 20:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/01/18 22:38:26 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/18 22:33:40 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008/01/18 22:33:34 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Virtual\Untrusted\c_\Windows\system32\svchost.exe -- (winmgmt_Untrusted_BZ)
SRV - [2008/01/18 22:33:10 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2007/05/09 15:16:34 | 01,862,144 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)
SRV - [2007/04/27 20:15:46 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/03/20 14:22:06 | 00,114,344 | ---- | M] ( ) -- C:\Program Files\Maxtor\Utils\SyncServices.exe -- (NTService1)
SRV - [2007/03/15 13:48:26 | 00,535,807 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2007/02/10 04:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2007/02/10 04:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)
SRV - [2007/02/10 04:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2007/02/02 14:56:52 | 00,118,784 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/01/25 17:50:26 | 00,063,096 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/01/25 17:47:50 | 00,136,816 | ---- | M] () -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
SRV - [2007/01/22 12:11:50 | 00,108,064 | ---- | M] (EMC Corporation) -- C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe -- (RetroExpLauncher)
SRV - [2006/12/19 23:15:44 | 00,428,152 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2006/11/14 20:33:10 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/11/02 19:40:12 | 00,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/11/02 05:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2006/11/02 05:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/27 07:36:32 | 00,303,104 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2006/10/27 07:35:16 | 00,880,640 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2006/10/27 07:33:00 | 00,159,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2006/10/26 23:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 21:14:42 | 00,057,344 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2006/10/26 21:14:16 | 00,294,912 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2006/10/26 18:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/05 12:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 16:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 18:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2005/10/14 01:50:20 | 00,045,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/07 13:20:07 | 00,000,000 | ---D | M]


O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (CBZurlmon Object) - {311BA51F-64F2-439D-9A4A-772373D77312} - C:\Program Files\BufferZone\BZbho.dll (Trustware)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe File not found
O4 - HKLM..\Run: [BufferZone] C:\Program Files\BufferZone\CLIENTGUI.EXE ()
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/06 16:12:34 | 00,000,000 | ---D | M] - C:\AutoCad -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 14:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/09/06 00:53:58 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/11/16 13:35:46 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Users\Jerry\Desktop\Desktop\OTL.exe
[2009/11/16 13:29:20 | 00,472,064 | ---- | C] ( ) -- C:\Users\Jerry\Desktop\Desktop\RootRepeal.exe
[2009/11/16 11:00:11 | 00,000,000 | ---D | C] -- C:\My Documents
[2009/11/16 11:00:11 | 00,000,000 | ---D | C] -- \My Documents
[2009/11/15 18:50:25 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/15 18:50:02 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Jerry\Desktop\Desktop\HijackThisInstaller.exe
[2009/11/15 16:50:09 | 00,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Favorites
[2009/11/15 13:02:16 | 00,000,000 | ---D | C] -- C:\Program Files\Malbytes' Anti-Malware
[2009/11/15 12:56:32 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/11/15 12:56:31 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/11/15 12:56:31 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/15 12:56:31 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/15 12:56:31 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/15 12:50:25 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/11/15 12:45:18 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/09 19:33:22 | 00,000,000 | ---D | C] -- C:\$AVG
[2009/11/09 19:33:22 | 00,000,000 | ---D | C] -- \$AVG
[2009/11/09 19:32:27 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
[2009/11/09 19:32:27 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
[2009/11/08 12:02:17 | 00,000,000 | ---D | C] -- C:\Program Files\RSA
[2006/09/14 10:32:20 | 00,028,672 | R--- | C] ( ) -- C:\Windows\System32\DivXGraphBuilderCallback.dll

========== Files - Modified Within 14 Days ==========

[2009/11/16 13:35:47 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\Jerry\Desktop\Desktop\OTL.exe
[2009/11/16 13:29:36 | 00,000,000 | ---- | M] () -- C:\Users\Jerry\Desktop\Desktop\settings.dat
[2009/11/16 13:29:21 | 00,472,064 | ---- | M] ( ) -- C:\Users\Jerry\Desktop\Desktop\RootRepeal.exe
[2009/11/16 13:06:35 | 00,756,644 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/16 13:06:35 | 00,641,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/16 13:06:35 | 00,118,288 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/16 13:02:18 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/16 13:00:40 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/16 13:00:40 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/16 13:00:36 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/15 18:50:25 | 00,001,891 | ---- | M] () -- C:\Users\Jerry\Desktop\Desktop\HijackThis.lnk
[2009/11/15 18:50:06 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Jerry\Desktop\Desktop\HijackThisInstaller.exe
[2009/11/15 13:02:20 | 00,000,809 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/06 07:58:50 | 00,262,144 | ---- | M] () -- C:\Windows\system32\config\systemprofile\ntuser.dat

========== Files Created - No Company Name ==========

[2009/11/16 13:29:36 | 00,000,000 | ---- | C] () -- C:\Users\Jerry\Desktop\Desktop\settings.dat
[2009/11/15 18:50:25 | 00,001,891 | ---- | C] () -- C:\Users\Jerry\Desktop\Desktop\HijackThis.lnk
[2009/11/15 12:56:35 | 00,000,809 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/06 16:07:49 | 00,002,212 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/09/11 08:33:36 | 00,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009/09/11 07:25:21 | 00,000,025 | ---- | C] () -- C:\Windows\EP_SPR380.ini
[2009/09/10 12:21:57 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/09/06 18:56:12 | 00,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/09/06 18:56:12 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/09/06 16:09:33 | 00,899,414 | ---- | C] () -- \SetupDVDDecrypter_3.5.4.0.exe
[2009/09/06 14:07:01 | 00,000,262 | ---- | C] () -- \6fb5219aeb229b3.dat
[2009/09/05 19:18:23 | 00,716,272 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/09/05 17:44:32 | 24,509,19424 | -HS- | C] () -- \pagefile.sys
[2009/03/05 06:54:58 | 00,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2008/12/22 17:14:50 | 01,279,704 | ---- | C] () -- C:\Windows\System32\RlShellExt.dll
[2008/12/22 17:14:36 | 00,428,832 | ---- | C] () -- C:\Windows\System32\Ole2Plgin.dll
[2008/12/22 17:14:14 | 00,179,928 | ---- | C] () -- C:\Windows\System32\AM.dll
[2008/02/11 18:55:18 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007/05/09 18:25:14 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/05/09 15:24:17 | 00,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/05/09 15:06:33 | 00,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{26e3dd02-fe70-11db-9767-0016d4904cfa}.TMContainer00000000000000000002.regtrans-ms
[2007/05/09 15:06:33 | 00,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{26e3dd02-fe70-11db-9767-0016d4904cfa}.TMContainer00000000000000000001.regtrans-ms
[2007/05/09 15:06:33 | 00,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{26e3dd02-fe70-11db-9767-0016d4904cfa}.TM.blf
[2007/05/09 15:06:32 | 00,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{26e3dcf2-fe70-11db-9767-0016d4904cfa}.TMContainer00000000000000000002.regtrans-ms
[2007/05/09 15:06:32 | 00,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{26e3dcf2-fe70-11db-9767-0016d4904cfa}.TMContainer00000000000000000001.regtrans-ms
[2007/05/09 15:06:32 | 00,262,144 | ---- | C] () -- C:\ProgramData\ntuser.dat
[2007/05/09 15:06:32 | 00,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{26e3dcf2-fe70-11db-9767-0016d4904cfa}.TM.blf
[2007/05/09 15:06:32 | 00,005,120 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG1
[2007/05/09 15:06:32 | 00,000,000 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG2
[2007/05/09 14:58:17 | 00,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/05/09 14:58:17 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/05/09 14:58:17 | 00,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/05/09 14:58:16 | 00,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/05/09 14:58:16 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/05/09 14:58:16 | 00,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/05/09 14:44:27 | 00,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2007/05/09 14:44:26 | 00,333,203 | RHS- | C] () -- \bootmgr
[2007/05/09 14:30:52 | 00,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/05/09 14:30:51 | 00,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/05/09 14:30:51 | 00,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/05/09 14:30:51 | 00,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/03/06 12:49:42 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2006/12/05 13:05:06 | 00,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/24 07:48:44 | 00,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2006/11/10 08:17:52 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 05:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 05:37:35 | 00,030,808 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 05:37:35 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 05:37:35 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 05:37:35 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 05:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:23:31 | 00,000,254 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 03:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 03:23:09 | 00,000,024 | ---- | C] () -- \autoexec.bat
[2006/11/02 00:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:08 | 00,000,010 | ---- | C] () -- \config.sys
[2006/10/26 22:02:40 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/10/26 22:02:40 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2005/11/23 14:55:42 | 00,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005/07/22 21:30:20 | 00,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2005/07/15 11:35:56 | 00,831,488 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2005/07/15 11:35:56 | 00,159,744 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2005/07/15 11:35:24 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[1999/01/20 05:01:00 | 00,210,032 | ---- | C] () -- C:\Windows\System32\dbclient.dll
[1996/12/06 13:15:20 | 00,131,584 | ---- | C] () -- C:\Windows\System32\wsiwin32.dll
[1996/12/06 13:14:24 | 00,375,296 | ---- | C] () -- C:\Windows\System32\wsihk32.dll
[1996/02/01 17:25:42 | 00,943,616 | ---- | C] () -- C:\Windows\System32\dfolder.dll

========== LOP Check ==========

[2009/11/16 13:00:36 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/11/16 13:00:37 | 00,020,188 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/04/06 14:59:28 | 00,899,414 | ---- | M] () -- C:\SetupDVDDecrypter_3.5.4.0.exe

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2009/04/10 23:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
[2008/01/18 22:36:20 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2006/11/02 02:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2008/01/18 22:36:20 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2009/04/10 23:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/18 22:35:38 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2006/11/02 02:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008/01/18 22:35:38 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
[2006/11/02 02:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 02:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
[2006/11/02 02:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/18 22:42:10 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2006/11/02 02:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/18 22:42:10 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2009/04/10 23:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/18 22:41:32 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2009/09/05 22:39:28 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2006/11/02 02:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/01/18 22:41:32 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2009/09/05 22:39:28 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2009/09/05 22:39:28 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
[2008/01/18 22:41:32 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2006/11/02 02:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 02:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
[2008/01/18 22:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/18 22:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/18 22:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >
< End of report >





