[surveyer]

Hello. I noticed a few days ago that google or yahoo was redirecting search results to various, irrelevant web urls. This was in Firefox and Safari, not using IE anymore. Tried to update and run spybot but it is very slow. Unable to go into safemode either, PC just reboots after choosing that option. Ran malwarebytes anti-malware with latest update, it found and removed trojan.vundo.h easily. Windows task manager doesn't show any strange process names at all, but there are around 7 svchost.exe processes running. Avira antivir detects a lot more than 7 svchost.exe's that are the TR/Crypt.ZPACK.Gen trojan. At one point the AV guard (little umbrella icon) or the windows updates won't open or pop up. After I tried the Temp File Cleaner, they seem to work ok, but I'm deliberately not downloading any updates at this point. Avira still detects the svchost.exe's, google or yahoo are still being redirected and today WinPatrol keeps popping up that sdra64.exe wants to be added to start up. Tried to do an Avira scan and there are suspicious files (luke.dll & lukeres.dll) showing in the log even though the completed scan says "no detection". Read a few posts on similar problems but not sure on the next step to take. I would appreciate any further help on getting my PC cleaned up, please.

[Advertisements]

Hello surveyer and welcome to GeeksToGo
I'm hammerman and I'm going to help you fix your problem.

Before we begin, here are some guidelines which will help us both in fixing your problem.

• Malware removal is not instantaneous and will take a number of steps to complete. Please continue to carry out the steps requested until I let you know that your computer appears clean.
• Please do no attach logs or post them in Quote/Code boxes unless requested.
• I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread. You can copy and paste these instructions into Notepad and then save the text file to your Desktop. If you need any help with this or further clarification, please let me know.
• When posting logs, please ensure Word Wrap is turned off in Notepad. Open Notepad, select Format on the menu bar and make sure that Word Wrap is unchecked.
• Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
• If in doubt about anything, please ask.

Please follow these steps.

-- Step 1 --

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Under the Custom Scan box paste this in
  
  netsvcs
  msconfig
  safebootminimal
  safebootnetwork
  activex
  drivers32
  %ALLUSERSPROFILE%\Application Data\*.
  %ALLUSERSPROFILE%\Application Data\*.exe /s
  %APPDATA%\*.
  %APPDATA%\*.exe /s
  %SYSTEMDRIVE%\*.exe
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  nvstor32.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  KR10N.sys
  ahcix86s.sys
  nvrd32.sys
  /md5stop
  %systemroot%\*. /mp /s
  c:\$recycle.bin\*.* /s
  CREATERESTOREPOINT
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

-- Step 2 --

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click NO
• In the right panel, you will see a bunch of boxes that have been checked. UNCHECK the following boxes
  
  • Sections
  • IAT/EAT
  • Drives/Partition other than System drive (typically C:\)
  • Show all (important)
• Now click the Scan button.
  Once the scan is complete, you may receive another notice about rootkit activity.
• Click OK.
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
• Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

Please post your Malwarebytes log.

[hammerman]

Hello surveyer and welcome to GeeksToGo
I'm hammerman and I'm going to help you fix your problem.

Before we begin, here are some guidelines which will help us both in fixing your problem.

• Malware removal is not instantaneous and will take a number of steps to complete. Please continue to carry out the steps requested until I let you know that your computer appears clean.
• Please do no attach logs or post them in Quote/Code boxes unless requested.
• I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread. You can copy and paste these instructions into Notepad and then save the text file to your Desktop. If you need any help with this or further clarification, please let me know.
• When posting logs, please ensure Word Wrap is turned off in Notepad. Open Notepad, select Format on the menu bar and make sure that Word Wrap is unchecked.
• Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
• If in doubt about anything, please ask.

Please follow these steps.

-- Step 1 --

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Under the Custom Scan box paste this in
  
  netsvcs
  msconfig
  safebootminimal
  safebootnetwork
  activex
  drivers32
  %ALLUSERSPROFILE%\Application Data\*.
  %ALLUSERSPROFILE%\Application Data\*.exe /s
  %APPDATA%\*.
  %APPDATA%\*.exe /s
  %SYSTEMDRIVE%\*.exe
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  nvstor32.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  KR10N.sys
  ahcix86s.sys
  nvrd32.sys
  /md5stop
  %systemroot%\*. /mp /s
  c:\$recycle.bin\*.* /s
  CREATERESTOREPOINT
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

-- Step 2 --

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click NO
• In the right panel, you will see a bunch of boxes that have been checked. UNCHECK the following boxes
  
  • Sections
  • IAT/EAT
  • Drives/Partition other than System drive (typically C:\)
  • Show all (important)
• Now click the Scan button.
  Once the scan is complete, you may receive another notice about rootkit activity.
• Click OK.
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
• Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

Please post your Malwarebytes log.

[surveyer]

Hi Hammerman, and thanks for your reply.

Ran OTL and it didn't open the Extras.txt log. Is it saved in a folder somewhere?

OTL.txt

OTL logfile created on: 12/24/2009 5:38:40 AM - Run 3
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\S\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 643.00 Mb Available Physical Memory | 63.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 3.97 Gb Free Space | 2.66% Space Free | Partition Type: NTFS
Drive D: | 247.72 Mb Total Space | 10.81 Mb Free Space | 4.36% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 3.73 Gb Total Space | 1.87 Gb Free Space | 50.06% Space Free | Partition Type: FAT32

Computer Name: S
Current User Name: S
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\S\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\WINDOWS\SnoopFreeUI.exe (SnoopFree Software)
PRC - C:\WINDOWS\system32\SnoopFreeSvc.exe ()
PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Macrium\Reflect\ReflectService.exe ()
PRC - C:\Program Files\ProcessGuard\DCSUserProt.exe (DiamondCS)
PRC - C:\Program Files\ProcessGuard\procguard.exe (DiamondCS)
PRC - C:\Program Files\ProcessGuard\pgaccount.exe (DiamondCS)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\PeerGuardian2\pg2.exe (Phoenix Labs)
PRC - C:\Documents and Settings\S\My Documents\i-hate-keyloggers.exe (DewaSoft)
PRC - C:\Program Files\Globe Software\StatBar\StatBar.exe (Globe Software)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\S\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\SnoopFreeDll.dll ()
MOD - C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll (BillP Studios)
MOD - c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll (Agnitum Ltd.)


========== Win32 Services (SafeList) ==========

SRV - (WebrootSpySweeperService) -- File not found
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SnoopFreeSvc) -- C:\WINDOWS\system32\SnoopFreeSvc.exe ()
SRV - (acssrv) -- C:\Program Files\Agnitum\Outpost Firewall\acs.exe (Agnitum Ltd.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (ReflectService) -- C:\Program Files\Macrium\Reflect\ReflectService.exe ()
SRV - (DCSPGSRV) -- C:\Program Files\ProcessGuard\dcsuserprot.exe (DiamondCS)
SRV - (NWCWorkstation) -- C:\WINDOWS\system32\nwwks.dll (Microsoft Corporation)
SRV - (EpsonBidirectionalService) -- C:\Program Files\EPSON\ESM2\eEBSvc.exe ()