OTL Extras logfile created on: 11/16/2009 1:40:58 PM - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Users\Jerry\Desktop\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 76.92% Memory free
4.00 Gb Paging File | 3.94 Gb Available in Paging File | 98.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 184.84 Gb Total Space | 63.96 Gb Free Space | 34.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JERRY-PC
Current User Name: Jerry
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14EAB9B5-FB6A-4548-B695-C627DE12C96C}" = lport=138 | protocol=17 | dir=in | app=system |
"{1B40DB75-AF9F-4364-B8D3-20417BFAA066}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{3AAAF024-52E4-4AE3-93C7-95FC1CE47E6C}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{61742E8A-67CE-4431-8201-726DC9B77775}" = lport=445 | protocol=6 | dir=in | app=system |
"{7679F991-1BEF-4EB4-A556-32386E04FE16}" = lport=137 | protocol=17 | dir=in | app=system |
"{79AD8B9E-9F91-4F8E-B300-D8DA8D6C9A71}" = rport=139 | protocol=6 | dir=out | app=system |
"{83E48856-E8BC-4303-BCA1-4C5EB2374557}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{94116FE4-0E83-484F-A94F-CA95EB24F130}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{9484C26A-70EC-48CA-B49B-8F1A30923293}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{A646BC33-FE3F-4A54-ABD3-04EF2260FAAE}" = rport=137 | protocol=17 | dir=out | app=system |
"{AABBC62A-E82D-4403-85C5-F2D735357B70}" = rport=445 | protocol=6 | dir=out | app=system |
"{C9A3A920-B34E-4860-8DAB-3C3D12A2E621}" = lport=139 | protocol=6 | dir=in | app=system |
"{D1164418-8D15-4FFF-B139-F82C4F5DA576}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D8818646-7D58-4FCA-AA60-D541FA5D6E6E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{EB3B3E01-67B3-41CC-B9FB-0A21F7AEFDE2}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{021F28A9-B396-4C8F-89FA-03803D226211}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{1173C128-AB98-48EC-9508-C52AB8E23BFF}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{17DF74FD-E2CA-4314-8F5C-2458EC86E94F}" = protocol=58 | dir=in | [email protected],-28545 |
"{180C4FED-AF87-4D05-90D1-B3B497FD7A72}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{4618B584-2DFE-40B9-8679-7E1E65AE5258}" = protocol=1 | dir=out | [email protected],-28544 |
"{5F906EB0-3522-43FC-97CD-8D1C0DF4CFC0}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{681383E0-BD8A-4B13-92AE-A5A4A6BE08CD}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{8A753F48-40F6-4F21-B3F9-2CD7704750E0}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{9D798FD3-5BBD-4225-9707-A8342289A9F0}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{B3EE6C4C-E413-43A4-890E-7E2AAD7D70C9}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D70B787A-A6F3-4341-A650-D5991A4EC9B4}" = protocol=58 | dir=out | [email protected],-28546 |
"{DFFBF264-CAA5-4995-B6C0-0478C354E2E3}" = protocol=1 | dir=in | [email protected],-28543 |
"TCP Query User{2A0AD772-6A9F-4C38-BB40-F8F533D34C2E}C:\program files\shareaza\shareaza.exe" = protocol=6 | dir=in | app=c:\program files\shareaza\shareaza.exe |
"TCP Query User{CDA49ED1-0907-4E38-9FD0-2A16224B7997}C:\program files\shareaza\shareaza.exe" = protocol=6 | dir=in | app=c:\program files\shareaza\shareaza.exe |
"UDP Query User{BDA39EEE-7BF6-4F41-AA8C-9F7C955C8C23}C:\program files\shareaza\shareaza.exe" = protocol=17 | dir=in | app=c:\program files\shareaza\shareaza.exe |
"UDP Query User{F12445B0-1314-45F0-A68B-D75B25BC1DBC}C:\program files\shareaza\shareaza.exe" = protocol=17 | dir=in | app=c:\program files\shareaza\shareaza.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{0020FEE2-7CDB-4250-B04B-81D68D3CA18B}" =
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin
"{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = TIPCI
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{083E277B-7976-4C5A-894E-C84A0966F14A}" = Adobe Setup
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0C2AF762-0565-4C91-9F55-B8B53BB82A38}" = Microsoft Office Accounting 2008 Equifax Addin
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0E9C4531-58C4-4349-AD2F-A4D999E451EC}" = TOSHIBA Music
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{270940EA-C235-40D9-B2AE-2D450356DF8E}" = Microsoft Office Accounting 2008
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2864C41B-EF2D-4640-95A2-526276524519}" = Borland C++Builder 6
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2CD82D77-8D1E-44FC-9A90-BBA95AC8D6B7}" = Protector Suite QL 5.8
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{38B39865-D988-4945-9A22-6107B8B40953}" = C4200
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{450063AA-643B-417C-8CF5-405BA3F4EF40}" = Autodesk Design Review 2009
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4BC14A37-586A-4AB3-A458-874AAE29337C}" = Adobe Setup
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{50CE21D8-0F44-4f3f-A392-7F9AD3194DEF}" = PS_AIO_Software
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5783F2D7-7001-0409-0002-0060B0CE6BBA}" = AutoCAD 2009 - English
"{5D652EC3-8AC0-41E7-B337-162BC7B01148}" = Retrospect Express HD 2.0
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70272964-C468-4C5F-8246-AA2CABA75941}" = Roxio Easy Media Creator 9 Suite
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8641C1CB-03B3-41d4-8DEC-79826A4B5C0E}" = HP Photosmart All-In-One Software 8.0
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8EB8E60B-315D-44EB-A896-10D88602EE46}" = Adobe Setup
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B391EECE-DFEA-4FC5-9D40-47FA43E2DBE6}" = Microsoft Office Accounting 2008 PayPal Addin
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B668B2B8-70D4-4754-A890-17C1DDDA9418}" = PS_AIO_Software_min
"{B7F95718-2074-41B6-BB0E-C5E1EFC6ADE4}" = BufferZone
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}" = Adobe Flash Player 9 ActiveX
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{CBFAD664-763E-4A7D-BF92-BB0E493F3C66}" = ES
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3DF6916-2472-43D9-8B3C-9F2F0AAB01B5}" = Microsoft Office Accounting 2008 Fixed Asset Manager
"{E65CA2A8-1F2A-4400-AE55-FFD43D3B6980}" = c4200_Help
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{E9363145-9671-11BB-3E2E-C804D976375F}" = Chief Architect X1
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE0C305A-37EE-4499-B4CF-0182E37B20C4}" = PS_AIO_ProductContext
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF268652-B3E8-494F-8343-1FC6DD0FF523}" = Maxtor OneTouch III
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_0b36ff97a89684768f1da4defc9f237" = Adobe Encore CS4 Codecs
"Adobe_5aab5a491a3a52ae624fd639f6aaa95" = Adobe After Effects CS4 Third Party Content
"Adobe_9f42804f89f9a287eff5269cd426478" = Adobe Soundbooth CS4 Codecs
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"AutoCAD 2009 - English" = AutoCAD 2009 - English
"Autodesk Design Review 2009" = Autodesk Design Review 2009
"CadStd" = CadStd
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Desktop Dialer" = Desktop Dialer
"DVD Decrypter" = DVD Decrypter (Remove Only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"F6DC63F2DBAE55EF9988A79DF50F3AF52275237C" = Windows Driver Package - SafeNet, Inc. (SNTNLUSB) USB (03/09/2006 7.3.0.0)
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"InstallShield_{FF268652-B3E8-494F-8343-1FC6DD0FF523}" = Maxtor OneTouch III
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Office Accounting 2008" = Microsoft Office Accounting 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"oggcodecs" = oggcodecs 0.71.0946
"PlanSwift 8_is1" = PlanSwift Professional 8.6
"Shareaza_is1" = Shareaza 2.4.0.0
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Game Console" = TOSHIBA Game Console
"TOSHIBA Media Center Game Console" = TOSHIBA Media Center Game Console
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR archiver
"WT022084" = Bejeweled 2 Deluxe
"WT022085" = Blackhawk Striker 2
"WT022086" = Blasterball 3
"WT022087" = Diner Dash - Flo on the Go
"WT022089" = FATE
"WT022090" = Mah Jong Quest
"WT022091" = Penguins!
"WT022092" = Polar Bowler
"WT022093" = Polar Golfer
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/8/2009 7:43:38 PM | Computer Name = Jerry-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 11/9/2009 10:50:39 AM | Computer Name = Jerry-PC | Source = EventSystem | ID = 4609
Description =

Error - 11/9/2009 10:50:39 AM | Computer Name = Jerry-PC | Source = VSS | ID = 19
Description =

Error - 11/9/2009 10:50:39 AM | Computer Name = Jerry-PC | Source = VSS | ID = 8193
Description =

Error - 11/10/2009 9:43:23 AM | Computer Name = Jerry-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 11/10/2009 9:43:24 AM | Computer Name = Jerry-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 11/10/2009 8:23:24 PM | Computer Name = Jerry-PC | Source = VSS | ID = 8194
Description =

Error - 11/10/2009 8:24:55 PM | Computer Name = Jerry-PC | Source = VSS | ID = 8194
Description =

Error - 11/11/2009 9:15:44 PM | Computer Name = Jerry-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 11/11/2009 9:15:46 PM | Computer Name = Jerry-PC | Source = MsiInstaller | ID = 11606
Description =

[ System Events ]
Error - 10/11/2009 6:51:23 PM | Computer Name = Jerry-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10/11/2009 6:51:23 PM | Computer Name = Jerry-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10/11/2009 6:51:23 PM | Computer Name = Jerry-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10/11/2009 6:51:23 PM | Computer Name = Jerry-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/11/2009 6:51:23 PM | Computer Name = Jerry-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10/11/2009 6:51:23 PM | Computer Name = Jerry-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10/11/2009 6:51:53 PM | Computer Name = Jerry-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10/11/2009 6:51:53 PM | Computer Name = Jerry-PC | Source = DCOM | ID = 10005
Description =

Error - 10/11/2009 6:51:54 PM | Computer Name = Jerry-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10/11/2009 6:53:53 PM | Computer Name = Jerry-PC | Source = HTTP | ID = 15016
Description =


< End of report >
  • 0

Advertisements


#2
chamber

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Hi,

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link HERE

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

  • 0

#3
jllaz

jllaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Hi Chamber, Thanks for answering my post, I downloaded ComboFix and runed as instructed. The following message came up "SPTD is installed and running, need to be disabled". It gave me a Y/N choice I press Y and the computed rebooted in Normal mode. No desktop only the Recycle Bin. Went to Start\All programs and I don't see comboFix on the list, next rebooted in Safe mode, I dont want to rerun ComboFix again until you tell me.

Edited by jllaz, 21 November 2009 - 01:25 PM.

  • 0

#4
chamber

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Hi,

Can you get to your C:\ drive? If so is there a file called C:\ComboFix.txt?

If so post it here.

If not, you can run ComboFix again, when it asks you Y/N then select N.
  • 0

#5
jllaz

jllaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
HI, no txt files found, do you mean Y/N on the disclaimer of warranty screen?

Edited by jllaz, 22 November 2009 - 06:39 PM.

  • 0

#6
chamber

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts

"SPTD is installed and running, need to be disabled". It gave me a Y/N choice


  • 0

#7
jllaz

jllaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Hi, I runned ComboFix and this time it gave this warning "SPTD is installed and running in this machine. ComboFix needs to temporarily dissable SPTD". No Y/N choice, and shots the computer down. Checked for ComboFix.exe on C: Drive and nothing show up. Run ComboFix again with same results. I don't know if this is relevant but, I need to mention that when I login in safe mode a "Fail to connect to a windows service" shows up.
  • 0

#8
jllaz

jllaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Chamber, this is an update to my previous message. I went into RegEdit and disable SPTD. Re-run ComboFix and here is the log.


ComboFix 09-11-20.05 - SYSTEM 11/23/2009 9:28.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.1625 [GMT -7:00]
Running from: c:\users\Jerry\Desktop\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.
ADS - Windows: deleted 0 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2127802891-3448993706-1754940261-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-2604506643-2707541610-3872154351-500
c:\$recycle.bin\S-1-5-21-3930638858-1651499912-3921422695-500
c:\programdata\ntuser.dat{26e3dcf2-fe70-11db-9767-0016d4904cfa}.TMContainer00000000000000000001.regtrans-ms
c:\programdata\ntuser.dat{26e3dd02-fe70-11db-9767-0016d4904cfa}.TMContainer00000000000000000001.regtrans-ms

.
((((((((((((((((((((((((( Files Created from 2009-10-23 to 2009-11-23 )))))))))))))))))))))))))))))))
.

2009-11-23 16:26 . 2009-11-23 16:27 49152 d-----w- C:\32788R22FWJFW
2009-11-20 19:26 . 2009-11-20 19:26 -------- d-----w- c:\windows\System32\config\SYSTEM~1\AppData\Roaming\Shareaza
2009-11-20 19:26 . 2009-11-20 19:26 -------- d-----w- c:\windows\System32\config\SYSTEM~1\AppData\Local\Shareaza
2009-11-17 00:51 . 2009-11-18 17:27 -------- d-----w- c:\windows\System32\config\SYSTEM~1\AppData\Local\Adobe
2009-11-16 18:00 . 2009-11-16 18:00 -------- d-----w- C:\My Documents
2009-11-16 01:50 . 2009-11-16 01:50 -------- d-----w- c:\program files\Trend Micro
2009-11-15 23:14 . 2009-11-15 23:14 -------- d-----w- c:\windows\System32\config\SYSTEM~1\AppData\Roaming\Malwarebytes
2009-11-15 20:06 . 2009-11-15 20:06 -------- d-----w- c:\users\Default\AppData\Roaming\Malwarebytes
2009-11-15 20:04 . 2009-11-23 16:42 8192 d-----w- c:\windows\System32\config\SYSTEM~1\AppData\Local\Temp
2009-11-15 20:02 . 2009-11-15 20:02 4096 d-----w- c:\program files\Malbytes' Anti-Malware
2009-11-15 19:56 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-15 19:56 . 2009-11-15 19:56 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-15 19:56 . 2009-11-15 19:56 -------- d-----w- c:\programdata\Malwarebytes
2009-11-15 19:56 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-15 19:45 . 2009-11-15 19:49 4096 d-----w- c:\program files\ERUNT
2009-11-10 02:33 . 2009-11-12 07:59 -------- d-----w- C:\$AVG
2009-11-10 02:32 . 2009-11-12 08:01 4096 d-----w- c:\programdata\avg9
2009-11-08 19:02 . 2009-11-08 19:02 -------- d-----w- c:\program files\RSA
2009-11-01 22:08 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-11-01 22:08 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-11-01 22:08 . 2009-08-31 13:55 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-11-01 22:08 . 2009-08-31 13:55 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-11-01 22:02 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-11-01 22:02 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-11-01 22:01 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-11-01 18:33 . 2009-11-01 18:33 -------- d-----w- c:\program files\Sophos
2009-11-01 18:11 . 2009-11-01 18:11 -------- d-----w- c:\users\Jerry\AppData\Local\WindowsUpdate
2009-11-01 16:29 . 2009-11-01 16:29 -------- d-----w- c:\program files\EPSON
2009-11-01 16:29 . 2009-11-01 16:29 -------- d-----w- C:\epson
2009-10-30 20:46 . 2009-11-01 16:43 -------- d-----w- c:\program files\VideoLAN
2009-10-30 20:31 . 2009-10-30 20:53 4096 d---a-w- c:\users\Jerry\AppData\Roaming\vlc
2009-10-30 15:53 . 2009-07-31 12:35 5210112 ----a-w- c:\users\Jerry\AppData\Roaming\Microsoft\AddIns\SwiftXL.dll
2009-10-30 15:53 . 2009-07-28 12:15 939008 ----a-w- c:\users\Jerry\AppData\Roaming\Microsoft\AddIns\PSConnector.dll
2009-10-30 15:53 . 2009-10-30 15:57 4096 d-----w- c:\program files\PlanSwift8
2009-10-27 03:55 . 2009-11-01 17:15 12288 d-----w- c:\program files\Shareaza
2009-10-27 03:55 . 2009-10-27 03:55 -------- d-----w- c:\users\Jerry\AppData\Roaming\Shareaza
2009-10-27 03:55 . 2009-10-27 03:55 -------- d-----w- c:\users\Jerry\AppData\Local\Shareaza
2009-10-27 03:37 . 2009-10-27 03:37 -------- d---a-w- c:\users\Jerry\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-23 16:16 . 2009-09-07 03:38 4096 d-----w- c:\program files\BufferZone
2009-11-15 20:56 . 2006-11-02 13:02 1356 ----a-w- c:\windows\System32\config\SYSTEM~1\AppData\Local\d3d9caps.dat
2009-11-12 07:24 . 2009-09-07 03:30 8192 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-12 07:24 . 2009-09-07 03:30 4096 d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-12 07:24 . 2009-09-06 02:18 -------- d-----w- c:\users\Jerry\AppData\Roaming\DAEMON Tools
2009-11-12 07:24 . 2009-09-06 02:07 4096 d-----w- c:\programdata\RetroExp
2009-11-12 05:36 . 2009-09-19 14:48 680 ----a-w- c:\users\Jerry\AppData\Local\d3d9caps.dat
2009-11-09 17:21 . 2009-09-06 15:53 -------- d-----w- c:\programdata\FLEXnet
2009-11-08 22:51 . 2009-09-07 02:37 -------- d-----w- c:\program files\Autodesk
2009-11-08 19:12 . 2009-09-06 01:22 8192 d-----w- c:\program files\Protector Suite QL
2009-11-08 19:00 . 2009-09-06 01:21 -------- d-----w- c:\programdata\UIB
2009-11-07 18:32 . 2009-09-10 19:46 -------- d-----w- c:\program files\AVG
2009-11-06 16:55 . 2009-10-16 13:58 4096 d-----w- c:\users\Jerry\AppData\Roaming\HpUpdate
2009-11-04 05:16 . 2009-09-07 03:38 4096 d-----w- c:\programdata\BufferZone
2009-11-03 03:42 . 2009-10-06 19:58 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-01 22:54 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-01 16:44 . 2009-09-06 02:05 4096 d-----w- c:\users\Jerry\AppData\Roaming\InstallShield
2009-11-01 16:44 . 2009-09-11 14:46 -------- d-----w- c:\program files\Epson Software
2009-11-01 16:44 . 2007-05-09 21:17 12288 d--h--w- c:\program files\InstallShield Installation Information
2009-10-16 14:07 . 2009-10-16 14:04 116841 ----a-w- c:\windows\hpqins00.dat
2009-10-16 14:01 . 2009-10-16 14:01 -------- d-----w- c:\programdata\HP Product Assistant
2009-10-07 01:10 . 2009-10-06 23:28 -------- d-----w- c:\users\Jerry\AppData\Roaming\HP
2009-10-07 01:10 . 2009-10-06 23:07 130375 ----a-w- c:\windows\hpoins13.dat
2009-10-06 23:28 . 2009-10-06 23:28 -------- d-----w- c:\programdata\WEBREG
2009-10-06 23:27 . 2009-10-06 23:20 -------- d-----w- c:\program files\Common Files\HP
2009-10-06 23:26 . 2009-10-06 23:09 4096 d-----w- c:\program files\HP
2009-10-06 23:22 . 2009-10-06 23:07 -------- d-----w- c:\programdata\HP
2009-10-06 23:20 . 2009-10-06 23:20 -------- d-----w- c:\programdata\HPSSUPPLY
2009-10-06 23:19 . 2009-10-06 23:19 -------- d-----w- c:\program files\Hewlett-Packard
2009-10-06 23:19 . 2009-10-06 23:19 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-10-06 23:15 . 2009-10-06 23:15 -------- d-----w- c:\programdata\Hewlett-Packard
2009-09-30 02:27 . 2009-09-07 02:37 4096 d-----w- c:\users\Jerry\AppData\Roaming\Autodesk
2009-09-30 02:27 . 2009-09-07 02:39 4096 d-----w- c:\programdata\Autodesk
2009-09-30 02:17 . 2009-09-30 02:17 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2009-09-28 13:36 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Defender
2009-09-14 09:44 . 2009-11-01 22:07 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-12 16:14 . 2009-09-11 15:33 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-10 19:20 . 2009-09-06 00:40 174232 ----a-w- c:\users\Jerry\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-10 19:19 . 2009-09-06 00:34 174232 ----a-w- c:\windows\System32\config\SYSTEM~1\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-09 03:43 . 2009-09-09 03:43 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.0.70\SetupAdmin.exe
2009-09-06 23:16 . 2009-09-06 23:16 643072 ----a-w- c:\users\Jerry\AppData\Roaming\RipIt4Me\updater\ri4mupdater.exe
2009-09-06 22:18 . 2009-09-06 22:18 65536 ----a-r- c:\users\Jerry\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
2009-09-06 22:18 . 2009-09-06 22:18 10134 ----a-r- c:\users\Jerry\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\ARPPRODUCTICON.exe
2009-09-06 21:07 . 2009-09-06 21:07 262 ----a-w- C:\6fb5219aeb229b3.dat
2009-09-06 07:53 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-09-06 07:43 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-09-06 07:42 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-09-06 07:08 . 2009-09-06 07:33 47560 ----a-w- c:\windows\system32\SPReview.exe
2009-09-06 07:08 . 2009-09-06 07:33 152576 ----a-w- c:\windows\system32\SPWizUI.dll
2009-09-06 06:26 . 2009-09-06 06:26 2048 ----a-w- c:\windows\system32\tzres.dll
2009-09-06 06:23 . 2009-09-06 06:23 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2009-09-06 06:23 . 2009-09-06 06:23 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-09-06 06:23 . 2009-09-06 06:23 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-09-06 06:23 . 2009-09-06 06:23 272896 ----a-w- c:\windows\system32\polstore.dll
2009-09-06 06:20 . 2009-09-06 06:20 94720 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-09-06 06:20 . 2009-09-06 06:20 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-09-06 06:20 . 2009-09-06 06:20 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-09-06 06:13 . 2009-09-06 06:13 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-09-06 06:11 . 2009-09-06 06:11 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-09-06 06:11 . 2009-09-06 06:11 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-09-06 06:11 . 2009-09-06 06:11 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-09-06 06:11 . 2009-09-06 06:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-09-06 06:11 . 2009-09-06 06:11 23552 ----a-w- c:\windows\system32\lpk.dll
2009-09-06 06:11 . 2009-09-06 06:11 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-09-06 06:06 . 2009-09-06 06:06 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-09-06 06:04 . 2009-09-06 06:04 71680 ----a-w- c:\windows\system32\atl.dll
2009-09-06 06:02 . 2009-09-06 06:02 296960 ----a-w- c:\windows\system32\gdi32.dll
2009-09-06 05:59 . 2009-09-06 05:59 212480 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-09-06 05:57 . 2009-09-06 05:57 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2009-09-06 05:57 . 2009-09-06 05:57 38912 ----a-w- c:\windows\system32\xolehlp.dll
2009-09-06 05:55 . 2009-09-06 05:55 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-09-06 05:54 . 2009-09-06 05:54 53248 ----a-w- c:\windows\system32\tsgqec.dll
2009-09-06 05:54 . 2009-09-06 05:54 136192 ----a-w- c:\windows\system32\aaclient.dll
2009-09-06 05:54 . 2009-09-06 05:54 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-09-06 05:53 . 2009-09-06 05:53 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2009-09-06 05:51 . 2009-09-06 05:51 1191936 ----a-w- c:\windows\system32\msxml3.dll
2009-09-06 05:51 . 2009-09-06 05:51 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-09-06 05:43 . 2009-09-06 05:43 636928 ----a-w- c:\windows\system32\localspl.dll
2009-09-06 05:42 . 2009-09-06 05:42 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-09-06 05:42 . 2009-09-06 05:42 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-09-06 05:42 . 2009-09-06 05:42 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-09-06 05:42 . 2009-09-06 05:42 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-09-06 05:42 . 2009-09-06 05:42 31232 ----a-w- c:\windows\system32\msvidc32.dll
2009-09-06 05:42 . 2009-09-06 05:42 12800 ----a-w- c:\windows\system32\msrle32.dll
2009-09-06 05:38 . 2009-09-06 05:38 2927104 ----a-w- c:\windows\explorer.exe
2009-09-06 05:33 . 2009-09-06 05:33 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-09-06 05:33 . 2009-09-06 05:33 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-09-06 05:33 . 2009-09-06 05:33 9728 ----a-w- c:\windows\system32\lsass.exe
2009-09-06 05:33 . 2009-09-06 05:33 72704 ----a-w- c:\windows\system32\secur32.dll
2009-09-06 05:33 . 2009-09-06 05:33 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-09-06 05:33 . 2009-09-06 05:33 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-09-06 05:33 . 2009-09-06 05:33 270848 ----a-w- c:\windows\system32\schannel.dll
2009-09-06 05:28 . 2009-09-06 05:28 4093440 ----a-w- c:\windows\system32\NlsLexicons004c.dll
2009-09-06 05:24 . 2009-09-06 05:24 6656 ----a-w- c:\windows\system32\kbd106n.dll
2009-09-06 05:24 . 2009-09-06 05:24 988216 ----a-w- c:\windows\system32\winload.exe
2009-09-06 05:24 . 2009-09-06 05:24 927288 ----a-w- c:\windows\system32\winresume.exe
2009-09-06 05:24 . 2009-09-06 05:24 40960 ----a-w- c:\windows\system32\srclient.dll
2009-09-06 05:24 . 2009-09-06 05:24 378368 ----a-w- c:\windows\system32\srcore.dll
2009-09-06 05:24 . 2009-09-06 05:24 318464 ----a-w- c:\windows\system32\rstrui.exe
2009-09-06 05:24 . 2009-09-06 05:24 14848 ----a-w- c:\windows\system32\srdelayed.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzBufferZoneOverlay]
@="{37ADBD0B-11EC-4A2C-9F93-5C3ACC7994DF}"
[HKEY_CLASSES_ROOT\CLSID\{37ADBD0B-11EC-4A2C-9F93-5C3ACC7994DF}]
2008-12-23 00:14 1279704 ----a-w- c:\windows\System32\RlShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzConfidentialOverlay]
@="{F594B094-8768-4632-8143-12852EBBD688}"
[HKEY_CLASSES_ROOT\CLSID\{F594B094-8768-4632-8143-12852EBBD688}]
2008-12-23 00:14 1279704 ----a-w- c:\windows\System32\RlShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzForbiddenOverlay]
@="{F1A1DA12-E651-4AD0-A1A0-6214546B2F9D}"
[HKEY_CLASSES_ROOT\CLSID\{F1A1DA12-E651-4AD0-A1A0-6214546B2F9D}]
2008-12-23 00:14 1279704 ----a-w- c:\windows\System32\RlShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzUnknownOverlay]
@="{E4FC4B31-8A4F-45E6-BDAC-28F612371FE3}"
[HKEY_CLASSES_ROOT\CLSID\{E4FC4B31-8A4F-45E6-BDAC-28F612371FE3}]
2008-12-23 00:14 1279704 ----a-w- c:\windows\System32\RlShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-11-14 19:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-11-14 19:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start [url="http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAQQBFAEEAWQAtAFQAMwBMAFUARQ&inst=NwA5AC0AMwA4ADEAMwA4&prod=90&ver=9.0.704""]http://www.avg.com/ww.special-uninstallati...r=9.0.704"[/url] [?]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-11-14 19:07 96008 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Windows^system32^config^systemprofile^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
path=c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
backup=c:\windows\pss\ERUNT AutoBackup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R0 REDLIGHT;REDLIGHT;c:\windows\System32\drivers\redlight.sys [12/22/2008 5:14 PM 350424]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [11/17/2008 2:40 PM 3668480]
S2 BufferZoneSvc;BufferZone Service;c:\program files\BufferZone\ClntSvc.exe [12/22/2008 5:14 PM 797080]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [9/6/2009 8:30 PM 809296]
S2 winmgmt_Untrusted_BZ;Windows Management Instrumentation_Untrusted_BZ;c:\virtual\Untrusted\C_\Windows\system32\svchost.exe -k netsvcs [9/6/2009 12:14 AM 21504]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 4:46 AM 284016]
S3 gusvc_Untrusted_BZ;Google Software Updater_Untrusted_BZ;c:\virtual\Untrusted\c_\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [5/9/2007 3:17 PM 182768]
S4 sptd;sptd;c:\windows\System32\drivers\sptd.sys [9/5/2009 7:18 PM 716272]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-23 09:42
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\714.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10.exe,-101"