========== Driver Services (SafeList) ==========

DRV - (pcouffin) -- C:\WINDOWS\system32\drivers\pcouffin.sys (VSO Software)
DRV - (PxHelp20) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SnoopFree) -- C:\WINDOWS\System32\Drivers\SnopFree.sys ()
DRV - (TVICHW32) -- C:\WINDOWS\system32\drivers\TVICHW32.SYS (EnTech Taiwan)
DRV - (SandBox) -- C:\WINDOWS\system32\drivers\SandBox.sys (Agnitum Ltd.)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (afw) -- C:\WINDOWS\system32\drivers\afw.sys (Agnitum Ltd.)
DRV - (avgntmgr) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntmgr.sys (Avira GmbH)
DRV - (avgntdd) -- C:\WINDOWS\system32\drivers\avgntdd.sys (Avira GmbH)
DRV - (afwcore) -- C:\WINDOWS\system32\drivers\afwcore.sys (Agnitum Ltd.)
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (procguard) -- C:\WINDOWS\system32\drivers\procguard.sys (DiamondCS)
DRV - (pssnap) -- C:\WINDOWS\system32\DRIVERS\pssnap.sys (Macrium Software)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (NWRDR) -- C:\WINDOWS\system32\drivers\nwrdr.sys (Microsoft Corporation)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (KeyScrambler) -- C:\WINDOWS\system32\drivers\keyscrambler.sys (QFX Software Corporation)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (pgfilter) -- C:\Program Files\PeerGuardian2\pgfilter.sys ()
DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (LT)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)
DRV - (atinrvxx) ATI WDM Rage Theater Video (Microsoft) -- C:\WINDOWS\system32\drivers\ati1rvxx.sys (ATI Technologies Inc.)
DRV - (MVDCODEC) ATI WDM Specialized MVD Codec (Microsoft) -- C:\WINDOWS\system32\drivers\ati1mdxx.sys (ATI Technologies Inc.)
DRV - (ati2mtaa) -- C:\WINDOWS\system32\drivers\ati2mtaa.sys (ATI Technologies Inc.)
DRV - (nvnforce) Service for NVIDIA® nForce™ -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation)
DRV - (nvax) Service for NVIDIA® nForce™ -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation)
DRV - (ProtoWall) -- C:\WINDOWS\system32\drivers\ProtoWall.sys ()
DRV - (PQNTDrv) -- C:\WINDOWS\system32\drivers\PQNTDRV.sys (PowerQuest Corporation)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ATIVRVXX) ATI Rage Theatre Video (ATIRTCAP) -- C:\WINDOWS\system32\drivers\atirtcap.sys ()
DRV - (ati2mpaa) -- C:\WINDOWS\system32\drivers\ati2mpaa.sys (ATI Technologies Inc.)
DRV - (es1371) Creative AudioPCI (ES1371,ES1373) (WDM) -- C:\WINDOWS\system32\drivers\es1371mp.sys (Creative Technology Ltd.)
DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\aspi32.sys (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "About.com Contests Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Surf Canyon"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {e073c84a-e479-468e-a356-47d96c5ca888}:2.4.0.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.93
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.29
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.4
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.1.0
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5
FF - prefs.js..extensions.enabledItems: {62760FD6-B943-48C9-AB09-F99C6FE96088}:2.0.2
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.5
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.80
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.04
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1
FF - prefs.js..extensions.enabledItems: {4BCC5CF2-DD1B-4f34-80BA-E5A2355D3936}:0.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.3
FF - prefs.js..extensions.enabledItems: [email protected]:2.2.7.4
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.2.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.16.1
FF - prefs.js..extensions.enabledItems: {7102aba3-045c-4ec2-b921-46d87636d84b}:1.35
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.3.1
FF - prefs.js..extensions.enabledItems: {5546F97E-11A5-46b0-9082-32AD74AAA920}:0.5.5.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.4
FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3
FF - prefs.js..extensions.enabledItems: page_info_links@francev_nikolay:0.8
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..extensions.enabledItems: [email protected]:0.9948
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.3
FF - prefs.js..extensions.enabledItems: {75623d5d-4683-402a-b610-ac4bab767c86}:3.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..extensions.enabledItems: {d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}:2.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:0.8.2009102801
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: {b065cadc-711c-4074-a257-63df8e2128d7}:0.1.6.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2009/05/11 19:09:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/10 08:09:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/30 05:45:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: J:\PortableApps\Thunderbird\App\Thunderbird\components [2009/07/19 18:20:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: J:\PortableApps\Thunderbird\App\Thunderbird\plugins [2009/09/01 13:11:44 | 00,000,000 | ---D | M]