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Control]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\EnableFullPage]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Implemented Categories]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\InprocServer32]
"VRegSpecialValueName"=dword:000000aa
@="c:\\Windows\\system32\\Macromed\\Flash\\FlDbg10.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\MiscStatus]
"VRegSpecialValueName"=dword:000000aa
@="0"

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ProgID]
"VRegSpecialValueName"=dword:000000aa
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Programmable]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ToolboxBitmap32]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\TypeLib]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Version]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\VersionIndependentProgID]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Control]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
"VRegSpecialValueName"=dword:000000aa

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
"VRegSpecialValueName"=dword:000000aa
@="Shockwave Flash"

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\ControlSet001\Control\VIDEO\{0263DE3F-BD9E-4FE5-B359-2642F6B09588}\0000]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\ControlSet001\Control\VIDEO\{0263DE3F-BD9E-4FE5-B359-2642F6B09588}\0001]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\ControlSet001\HARDWARE PROFILES\CURRENT]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\CurrentControlSet]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\USER\LocalSystem]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\USER\S-1-5-21-2604506643-2707541610-3872154351-1000\Software\Classes]
@Allowed: (Read) (RestrictedCode)
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(604)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infql2.dll

- - - - - - - > 'Explorer.exe'(1212)
c:\windows\system32\RlShellExt.dll
c:\windows\system32\AM.DLL
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infql2.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2009-11-23 09:45
ComboFix-quarantined-files.txt 2009-11-23 16:45

Pre-Run: 67,917,832,192 bytes free
Post-Run: 68,020,117,504 bytes free

- - End Of File - - 3FD77B68A65EB56FE5E3CE0976435782
  • 0

#9
chamber

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Hi,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::

Folder::

Registry::

Driver::
winmgmt_Untrusted_BZ

NetSvc::
winmgmt_Untrusted_BZ


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Delete the copy of OTL that you have and redownload a fresh copy, run a quick scan with the following custom scan.

netsvcs
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5
%SYSTEMDRIVE%\nvatabus.sys /s /md5
%SYSTEMDRIVE%\viamraid.sys /s /md5
%SYSTEMDRIVE%\nvata.sys /s /md5
%SYSTEMDRIVE%\nvgts.sys /s /md5
%SYSTEMDRIVE%\iastorv.sys /s /md5
%SYSTEMDRIVE%\ViPrt.sys /s /md5

  • 0

#10
jllaz

jllaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Hello again! Thanks for being so helpful. Here are the logs to OTL.Txt, Extras.Txt. and ComboFix.Txt.

OTL logfile created on: 11/23/2009 7:37:36 PM - Run 1
OTL by OldTimer - Version 3.1.8.0 Folder = C:\Users\Jerry\Desktop\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 75.01% Memory free
4.00 Gb Paging File | 3.89 Gb Available in Paging File | 97.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 184.84 Gb Total Space | 63.01 Gb Free Space | 34.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JERRY-PC
Current User Name: Jerry
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/23 19:33:57 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Users\Jerry\Desktop\Desktop\OTL.exe
PRC - [2009/09/05 22:38:15 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/05 22:21:03 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2008/01/18 22:33:40 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe


========== Modules (SafeList) ==========

MOD - [2009/11/23 19:33:57 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Users\Jerry\Desktop\Desktop\OTL.exe
MOD - [2008/01/18 22:26:36 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/09/08 20:09:30 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/06 19:42:27 | 00,085,096 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/09/06 07:49:44 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/05 21:58:14 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009/09/05 21:58:10 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2009/09/05 21:58:05 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009/09/05 21:43:04 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/09/05 20:27:38 | 00,182,768 | ---- | M] (Google) -- C:\Virtual\Untrusted\C_\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc_Untrusted_BZ)
SRV - [2009/09/05 20:27:38 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/22 17:14:26 | 00,797,080 | ---- | M] () -- C:\Program Files\BufferZone\ClntSvc.exe -- (BufferZoneSvc)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/19 18:23:16 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/08/15 04:46:20 | 00,284,016 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/07/18 12:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 12:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/07/07 08:42:02 | 00,809,296 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/03/25 20:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/01/18 22:38:26 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/18 22:33:40 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008/01/18 22:33:10 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2007/05/09 15:16:34 | 01,862,144 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)
SRV - [2007/04/27 20:15:46 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/03/20 14:22:06 | 00,114,344 | ---- | M] ( ) -- C:\Program Files\Maxtor\Utils\SyncServices.exe -- (NTService1)
SRV - [2007/03/15 13:48:26 | 00,535,807 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2007/02/10 04:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2007/02/10 04:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2007/02/10 04:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2007/02/02 14:56:52 | 00,118,784 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/01/25 17:50:26 | 00,063,096 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/01/25 17:47:50 | 00,136,816 | ---- | M] () -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
SRV - [2007/01/22 12:11:50 | 00,108,064 | ---- | M] (EMC Corporation) -- C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe -- (RetroExpLauncher)
SRV - [2006/12/19 23:15:44 | 00,428,152 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2006/11/14 20:33:10 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/11/02 19:40:12 | 00,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/11/02 05:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2006/11/02 05:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/27 07:36:32 | 00,303,104 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2006/10/27 07:35:16 | 00,880,640 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2006/10/27 07:33:00 | 00,159,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2006/10/26 23:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 21:14:42 | 00,057,344 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2006/10/26 21:14:16 | 00,294,912 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2006/10/26 18:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/05 12:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 16:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 18:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2005/10/14 01:50:20 | 00,045,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/07 13:20:07 | 00,000,000 | ---D | M]


O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (CBZurlmon Object) - {311BA51F-64F2-439D-9A4A-772373D77312} - C:\Program Files\BufferZone\BZbho.dll (Trustware)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O4 - HKLM..\RunOnce: [] File not found
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/06 16:12:34 | 00,000,000 | ---D | M] - C:\AutoCad -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 14:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/09/06 00:53:58 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/11/23 19:33:55 | 00,529,920 | ---- | C] (OldTimer Tools) -- C:\Users\Jerry\Desktop\Desktop\OTL.exe
[2009/11/23 19:18:02 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/11/23 19:18:00 | 00,029,582 | ---- | C] () -- \ComboFix.txt
[2009/11/23 18:54:12 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/11/23 18:54:12 | 00,000,000 | ---D | C] -- \32788R22FWJFW
[2009/11/23 09:27:11 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/11/23 09:27:11 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/11/23 09:27:11 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/11/23 09:27:11 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/11/21 11:27:09 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/21 11:27:09 | 00,000,000 | ---D | C] -- \Qoobox
[2009/11/20 13:30:11 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\Downloads
[2009/11/20 13:26:34 | 00,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Documents
[2009/11/16 18:10:03 | 00,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Desktop
[2009/11/16 18:08:11 | 00,000,846 | ---- | C] () -- \mbam-log-2009-11-16 (18-00-42).txt
[2009/11/16 11:00:11 | 00,000,000 | ---D | C] -- C:\My Documents
[2009/11/16 11:00:11 | 00,000,000 | ---D | C] -- \My Documents
[2009/11/15 18:50:25 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/15 16:50:09 | 00,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Favorites
[2009/11/15 13:02:16 | 00,000,000 | ---D | C] -- C:\Program Files\Malbytes' Anti-Malware
[2009/11/15 12:56:32 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/11/15 12:56:31 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/11/15 12:56:31 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/15 12:56:31 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/15 12:50:25 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/11/15 12:45:18 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2006/09/14 10:32:20 | 00,028,672 | R--- | C] ( ) -- C:\Windows\System32\DivXGraphBuilderCallback.dll

========== Files - Modified Within 14 Days ==========

[2009/11/23 19:33:57 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Users\Jerry\Desktop\Desktop\OTL.exe
[2009/11/23 19:22:19 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/23 19:08:17 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/11/23 19:08:13 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/11/23 19:02:22 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/23 19:02:20 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/23 19:01:58 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/21 11:26:44 | 03,570,920 | R--- | M] () -- C:\Users\Jerry\Desktop\Desktop\ComboFix.exe
[2009/11/20 14:37:17 | 00,756,644 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/20 14:37:17 | 00,118,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/20 14:37:17 | 00,000,000 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/20 12:40:12 | 00,262,144 | ---- | M] () -- C:\Windows\system32\config\systemprofile\ntuser.dat
[2009/11/15 13:02:20 | 00,000,809 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\Windows\PEV.exe