[2009/04/30 19:12:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Extensions
[2009/12/23 21:59:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions
[2009/08/05 12:57:17 | 00,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009/12/04 05:16:35 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/10/30 19:25:39 | 00,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2009/12/13 08:23:37 | 00,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/06/27 21:19:52 | 00,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(2)
[2009/05/06 20:39:11 | 00,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2009/11/07 00:02:40 | 00,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2009/10/15 05:33:06 | 00,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/11/11 05:03:09 | 00,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2009/11/06 07:29:14 | 00,000,000 | ---D | M] (Form Saver) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{4BCC5CF2-DD1B-4f34-80BA-E5A2355D3936}
[2009/05/10 17:36:39 | 00,000,000 | ---D | M] (InFormEnter) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
[2009/10/27 09:59:23 | 00,000,000 | ---D | M] (eBay Sidebar for Firefox) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
[2009/05/06 20:39:12 | 00,000,000 | ---D | M] (Media Converter) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
[2009/09/22 08:13:52 | 00,000,000 | ---D | M] (History Submenus) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{7102aba3-045c-4ec2-b921-46d87636d84b}
[2009/11/17 19:37:27 | 00,000,000 | ---D | M] (Surf Canyon - Search Engine Assistant) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}
[2009/11/06 07:29:21 | 00,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/12/15 08:18:26 | 00,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2009/05/06 14:20:37 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{b065cadc-711c-4074-a257-63df8e2128d7}
[2009/11/20 05:18:49 | 00,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/12/13 08:23:37 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/23 11:06:15 | 00,000,000 | ---D | M] (Tiny Menu) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}
[2009/05/06 13:35:14 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009/05/06 20:39:29 | 00,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/12/02 05:20:20 | 00,000,000 | ---D | M] (About.com Contests Toolbar) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{e073c84a-e479-468e-a356-47d96c5ca888}
[2009/09/03 05:21:59 | 00,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2009/10/07 05:42:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\[email protected]
[2009/11/04 19:41:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\[email protected]
[2009/11/28 17:07:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\[email protected]
[2009/05/10 17:36:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\[email protected]
[2009/05/13 07:21:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\[email protected]
[2009/12/02 05:20:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\[email protected]
[2009/10/22 05:16:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\[email protected]
[2009/09/03 05:22:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\[email protected]
[2009/08/01 19:13:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\[email protected]
[2009/11/24 19:25:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\page_info_links@francev_nikolay
[2009/06/27 21:19:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\personas@christopher(2).beard
[2009/11/15 10:22:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\[email protected]
[2009/05/06 13:35:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\[email protected]
[2009/11/06 07:29:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\[email protected]
[2009/12/21 15:25:18 | 00,003,291 | ---- | M] () -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\searchplugins\addic7ed-tv-subtitle-search.xml
[2009/08/11 22:43:04 | 00,000,898 | ---- | M] () -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\searchplugins\conduit.xml
[2009/09/20 16:25:47 | 00,002,271 | ---- | M] () -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\searchplugins\surf-canyon.xml
[2009/12/23 21:59:46 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/01 13:14:58 | 00,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: (342967 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 11784 more lines...
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [!1_pgaccount] C:\Program Files\ProcessGuard\pgaccount.exe (DiamondCS)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Copy Handler] File not found
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [SnoopFreeUI] C:\WINDOWS\SnoopFreeUI.exe (SnoopFree Software)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [!1_ProcessGuard_Startup] C:\Program Files\ProcessGuard\procguard.exe (DiamondCS)
O4 - HKCU..\Run: [I-Hate-Keyloggers] C:\Documents and Settings\S\My Documents\i-hate-keyloggers.exe (DewaSoft)
O4 - HKCU..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Phoenix Labs)
O4 - HKCU..\Run: [StatBar] C:\Program Files\Globe Software\StatBar\StatBar.exe (Globe Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.micros...cs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll (Agnitum Ltd.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - - File not found
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/30 17:28:43 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/07/19 23:51:04 | 00,000,107 | ---- | M] () - J:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/04/30 17:28:23 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - C:\WINDOWS\system32\nwwks.dll (Microsoft Corporation)
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Launchy.lnk - C:\PROGRA~1\Launchy\Launchy.exe - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MagicKey.lnk - C:\ACI Programs\MagicKey\mgk.exe - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: nm.sys - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mp42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (76564698358611968)