========== Files Created - No Company Name ==========

[2009/11/23 19:18:00 | 00,029,582 | ---- | C] () -- \ComboFix.txt
[2009/11/23 09:27:11 | 00,260,608 | ---- | C] () -- C:\Windows\PEV.exe
[2009/11/23 09:27:11 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/11/23 09:27:11 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/11/23 09:27:11 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009/11/23 09:27:11 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/11/21 11:26:41 | 03,570,920 | R--- | C] () -- C:\Users\Jerry\Desktop\Desktop\ComboFix.exe
[2009/11/16 18:08:11 | 00,000,846 | ---- | C] () -- \mbam-log-2009-11-16 (18-00-42).txt
[2009/11/15 12:56:35 | 00,000,809 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/06 16:07:49 | 00,002,212 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/09/11 08:33:36 | 00,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009/09/11 07:25:21 | 00,000,025 | ---- | C] () -- C:\Windows\EP_SPR380.ini
[2009/09/10 12:21:57 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/09/06 18:56:12 | 00,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/09/06 18:56:12 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/09/06 16:09:33 | 00,899,414 | ---- | C] () -- \SetupDVDDecrypter_3.5.4.0.exe
[2009/09/06 14:07:01 | 00,000,262 | ---- | C] () -- \6fb5219aeb229b3.dat
[2009/09/06 00:16:33 | 00,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll
[2009/09/06 00:14:46 | 00,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini
[2009/09/05 17:44:32 | 24,509,19424 | -HS- | C] () --
[2009/03/05 06:54:58 | 00,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2008/12/22 17:14:50 | 01,279,704 | ---- | C] () -- C:\Windows\System32\RlShellExt.dll
[2008/12/22 17:14:36 | 00,428,832 | ---- | C] () -- C:\Windows\System32\Ole2Plgin.dll
[2008/12/22 17:14:14 | 00,179,928 | ---- | C] () -- C:\Windows\System32\AM.dll
[2008/02/11 18:55:18 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007/05/09 18:25:14 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/05/09 15:24:17 | 00,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/05/09 15:06:33 | 00,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{26e3dd02-fe70-11db-9767-0016d4904cfa}.TMContainer00000000000000000002.regtrans-ms
[2007/05/09 15:06:33 | 00,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{26e3dd02-fe70-11db-9767-0016d4904cfa}.TM.blf
[2007/05/09 15:06:32 | 00,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{26e3dcf2-fe70-11db-9767-0016d4904cfa}.TMContainer00000000000000000002.regtrans-ms
[2007/05/09 15:06:32 | 00,262,144 | ---- | C] () -- C:\ProgramData\ntuser.dat
[2007/05/09 15:06:32 | 00,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{26e3dcf2-fe70-11db-9767-0016d4904cfa}.TM.blf
[2007/05/09 15:06:32 | 00,005,120 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG1
[2007/05/09 15:06:32 | 00,000,000 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG2
[2007/05/09 14:58:17 | 00,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/05/09 14:58:17 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/05/09 14:58:17 | 00,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/05/09 14:58:16 | 00,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/05/09 14:58:16 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/05/09 14:58:16 | 00,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/05/09 14:44:27 | 00,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2007/05/09 14:44:26 | 00,333,203 | RHS- | C] () -- \bootmgr
[2007/05/09 14:30:52 | 00,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/05/09 14:30:51 | 00,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/05/09 14:30:51 | 00,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/05/09 14:30:51 | 00,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/03/06 12:49:42 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2006/12/05 13:05:06 | 00,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/24 07:48:44 | 00,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2006/11/10 08:17:52 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 05:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 05:37:35 | 00,030,808 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 05:37:35 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 05:37:35 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 05:37:35 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 05:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 00,756,644 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI
[2006/11/02 03:24:31 | 00,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
[2006/11/02 03:23:31 | 00,000,254 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 03:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 03:23:09 | 00,000,024 | ---- | C] () -- \autoexec.bat
[2006/11/02 00:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:09:45 | 00,027,097 | ---- | C] () -- C:\Windows\System32\country.sys
[2006/11/02 00:09:44 | 00,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 00:09:44 | 00,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS
[2006/11/02 00:09:42 | 00,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS
[2006/11/02 00:09:41 | 00,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 00:09:40 | 00,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 00:09:38 | 00,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 00:09:35 | 00,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 00:09:31 | 00,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 00:09:29 | 00,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 00:09:26 | 00,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 00:09:24 | 00,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 00:09:23 | 00,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 00:09:22 | 00,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS
[2006/11/02 00:09:20 | 00,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS
[2006/11/01 23:25:08 | 00,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll
[2006/11/01 23:25:08 | 00,000,010 | ---- | C] () -- \config.sys
[2006/10/26 22:02:40 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/10/26 22:02:40 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2005/11/23 14:55:42 | 00,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005/07/22 21:30:20 | 00,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2005/07/15 11:35:56 | 00,831,488 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2005/07/15 11:35:56 | 00,159,744 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2005/07/15 11:35:24 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[1999/01/20 05:01:00 | 00,210,032 | ---- | C] () -- C:\Windows\System32\dbclient.dll
[1996/12/06 13:15:20 | 00,131,584 | ---- | C] () -- C:\Windows\System32\wsiwin32.dll
[1996/12/06 13:14:24 | 00,375,296 | ---- | C] () -- C:\Windows\System32\wsihk32.dll
[1996/02/01 17:25:42 | 00,943,616 | ---- | C] () -- C:\Windows\System32\dfolder.dll

========== LOP Check ==========

[2009/11/23 19:01:58 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/11/20 11:59:04 | 00,021,754 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/04/06 14:59:28 | 00,899,414 | ---- | M] () -- C:\SetupDVDDecrypter_3.5.4.0.exe

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2008/01/18 22:36:20 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/04/10 23:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
[2008/01/18 22:36:20 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2006/11/02 02:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2008/01/18 22:36:20 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2008/01/18 22:35:38 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/04/10 23:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/18 22:35:38 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2006/11/02 02:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008/01/18 22:35:38 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
[2006/11/02 02:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 02:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 02:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
[2006/11/02 02:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/18 22:42:10 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2006/11/02 02:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/18 22:42:10 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2008/01/18 22:41:32 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/10 23:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/18 22:41:32 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2009/09/05 22:39:28 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2006/11/02 02:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/01/18 22:41:32 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2009/09/05 22:39:28 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2009/09/05 22:39:28 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
[2008/01/18 22:41:32 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2006/11/02 02:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys
[2006/11/02 02:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 02:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
[2008/01/18 22:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/18 22:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/18 22:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >

< %SYSTEMDRIVE%\viamraid.sys /s /md5 >

< %SYSTEMDRIVE%\nvata.sys /s /md5 >

< %SYSTEMDRIVE%\nvgts.sys /s /md5 >

< %SYSTEMDRIVE%\iastorv.sys /s /md5 >
[2006/11/02 02:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 02:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
[2008/01/18 22:42:52 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/18 22:42:52 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

< %SYSTEMDRIVE%\ViPrt.sys /s /md5 >

< >
< End of report >


OTL Extras logfile created on: 11/23/2009 7:37:36 PM - Run 1
OTL by OldTimer - Version 3.1.8.0 Folder = C:\Users\Jerry\Desktop\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 75.01% Memory free
4.00 Gb Paging File | 3.89 Gb Available in Paging File | 97.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 184.84 Gb Total Space | 63.01 Gb Free Space | 34.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JERRY-PC
Current User Name: Jerry
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14EAB9B5-FB6A-4548-B695-C627DE12C96C}" = lport=138 | protocol=17 | dir=in | app=system |
"{1B40DB75-AF9F-4364-B8D3-20417BFAA066}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{3AAAF024-52E4-4AE3-93C7-95FC1CE47E6C}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{61742E8A-67CE-4431-8201-726DC9B77775}" = lport=445 | protocol=6 | dir=in | app=system |
"{7679F991-1BEF-4EB4-A556-32386E04FE16}" = lport=137 | protocol=17 | dir=in | app=system |
"{79AD8B9E-9F91-4F8E-B300-D8DA8D6C9A71}" = rport=139 | protocol=6 | dir=out | app=system |
"{83E48856-E8BC-4303-BCA1-4C5EB2374557}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{94116FE4-0E83-484F-A94F-CA95EB24F130}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{9484C26A-70EC-48CA-B49B-8F1A30923293}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{A646BC33-FE3F-4A54-ABD3-04EF2260FAAE}" = rport=137 | protocol=17 | dir=out | app=system |
"{AABBC62A-E82D-4403-85C5-F2D735357B70}" = rport=445 | protocol=6 | dir=out | app=system |
"{C9A3A920-B34E-4860-8DAB-3C3D12A2E621}" = lport=139 | protocol=6 | dir=in | app=system |
"{D1164418-8D15-4FFF-B139-F82C4F5DA576}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D8818646-7D58-4FCA-AA60-D541FA5D6E6E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{EB3B3E01-67B3-41CC-B9FB-0A21F7AEFDE2}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{021F28A9-B396-4C8F-89FA-03803D226211}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{1173C128-AB98-48EC-9508-C52AB8E23BFF}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{17DF74FD-E2CA-4314-8F5C-2458EC86E94F}" = protocol=58 | dir=in | [email protected],-28545 |
"{180C4FED-AF87-4D05-90D1-B3B497FD7A72}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{4618B584-2DFE-40B9-8679-7E1E65AE5258}" = protocol=1 | dir=out | [email protected],-28544 |
"{5F906EB0-3522-43FC-97CD-8D1C0DF4CFC0}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{681383E0-BD8A-4B13-92AE-A5A4A6BE08CD}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{8A753F48-40F6-4F21-B3F9-2CD7704750E0}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{9D798FD3-5BBD-4225-9707-A8342289A9F0}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{B3EE6C4C-E413-43A4-890E-7E2AAD7D70C9}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D70B787A-A6F3-4341-A650-D5991A4EC9B4}" = protocol=58 | dir=out | [email protected],-28546 |
"{DFFBF264-CAA5-4995-B6C0-0478C354E2E3}" = protocol=1 | dir=in | [email protected],-28543 |
"TCP Query User{2A0AD772-6A9F-4C38-BB40-F8F533D34C2E}C:\program files\shareaza\shareaza.exe" = protocol=6 | dir=in | app=c:\program files\shareaza\shareaza.exe |
"TCP Query User{CDA49ED1-0907-4E38-9FD0-2A16224B7997}C:\program files\shareaza\shareaza.exe" = protocol=6 | dir=in | app=c:\program files\shareaza\shareaza.exe |
"UDP Query User{BDA39EEE-7BF6-4F41-AA8C-9F7C955C8C23}C:\program files\shareaza\shareaza.exe" = protocol=17 | dir=in | app=c:\program files\shareaza\shareaza.exe |
"UDP Query User{F12445B0-1314-45F0-A68B-D75B25BC1DBC}C:\program files\shareaza\shareaza.exe" = protocol=17 | dir=in | app=c:\program files\shareaza\shareaza.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{0020FEE2-7CDB-4250-B04B-81D68D3CA18B}" =
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin
"{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = TIPCI
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{083E277B-7976-4C5A-894E-C84A0966F14A}" = Adobe Setup
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0C2AF762-0565-4C91-9F55-B8B53BB82A38}" = Microsoft Office Accounting 2008 Equifax Addin
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0E9C4531-58C4-4349-AD2F-A4D999E451EC}" = TOSHIBA Music
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{270940EA-C235-40D9-B2AE-2D450356DF8E}" = Microsoft Office Accounting 2008
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2864C41B-EF2D-4640-95A2-526276524519}" = Borland C++Builder 6
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2CD82D77-8D1E-44FC-9A90-BBA95AC8D6B7}" = Protector Suite QL 5.8
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{38B39865-D988-4945-9A22-6107B8B40953}" = C4200
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{450063AA-643B-417C-8CF5-405BA3F4EF40}" = Autodesk Design Review 2009
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4BC14A37-586A-4AB3-A458-874AAE29337C}" = Adobe Setup
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{50CE21D8-0F44-4f3f-A392-7F9AD3194DEF}" = PS_AIO_Software
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5783F2D7-7001-0409-0002-0060B0CE6BBA}" = AutoCAD 2009 - English
"{5D652EC3-8AC0-41E7-B337-162BC7B01148}" = Retrospect Express HD 2.0
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70272964-C468-4C5F-8246-AA2CABA75941}" = Roxio Easy Media Creator 9 Suite
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8641C1CB-03B3-41d4-8DEC-79826A4B5C0E}" = HP Photosmart All-In-One Software 8.0
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8EB8E60B-315D-44EB-A896-10D88602EE46}" = Adobe Setup
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B391EECE-DFEA-4FC5-9D40-47FA43E2DBE6}" = Microsoft Office Accounting 2008 PayPal Addin
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B668B2B8-70D4-4754-A890-17C1DDDA9418}" = PS_AIO_Software_min
"{B7F95718-2074-41B6-BB0E-C5E1EFC6ADE4}" = BufferZone
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}" = Adobe Flash Player 9 ActiveX
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{CBFAD664-763E-4A7D-BF92-BB0E493F3C66}" = ES
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3DF6916-2472-43D9-8B3C-9F2F0AAB01B5}" = Microsoft Office Accounting 2008 Fixed Asset Manager
"{E65CA2A8-1F2A-4400-AE55-FFD43D3B6980}" = c4200_Help
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{E9363145-9671-11BB-3E2E-C804D976375F}" = Chief Architect X1
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE0C305A-37EE-4499-B4CF-0182E37B20C4}" = PS_AIO_ProductContext
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF268652-B3E8-494F-8343-1FC6DD0FF523}" = Maxtor OneTouch III
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_0b36ff97a89684768f1da4defc9f237" = Adobe Encore CS4 Codecs
"Adobe_5aab5a491a3a52ae624fd639f6aaa95" = Adobe After Effects CS4 Third Party Content
"Adobe_9f42804f89f9a287eff5269cd426478" = Adobe Soundbooth CS4 Codecs
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"AutoCAD 2009 - English" = AutoCAD 2009 - English
"Autodesk Design Review 2009" = Autodesk Design Review 2009
"CadStd" = CadStd
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Desktop Dialer" = Desktop Dialer
"DVD Decrypter" = DVD Decrypter (Remove Only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"F6DC63F2DBAE55EF9988A79DF50F3AF52275237C" = Windows Driver Package - SafeNet, Inc. (SNTNLUSB) USB (03/09/2006 7.3.0.0)
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"InstallShield_{FF268652-B3E8-494F-8343-1FC6DD0FF523}" = Maxtor OneTouch III
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Office Accounting 2008" = Microsoft Office Accounting 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"oggcodecs" = oggcodecs 0.71.0946
"PlanSwift 8_is1" = PlanSwift Professional 8.6
"Shareaza_is1" = Shareaza 2.4.0.0
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Game Console" = TOSHIBA Game Console
"TOSHIBA Media Center Game Console" = TOSHIBA Media Center Game Console
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR archiver
"WT022084" = Bejeweled 2 Deluxe
"WT022085" = Blackhawk Striker 2
"WT022086" = Blasterball 3
"WT022087" = Diner Dash - Flo on the Go
"WT022089" = FATE
"WT022090" = Mah Jong Quest
"WT022091" = Penguins!
"WT022092" = Polar Bowler
"WT022093" = Polar Golfer
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/15/2009 7:13:56 PM | Computer Name = Jerry-PC | Source = EventSystem | ID = 4609
Description =

Error - 11/15/2009 7:50:12 PM | Computer Name = Jerry-PC | Source = EventSystem | ID = 4609
Description =

Error - 11/15/2009 9:38:44 PM | Computer Name = Jerry-PC | Source = EventSystem | ID = 4609
Description =

Error - 11/15/2009 9:43:29 PM | Computer Name = Jerry-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp
0x4907e242, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x06c4b7a2, process id 0x648, application start time
0x01ca665d82650391.

Error - 11/15/2009 9:43:41 PM | Computer Name = Jerry-PC | Source = EventSystem | ID = 4609
Description =

Error - 11/16/2009 1:52:34 PM | Computer Name = Jerry-PC | Source = Autodesk SC | ID = 101
Description =

Error - 11/16/2009 1:52:34 PM | Computer Name = Jerry-PC | Source = Application Error | ID = 1000
Description = Faulting application acad.exe, version 23.2.56.0, time stamp 0x47ae9f2d,
faulting module adlmdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6, exception
code 0xc0000142, fault offset 0x00009cac, process id 0xa3c, application start time
0x01ca66e593464f13.

Error - 11/16/2009 4:02:55 PM | Computer Name = Jerry-PC | Source = EventSystem | ID = 4609
Description =

Error - 11/16/2009 4:04:46 PM | Computer Name = Jerry-PC | Source = EventSystem | ID = 4609
Description =

Error - 11/16/2009 4:09:27 PM | Computer Name = Jerry-PC | Source = System Restore | ID = 8193
Description =

[ System Events ]
Error - 10/11/2009 6:51:23 PM | Computer Name = Jerry-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10/11/2009 6:51:23 PM | Computer Name = Jerry-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10/11/2009 6:51:23 PM | Computer Name = Jerry-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10/11/2009 6:51:23 PM | Computer Name = Jerry-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/11/2009 6:51:23 PM | Computer Name = Jerry-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10/11/2009 6:51:23 PM | Computer Name = Jerry-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10/11/2009 6:51:53 PM | Computer Name = Jerry-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10/11/2009 6:51:53 PM | Computer Name = Jerry-PC | Source = DCOM | ID = 10005
Description =

Error - 10/11/2009 6:51:54 PM | Computer Name = Jerry-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 10/11/2009 6:53:53 PM | Computer Name = Jerry-PC | Source = HTTP | ID = 15016
Description =


< End of report >





ComboFix 09-11-20.05 - SYSTEM 11/23/2009 18:55.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.1291 [GMT -7:00]
Running from: c:\users\Jerry\Desktop\Desktop\ComboFix.exe
Command switches used :: c:\users\Jerry\Desktop\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_winmgmt_Untrusted_BZ


((((((((((((((((((((((((( Files Created from 2009-10-24 to 2009-11-24 )))))))))))))))))))))))))))))))
.