========== Files/Folders - Created Within 30 Days ==========

[2009/12/21 14:37:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\S\Local Settings\Application Data\Apple Computer
[2009/12/21 14:37:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\S\Application Data\Apple Computer
[2009/12/21 14:34:31 | 00,000,000 | ---D | C] -- C:\Program Files\Safari
[2009/12/21 14:34:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/12/21 14:32:15 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/12/21 14:31:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\S\Local Settings\Application Data\Apple
[2009/12/21 14:30:38 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/12/21 14:30:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/12/21 09:34:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\S\Application Data\Malwarebytes
[2009/12/21 09:34:01 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/21 09:33:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/21 09:33:45 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/21 09:33:45 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/21 09:05:17 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\S\Recent
[2009/12/20 23:01:43 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/20 17:05:17 | 00,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2009/12/20 16:59:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/12/20 15:53:43 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\S\Desktop\OTL.exe
[2009/12/09 19:19:04 | 00,000,000 | ---D | C] -- C:\Program Files\DVDFab 6
[2009/12/07 20:18:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\IsolatedStorage
[2009/12/07 20:15:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2009/12/07 00:30:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\S\Application Data\CoffeeCup Software
[2009/12/07 00:30:46 | 00,000,000 | ---D | C] -- C:\Program Files\CoffeeCup Software
[2009/11/26 15:17:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\S\Application Data\Amazon
[2009/11/26 15:16:51 | 00,000,000 | ---D | C] -- C:\Program Files\Amazon
[2009/09/16 16:50:44 | 07,760,687 | ---- | C] (Boraxsoft) -- C:\Documents and Settings\S\Application Data\SetupGFD.exe
[2009/09/16 16:46:18 | 04,284,535 | ---- | C] (ffdshow ) -- C:\Documents and Settings\S\Application Data\ffdshow.exe
[2009/09/16 16:45:45 | 00,642,685 | ---- | C] (Xvid team ) -- C:\Documents and Settings\S\Application Data\xvid.exe
[2009/09/16 16:43:12 | 02,169,915 | ---- | C] (LIGHTNING UK!) -- C:\Documents and Settings\S\Application Data\Imgburn.exe
[2009/09/16 16:37:59 | 04,182,178 | ---- | C] (The Public) -- C:\Documents and Settings\S\Application Data\Avisynth.exe
[2009/08/13 18:47:07 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\S\Application Data\pcouffin.sys
[2009/08/10 11:50:25 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/05/22 03:43:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/04/30 17:32:38 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/04/30 17:32:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2009/12/24 05:41:07 | 00,123,768 | ---- | M] () -- C:\WINDOWS\System32\pghash.dat
[2009/12/24 05:36:57 | 00,284,447 | ---- | M] () -- C:\Documents and Settings\S\Desktop\Redirection Of Search Resul..pdf
[2009/12/24 05:25:27 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/24 05:25:24 | 10,732,70784 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/23 22:51:01 | 10,485,760 | ---- | M] () -- C:\Documents and Settings\S\ntuser.dat
[2009/12/23 22:51:01 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\S\ntuser.ini
[2009/12/23 22:48:15 | 00,326,964 | ---- | M] () -- C:\WINDOWS\System32\pguard.dat
[2009/12/23 20:24:11 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2009/12/22 22:13:11 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/12/21 09:34:15 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/20 23:01:44 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\S\Desktop\HijackThis.lnk
[2009/12/20 22:19:20 | 00,123,904 | ---- | M] () -- C:\Documents and Settings\S\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/20 17:05:18 | 00,000,917 | ---- | M] () -- C:\Documents and Settings\S\Desktop\Revo Uninstaller.lnk
[2009/12/20 15:53:43 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\S\Desktop\OTL.exe
[2009/12/19 17:14:19 | 00,000,091 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/12/15 11:24:48 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\S\Desktop\gmer.exe
[2009/12/14 14:47:14 | 00,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/09 19:19:24 | 00,087,608 | ---- | M] () -- C:\Documents and Settings\S\Application Data\inst.exe
[2009/12/09 19:19:24 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\drivers\pcouffin.sys
[2009/12/09 19:19:24 | 00,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\S\Application Data\pcouffin.sys
[2009/12/09 19:19:24 | 00,007,887 | ---- | M] () -- C:\Documents and Settings\S\Application Data\pcouffin.cat
[2009/12/09 19:19:24 | 00,001,144 | ---- | M] () -- C:\Documents and Settings\S\Application Data\pcouffin.inf
[2009/12/09 19:19:10 | 00,000,618 | ---- | M] () -- C:\Documents and Settings\S\Desktop\DVDFab 6.lnk
[2009/12/08 16:42:23 | 00,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/08 16:42:23 | 00,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/08 16:42:23 | 00,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/07 20:14:46 | 00,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Amazon Unbox.lnk
[2009/12/07 16:39:38 | 00,153,600 | ---- | M] () -- C:\Documents and Settings\S\Application Data\SharedSettings.ccs
[2009/12/07 00:30:52 | 00,000,208 | ---- | M] () -- C:\WINDOWS\System32\xpysys.dll
[2009/12/07 00:30:49 | 00,001,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CoffeeCup Free FTP.lnk
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/27 22:13:44 | 00,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk

========== Files Created - No Company Name ==========

[2009/12/24 05:36:55 | 00,284,447 | ---- | C] () -- C:\Documents and Settings\S\Desktop\Redirection Of Search Resul..pdf
[2009/12/21 14:35:08 | 00,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/12/21 09:34:15 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/20 23:01:44 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\S\Desktop\HijackThis.lnk
[2009/12/20 17:05:18 | 00,000,917 | ---- | C] () -- C:\Documents and Settings\S\Desktop\Revo Uninstaller.lnk
[2009/12/15 11:24:48 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\S\Desktop\gmer.exe
[2009/12/09 19:19:10 | 00,000,618 | ---- | C] () -- C:\Documents and Settings\S\Desktop\DVDFab 6.lnk
[2009/12/07 20:14:46 | 00,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Amazon Unbox.lnk
[2009/12/07 00:36:35 | 00,153,600 | ---- | C] () -- C:\Documents and Settings\S\Application Data\SharedSettings.ccs
[2009/12/07 00:30:52 | 00,000,208 | ---- | C] () -- C:\WINDOWS\System32\xpysys.dll
[2009/12/07 00:30:49 | 00