2009-11-24 02:00 . 2009-11-24 02:00 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-24 02:00 . 2009-11-24 02:00 -------- d-----w- c:\users\Jerry\AppData\Local\temp
2009-11-24 02:00 . 2009-11-24 02:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-24 01:54 . 2009-11-24 01:54 -------- d-----w- C:\32788R22FWJFW
2009-11-16 18:00 . 2009-11-16 18:00 -------- d-----w- C:\My Documents
2009-11-16 01:50 . 2009-11-16 01:50 -------- d-----w- c:\program files\Trend Micro
2009-11-15 20:06 . 2009-11-15 20:06 -------- d-----w- c:\users\Default\AppData\Roaming\Malwarebytes
2009-11-15 20:02 . 2009-11-15 20:02 -------- d-----w- c:\program files\Malbytes' Anti-Malware
2009-11-15 19:56 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-15 19:56 . 2009-11-15 19:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-15 19:56 . 2009-11-15 19:56 -------- d-----w- c:\programdata\Malwarebytes
2009-11-15 19:56 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-15 19:45 . 2009-11-15 19:49 -------- d-----w- c:\program files\ERUNT
2009-11-10 02:33 . 2009-11-12 07:59 -------- d-----w- C:\$AVG
2009-11-10 02:32 . 2009-11-12 08:01 -------- d-----w- c:\programdata\avg9
2009-11-08 19:02 . 2009-11-08 19:02 -------- d-----w- c:\program files\RSA
2009-11-01 22:08 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-11-01 22:08 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-11-01 22:08 . 2009-08-31 13:55 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-11-01 22:08 . 2009-08-31 13:55 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-11-01 22:02 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-11-01 22:02 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-11-01 22:01 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-11-01 18:33 . 2009-11-01 18:33 -------- d-----w- c:\program files\Sophos
2009-11-01 18:11 . 2009-11-01 18:11 -------- d-----w- c:\users\Jerry\AppData\Local\WindowsUpdate
2009-11-01 16:29 . 2009-11-01 16:29 -------- d-----w- c:\program files\EPSON
2009-11-01 16:29 . 2009-11-01 16:29 -------- d-----w- C:\epson
2009-10-30 20:46 . 2009-11-01 16:43 -------- d-----w- c:\program files\VideoLAN
2009-10-30 20:31 . 2009-10-30 20:53 -------- d---a-w- c:\users\Jerry\AppData\Roaming\vlc
2009-10-30 15:53 . 2009-07-31 12:35 5210112 ----a-w- c:\users\Jerry\AppData\Roaming\Microsoft\AddIns\SwiftXL.dll
2009-10-30 15:53 . 2009-07-28 12:15 939008 ----a-w- c:\users\Jerry\AppData\Roaming\Microsoft\AddIns\PSConnector.dll
2009-10-30 15:53 . 2009-10-30 15:57 -------- d-----w- c:\program files\PlanSwift8
2009-10-27 03:55 . 2009-11-01 17:15 -------- d-----w- c:\program files\Shareaza
2009-10-27 03:55 . 2009-10-27 03:55 -------- d-----w- c:\users\Jerry\AppData\Roaming\Shareaza
2009-10-27 03:55 . 2009-10-27 03:55 -------- d-----w- c:\users\Jerry\AppData\Local\Shareaza
2009-10-27 03:37 . 2009-10-27 03:37 -------- d---a-w- c:\users\Jerry\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-24 02:01 . 2009-09-07 03:38 4096 d-----w- c:\program files\BufferZone
2009-11-12 07:24 . 2009-09-07 03:30 8192 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-12 07:24 . 2009-09-07 03:30 4096 d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-12 07:24 . 2009-09-06 02:18 -------- d-----w- c:\users\Jerry\AppData\Roaming\DAEMON Tools
2009-11-12 07:24 . 2009-09-06 02:07 4096 d-----w- c:\programdata\RetroExp
2009-11-12 05:36 . 2009-09-19 14:48 680 ----a-w- c:\users\Jerry\AppData\Local\d3d9caps.dat
2009-11-09 17:21 . 2009-09-06 15:53 -------- d-----w- c:\programdata\FLEXnet
2009-11-08 22:51 . 2009-09-07 02:37 -------- d-----w- c:\program files\Autodesk
2009-11-08 19:12 . 2009-09-06 01:22 8192 d-----w- c:\program files\Protector Suite QL
2009-11-08 19:00 . 2009-09-06 01:21 -------- d-----w- c:\programdata\UIB
2009-11-07 18:32 . 2009-09-10 19:46 -------- d-----w- c:\program files\AVG
2009-11-06 16:55 . 2009-10-16 13:58 4096 d-----w- c:\users\Jerry\AppData\Roaming\HpUpdate
2009-11-04 05:16 . 2009-09-07 03:38 4096 d-----w- c:\programdata\BufferZone
2009-11-03 03:42 . 2009-10-06 19:58 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-01 22:54 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-01 16:44 . 2009-09-06 02:05 4096 d-----w- c:\users\Jerry\AppData\Roaming\InstallShield
2009-11-01 16:44 . 2009-09-11 14:46 -------- d-----w- c:\program files\Epson Software
2009-11-01 16:44 . 2007-05-09 21:17 12288 d--h--w- c:\program files\InstallShield Installation Information
2009-10-16 14:07 . 2009-10-16 14:04 116841 ----a-w- c:\windows\hpqins00.dat
2009-10-16 14:01 . 2009-10-16 14:01 -------- d-----w- c:\programdata\HP Product Assistant
2009-10-07 01:10 . 2009-10-06 23:28 -------- d-----w- c:\users\Jerry\AppData\Roaming\HP
2009-10-07 01:10 . 2009-10-06 23:07 130375 ----a-w- c:\windows\hpoins13.dat
2009-10-06 23:28 . 2009-10-06 23:28 -------- d-----w- c:\programdata\WEBREG
2009-10-06 23:27 . 2009-10-06 23:20 -------- d-----w- c:\program files\Common Files\HP
2009-10-06 23:26 . 2009-10-06 23:09 4096 d-----w- c:\program files\HP
2009-10-06 23:22 . 2009-10-06 23:07 -------- d-----w- c:\programdata\HP
2009-10-06 23:20 . 2009-10-06 23:20 -------- d-----w- c:\programdata\HPSSUPPLY
2009-10-06 23:19 . 2009-10-06 23:19 -------- d-----w- c:\program files\Hewlett-Packard
2009-10-06 23:19 . 2009-10-06 23:19 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-10-06 23:15 . 2009-10-06 23:15 -------- d-----w- c:\programdata\Hewlett-Packard
2009-09-30 02:27 . 2009-09-07 02:37 4096 d-----w- c:\users\Jerry\AppData\Roaming\Autodesk
2009-09-30 02:27 . 2009-09-07 02:39 4096 d-----w- c:\programdata\Autodesk
2009-09-30 02:17 . 2009-09-30 02:17 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2009-09-28 13:36 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Defender
2009-09-14 09:44 . 2009-11-01 22:07 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-12 16:14 . 2009-09-11 15:33 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-10 19:20 . 2009-09-06 00:40 174232 ----a-w- c:\users\Jerry\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-09 03:43 . 2009-09-09 03:43 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.0.70\SetupAdmin.exe
2009-09-06 23:16 . 2009-09-06 23:16 643072 ----a-w- c:\users\Jerry\AppData\Roaming\RipIt4Me\updater\ri4mupdater.exe
2009-09-06 22:18 . 2009-09-06 22:18 65536 ----a-r- c:\users\Jerry\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
2009-09-06 22:18 . 2009-09-06 22:18 10134 ----a-r- c:\users\Jerry\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\ARPPRODUCTICON.exe
2009-09-06 21:07 . 2009-09-06 21:07 262 ----a-w- C:\6fb5219aeb229b3.dat
2009-09-06 07:53 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-09-06 07:43 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-09-06 07:42 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-09-06 07:08 . 2009-09-06 07:33 47560 ----a-w- c:\windows\system32\SPReview.exe
2009-09-06 07:08 . 2009-09-06 07:33 152576 ----a-w- c:\windows\system32\SPWizUI.dll
2009-09-06 06:26 . 2009-09-06 06:26 2048 ----a-w- c:\windows\system32\tzres.dll
2009-09-06 06:23 . 2009-09-06 06:23 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2009-09-06 06:23 . 2009-09-06 06:23 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-09-06 06:23 . 2009-09-06 06:23 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-09-06 06:23 . 2009-09-06 06:23 272896 ----a-w- c:\windows\system32\polstore.dll
2009-09-06 06:20 . 2009-09-06 06:20 94720 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-09-06 06:20 . 2009-09-06 06:20 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-09-06 06:20 . 2009-09-06 06:20 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-09-06 06:13 . 2009-09-06 06:13 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-09-06 06:11 . 2009-09-06 06:11 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-09-06 06:11 . 2009-09-06 06:11 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-09-06 06:11 . 2009-09-06 06:11 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-09-06 06:11 . 2009-09-06 06:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-09-06 06:11 . 2009-09-06 06:11 23552 ----a-w- c:\windows\system32\lpk.dll
2009-09-06 06:11 . 2009-09-06 06:11 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-09-06 06:06 . 2009-09-06 06:06 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-09-06 06:04 . 2009-09-06 06:04 71680 ----a-w- c:\windows\system32\atl.dll
2009-09-06 06:02 . 2009-09-06 06:02 296960 ----a-w- c:\windows\system32\gdi32.dll
2009-09-06 05:59 . 2009-09-06 05:59 212480 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-09-06 05:57 . 2009-09-06 05:57 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2009-09-06 05:57 . 2009-09-06 05:57 38912 ----a-w- c:\windows\system32\xolehlp.dll
2009-09-06 05:55 . 2009-09-06 05:55 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-09-06 05:54 . 2009-09-06 05:54 53248 ----a-w- c:\windows\system32\tsgqec.dll
2009-09-06 05:54 . 2009-09-06 05:54 136192 ----a-w- c:\windows\system32\aaclient.dll
2009-09-06 05:54 . 2009-09-06 05:54 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-09-06 05:53 . 2009-09-06 05:53 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2009-09-06 05:51 . 2009-09-06 05:51 1191936 ----a-w- c:\windows\system32\msxml3.dll
2009-09-06 05:51 . 2009-09-06 05:51 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-09-06 05:43 . 2009-09-06 05:43 636928 ----a-w- c:\windows\system32\localspl.dll
2009-09-06 05:42 . 2009-09-06 05:42 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-09-06 05:42 . 2009-09-06 05:42 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-09-06 05:42 . 2009-09-06 05:42 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-09-06 05:42 . 2009-09-06 05:42 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-09-06 05:42 . 2009-09-06 05:42 31232 ----a-w- c:\windows\system32\msvidc32.dll
2009-09-06 05:42 . 2009-09-06 05:42 12800 ----a-w- c:\windows\system32\msrle32.dll
2009-09-06 05:38 . 2009-09-06 05:38 2927104 ----a-w- c:\windows\explorer.exe
2009-09-06 05:33 . 2009-09-06 05:33 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-09-06 05:33 . 2009-09-06 05:33 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-09-06 05:33 . 2009-09-06 05:33 9728 ----a-w- c:\windows\system32\lsass.exe
2009-09-06 05:33 . 2009-09-06 05:33 72704 ----a-w- c:\windows\system32\secur32.dll
2009-09-06 05:33 . 2009-09-06 05:33 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-09-06 05:33 . 2009-09-06 05:33 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-09-06 05:33 . 2009-09-06 05:33 270848 ----a-w- c:\windows\system32\schannel.dll
2009-09-06 05:28 . 2009-09-06 05:28 4093440 ----a-w- c:\windows\system32\NlsLexicons004c.dll
2009-09-06 05:24 . 2009-09-06 05:24 6656 ----a-w- c:\windows\system32\kbd106n.dll
2009-09-06 05:24 . 2009-09-06 05:24 988216 ----a-w- c:\windows\system32\winload.exe
2009-09-06 05:24 . 2009-09-06 05:24 927288 ----a-w- c:\windows\system32\winresume.exe
2009-09-06 05:24 . 2009-09-06 05:24 40960 ----a-w- c:\windows\system32\srclient.dll
2009-09-06 05:24 . 2009-09-06 05:24 378368 ----a-w- c:\windows\system32\srcore.dll
2009-09-06 05:24 . 2009-09-06 05:24 318464 ----a-w- c:\windows\system32\rstrui.exe
2009-09-06 05:24 . 2009-09-06 05:24 14848 ----a-w- c:\windows\system32\srdelayed.exe
2009-09-06 05:24 . 2009-09-06 05:24 46592 ----a-w- c:\windows\system32\setbcdlocale.dll
2009-09-06 05:24 . 2009-09-06 05:24 19000 ----a-w- c:\windows\system32\kd1394.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzBufferZoneOverlay]
@="{37ADBD0B-11EC-4A2C-9F93-5C3ACC7994DF}"
[HKEY_CLASSES_ROOT\CLSID\{37ADBD0B-11EC-4A2C-9F93-5C3ACC7994DF}]
2008-12-23 00:14 1279704 ----a-w- c:\windows\System32\RlShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzConfidentialOverlay]
@="{F594B094-8768-4632-8143-12852EBBD688}"
[HKEY_CLASSES_ROOT\CLSID\{F594B094-8768-4632-8143-12852EBBD688}]
2008-12-23 00:14 1279704 ----a-w- c:\windows\System32\RlShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzForbiddenOverlay]
@="{F1A1DA12-E651-4AD0-A1A0-6214546B2F9D}"
[HKEY_CLASSES_ROOT\CLSID\{F1A1DA12-E651-4AD0-A1A0-6214546B2F9D}]
2008-12-23 00:14 1279704 ----a-w- c:\windows\System32\RlShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzUnknownOverlay]
@="{E4FC4B31-8A4F-45E6-BDAC-28F612371FE3}"
[HKEY_CLASSES_ROOT\CLSID\{E4FC4B31-8A4F-45E6-BDAC-28F612371FE3}]
2008-12-23 00:14 1279704 ----a-w- c:\windows\System32\RlShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-11-14 19:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-11-14 19:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start [url="http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAQQBFAEEAWQAtAFQAMwBMAFUARQ&inst=NwA5AC0AMwA4ADEAMwA4&prod=90&ver=9.0.704""]http://www.avg.com/ww.special-uninstallati...r=9.0.704"[/url] [?]
"GrpConv"="grpconv -o" [X]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-11-14 19:07 96008 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Windows^system32^config^systemprofile^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
path=c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
backup=c:\windows\pss\ERUNT AutoBackup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R0 REDLIGHT;REDLIGHT;c:\windows\System32\drivers\redlight.sys [12/22/2008 5:14 PM 350424]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [11/17/2008 2:40 PM 3668480]
S2 BufferZoneSvc;BufferZone Service;c:\program files\BufferZone\ClntSvc.exe [12/22/2008 5:14 PM 797080]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [9/6/2009 8:30 PM 809296]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 4:46 AM 284016]
S3 gusvc_Untrusted_BZ;Google Software Updater_Untrusted_BZ;c:\virtual\Untrusted\c_\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [5/9/2007 3:17 PM 182768]
S4 sptd;sptd;c:\windows\System32\drivers\sptd.sys [9/5/2009 7:18 PM 716272]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-23 19:09
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\714.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10.exe,-101"

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Control]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\EnableFullPage]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Implemented Categories]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\InprocServer32]
"VRegSpecialValueName"=dword:000000aa
@="c:\\Windows\\system32\\Macromed\\Flash\\FlDbg10.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\MiscStatus]
"VRegSpecialValueName"=dword:000000aa
@="0"

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ProgID]
"VRegSpecialValueName"=dword:000000aa
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Programmable]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ToolboxBitmap32]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\TypeLib]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Version]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\VersionIndependentProgID]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Control]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
"VRegSpecialValueName"=dword:00000000

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
"VRegSpecialValueName"=dword:000000aa

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
"VRegSpecialValueName"=dword:000000aa
@="Shockwave Flash"

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\ControlSet001\Control\VIDEO\{0263DE3F-BD9E-4FE5-B359-2642F6B09588}\0000]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\ControlSet001\Control\VIDEO\{0263DE3F-BD9E-4FE5-B359-2642F6B09588}\0001]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\ControlSet001\HARDWARE PROFILES\CURRENT]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\CurrentControlSet]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\USER\LocalSystem]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\USER\S-1-5-21-2604506643-2707541610-3872154351-1000\Software\Classes]
@Allowed: (Read) (RestrictedCode)
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(604)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infql2.dll
.
Completion time: 2009-11-23 19:17 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-24 02:17
ComboFix2.txt 2009-11-23 16:45

Pre-Run: 68,052,824,064 bytes free
Post-Run: 67,596,161,024 bytes free

- - End Of File - - 684CE75479E4712E646EBF6701180294
  • 0

Advertisements


#11
chamber

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Hi,

1) OTL

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKLM..\RunOnce: [] File not found
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

2) RootRepeal

Download RootRepeal from one of the following locations and save it to your desktop:Link 1
Link 2
Link 3
  • Double click Posted Image to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the Posted Image button
  • In the Select Scan dialog, check:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
    • Shadow SSDT
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan

    Note: The scan can take some time. DO NOT run any other programs while the scan is running

  • When the scan is complete, click the Posted Image button and save the report to your Desktop as RootRepeal.txt
  • Go to File, then Exit to close the program
If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

3) Malwarebytes

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

In your reply I would like to see copied and pasted,

1) OTL logs
2) RootRepeal logs
3) Malwarebytes log

  • 0

#12
jllaz

jllaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Chamber, here are the results you ask for. Rootrepeal stop midway reading thrugh the files. An "Attempt to write to address 0x00000004"message came up, I pressed OK. This other message came righ after I press OK. "Could not read owr index block" pressed Ok and the program closed.


OTL logfile created on: 11/24/2009 7:38:12 AM - Run 2
OTL by OldTimer - Version 3.1.8.0 Folder = C:\Users\Jerry\Desktop\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 79.81% Memory free
4.00 Gb Paging File | 3.98 Gb Available in Paging File | 99.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 184.84 Gb Total Space | 63.22 Gb Free Space | 34.20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JERRY-PC
Current User Name: Jerry
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/23 19:33:57 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Users\Jerry\Desktop\Desktop\OTL.exe
PRC - [2009/09/05 22:38:15 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/05 22:21:03 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2008/01/18 22:33:40 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe


========== Modules (SafeList) ==========

MOD - [2009/11/23 19:33:57 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Users\Jerry\Desktop\Desktop\OTL.exe
MOD - [2008/01/18 22:26:36 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/09/08 20:09:30 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/06 19:42:27 | 00,085,096 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/09/06 07:49:44 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/05 21:58:14 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009/09/05 21:58:10 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2009/09/05 21:58:05 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009/09/05 21:43:04 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/09/05 20:27:38 | 00,182,768 | ---- | M] (Google) -- C:\Virtual\Untrusted\C_\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc_Untrusted_BZ)
SRV - [2009/09/05 20:27:38 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/22 17:14:26 | 00,797,080 | ---- | M] () -- C:\Program Files\BufferZone\ClntSvc.exe -- (BufferZoneSvc)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/19 18:23:16 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/08/15 04:46:20 | 00,284,016 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/07/18 12:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 12:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/07/07 08:42:02 | 00,809,296 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/03/25 20:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/01/18 22:38:26 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/18 22:33:40 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008/01/18 22:33:10 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2007/05/09 15:16:34 | 01,862,144 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)
SRV - [2007/04/27 20:15:46 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/03/20 14:22:06 | 00,114,344 | ---- | M] ( ) -- C:\Program Files\Maxtor\Utils\SyncServices.exe -- (NTService1)
SRV - [2007/03/15 13:48:26 | 00,535,807 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2007/02/10 04:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2007/02/10 04:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2007/02/10 04:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2007/02/02 14:56:52 | 00,118,784 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/01/25 17:50:26 | 00,063,096 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/01/25 17:47:50 | 00,136,816 | ---- | M] () -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
SRV - [2007/01/22 12:11:50 | 00,108,064 | ---- | M] (EMC Corporation) -- C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe -- (RetroExpLauncher)
SRV - [2006/12/19 23:15:44 | 00,428,152 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2006/11/14 20:33:10 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/11/02 19:40:12 | 00,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/11/02 05:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2006/11/02 05:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/27 07:36:32 | 00,303,104 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2006/10/27 07:35:16 | 00,880,640 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2006/10/27 07:33:00 | 00,159,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2006/10/26 23:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 21:14:42 | 00,057,344 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2006/10/26 21:14:16 | 00,294,912 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2006/10/26 18:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/05 12:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 16:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 18:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2005/10/14 01:50:20 | 00,045,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/07 13:20:07 | 00,000,000 | ---D | M]


O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (CBZurlmon Object) - {311BA51F-64F2-439D-9A4A-772373D77312} - C:\Program Files\BufferZone\BZbho.dll (Trustware)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/06 16:12:34 | 00,000,000 | ---D | M] - C:\AutoCad -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 14:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/11/24 07:32:47 | 00,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Favorites
[2009/11/24 07:21:09 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData
[2009/11/24 07:18:47 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/11/24 07:18:47 | 00,000,000 | ---D | C] -- \_OTL
[2009/11/23 19:33:55 | 00,529,920 | ---- | C] (OldTimer Tools) -- C:\Users\Jerry\Desktop\Desktop\OTL.exe
[2009/11/23 19:18:02 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/11/23 19:18:00 | 00,029,582 | ---- | C] () -- \ComboFix.txt
[2009/11/23 18:54:12 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/11/23 18:54:12 | 00,000,000 | ---D | C] -- \32788R22FWJFW
[2009/11/23 09:27:11 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/11/23 09:27:11 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/11/23 09:27:11 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/11/23 09:27:11 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/11/21 11:27:09 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/21 11:27:09 | 00,000,000 | ---D | C] -- \Qoobox
[2009/11/16 18:08:11 | 00,000,846 | ---- | C] () -- \mbam-log-2009-11-16 (18-00-42).txt
[2009/11/16 11:00:11 | 00,000,000 | ---D | C] -- C:\My Documents
[2009/11/16 11:00:11 | 00,000,000 | ---D | C] -- \My Documents
[2009/11/15 18:50:25 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/15 13:02:16 | 00,000,000 | ---D | C] -- C:\Program Files\Malbytes' Anti-Malware
[2009/11/15 12:56:32 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/11/15 12:56:31 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/11/15 12:56:31 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/15 12:56:31 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/15 12:50:25 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/11/15 12:45:18 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2006/09/14 10:32:20 | 00,028,672 | R--- | C] ( ) -- C:\Windows\System32\DivXGraphBuilderCallback.dll

========== Files - Modified Within 14 Days ==========

[2009/11/24 07:31:41 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/24 07:21:40 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/24 07:21:39 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/24 07:21:27 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/23 19:33:57 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Users\Jerry\Desktop\Desktop\OTL.exe
[2009/11/23 19:08:17 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/11/23 19:08:13 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/11/21 11:26:44 | 03,570,920 | R--- | M] () -- C:\Users\Jerry\Desktop\Desktop\ComboFix.exe
[2009/11/20 14:37:17 | 00,756,644 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/20 14:37:17 | 00,118,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/20 14:37:17 | 00,000,000 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/15 13:02:20 | 00,000,809 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\Windows\PEV.exe

========== Files Created - No Company Name ==========

[2009/11/23 19:18:00 | 00,029,582 | ---- | C] () -- \ComboFix.txt
[2009/11/23 09:27:11 | 00,260,608 | ---- | C] () -- C:\Windows\PEV.exe
[2009/11/23 09:27:11 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/11/23 09:27:11 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/11/23 09:27:11 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009/11/23 09:27:11 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/11/21 11:26:41 | 03,570,920 | R--- | C] () -- C:\Users\Jerry\Desktop\Desktop\ComboFix.exe
[2009/11/16 18:08:11 | 00,000,846 | ---- | C] () -- \mbam-log-2009-11-16 (18-00-42).txt
[2009/11/15 12:56:35 | 00,000,809 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/06 16:07:49 | 00,002,212 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/09/11 08:33:36 | 00,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009/09/11 07:25:21 | 00,000,025 | ---- | C] () -- C:\Windows\EP_SPR380.ini
[2009/09/10 12:21:57 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/09/06 18:56:12 | 00,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/09/06 18:56:12 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/09/06 16:09:33 | 00,899,414 | ---- | C] () -- \SetupDVDDecrypter_3.5.4.0.exe
[2009/09/06 14:07:01 | 00,000,262 | ---- | C] () -- \6fb5219aeb229b3.dat
[2009/09/06 00:16:33 | 00,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll
[2009/09/06 00:14:46 | 00,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini
[2009/09/05 17:44:32 | 24,509,19424 | -HS- | C] () --
[2009/03/05 06:54:58 | 00,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2008/12/22 17:14:50 | 01,279,704 | ---- | C] () -- C:\Windows\System32\RlShellExt.dll
[2008/12/22 17:14:36 | 00,428,832 | ---- | C] () -- C:\Windows\System32\Ole2Plgin.dll
[2008/12/22 17:14:14 | 00,179,928 | ---- | C] () -- C:\Windows\System32\AM.dll
[2008/02/11 18:55:18 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007/05/09 18:25:14 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/05/09 15:24:17 | 00,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/05/09 15:06:33 | 00,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{26e3dd02-fe70-11db-9767-0016d4904cfa}.TMContainer00000000000000000002.regtrans-ms
[2007/05/09 15:06:33 | 00,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{26e3dd02-fe70-11db-9767-0016d4904cfa}.TM.blf
[2007/05/09 15:06:32 | 00,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{26e3dcf2-fe70-11db-9767-0016d4904cfa}.TMContainer00000000000000000002.regtrans-ms
[2007/05/09 15:06:32 | 00,262,144 | ---- | C] () -- C:\ProgramData\ntuser.dat
[2007/05/09 15:06:32 | 00,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{26e3dcf2-fe70-11db-9767-0016d4904cfa}.TM.blf
[2007/05/09 15:06:32 | 00,005,120 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG1
[2007/05/09 15:06:32 | 00,000,000 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG2
[2007/05/09 14:58:17 | 00,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/05/09 14:58:17 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/05/09 14:58:17 | 00,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/05/09 14:58:16 | 00,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/05/09 14:58:16 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/05/09 14:58:16 | 00,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/05/09 14:44:27 | 00,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2007/05/09 14:44:26 | 00,333,203 | RHS- | C] () -- \bootmgr
[2007/05/09 14:30:52 | 00,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/05/09 14:30:51 | 00,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/05/09 14:30:51 | 00,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/05/09 14:30:51 | 00,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/03/06 12:49:42 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2006/12/05 13:05:06 | 00,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/24 07:48:44 | 00,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2006/11/10 08:17:52 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 05:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 05:37:35 | 00,030,808 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 05:37:35 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 05:37:35 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 05:37:35 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 05:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 00,756,644 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI
[2006/11/02 03:24:31 | 00,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
[2006/11/02 03:23:31 | 00,000,254 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 03:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 03:23:09 | 00,000,024 | ---- | C] () -- \autoexec.bat
[2006/11/02 00:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:09:45 | 00,027,097 | ---- | C] () -- C:\Windows\System32\country.sys
[2006/11/02 00:09:44 | 00,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 00:09:44 | 00,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS
[2006/11/02 00:09:42 | 00,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS
[2006/11/02 00:09:41 | 00,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 00:09:40 | 00,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 00:09:38 | 00,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 00:09:35 | 00,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 00:09:31 | 00,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 00:09:29 | 00,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 00:09:26 | 00,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 00:09:24 | 00,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 00:09:23 | 00,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 00:09:22 | 00,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS
[2006/11/02 00:09:20 | 00,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS
[2006/11/01 23:25:08 | 00,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll
[2006/11/01 23:25:08 | 00,000,010 | ---- | C] () -- \config.sys
[2006/10/26 22:02:40 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/10/26 22:02:40 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2005/11/23 14:55:42 | 00,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005/07/22 21:30:20 | 00,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2005/07/15 11:35:56 | 00,831,488 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2005/07/15 11:35:56 | 00,159,744 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2005/07/15 11:35:24 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[1999/01/20 05:01:00 | 00,210,032 | ---- | C] () -- C:\Windows\System32\dbclient.dll
[1996/12/06 13:15:20 | 00,131,584 | ---- | C] () -- C:\Windows\System32\wsiwin32.dll
[1996/12/06 13:14:24 | 00,375,296 | ---- | C] () -- C:\Windows\System32\wsihk32.dll
[1996/02/01 17:25:42 | 00,943,616 | ---- | C] () -- C:\Windows\System32\dfolder.dll

========== LOP Check ==========

[2009/11/24 07:21:27 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/11/20 11:59:04 | 00,022,014 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >



ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows Vista SP1
Exception Code: 0xc0000005
Exception Address: 0x0040ab12
Attempt to write to address: 0x00000004



Malwarebytes' Anti-Malware 1.41
Database version: 3223
Windows 6.0.6001 Service Pack 1 (Safe Mode)

11/24/2009 10:21:20 AM
mbam-log-2009-11-24 (10-21-20).txt

Scan type: Quick Scan
Objects scanned: 93848
Time elapsed: 5 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#13
chamber

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Hi,

Can you re run OTL in normal mode for me?

Instead of RootRepeal try this,

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
  • 0

#14
jllaz

jllaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
chamber, everything I been doing is in safe mode because I can't get my desktop in Normal mode. I tried to access the task manager to see if I could run OTL from there but was unable to doit. Here is the log file from GMER. It did stop and gave me this message "C:\Windows\System32\config\Systemprofiles\ntuser.dat file not found." I pressed Ok. and this is the result.


GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-11-24 19:46:50
Windows 6.0.6001 Service Pack 1
Running: ydcjn60u.exe; Driver: C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\kwlcypob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x88810000, 0x4036D, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x88859000, 0x510, 0x40000040]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1628] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74CD88B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1628] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74D198A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1628] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74CDB9D4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1628] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74CCFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1628] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74CD7A79] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1628] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74CCEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1628] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74D0B17D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1628] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74CDBC9A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1628] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74CD074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1628] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74CD06B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1628] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74CC71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1628] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74D5D848] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1628] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74CF7379] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1628] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74CCE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1628] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74CC697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1628] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74CC69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1628] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74CD2465] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\[email protected] 0x60 0x4D 0xF7 0x5B ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0[email protected] 0xC6 0xE2 0x29 0xE4 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0[email protected] 0x8F 0xE8 0xEF 0x48 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\[email protected] 707
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x60 0x4D 0xF7 0x5B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0[email protected] 0xC6 0xE2 0x29 0xE4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0[email protected] 0x06 0xE1 0x44 0x81 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0x60 0x4D 0xF7 0x5B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0[email protected] 0xC6 0xE2 0x29 0xE4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0[email protected] 0x06 0xE1 0x44 0x81 ...

---- EOF - GMER 1.0.15 ----
  • 0

#15
chamber

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Hi,

Make sure ComboFix is located on your desktop for this.

Can you go into normal mode, open up task manager, select new task and then copy and paste the following in.

"%userprofile%\desktop\combofix.exe" /killall
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP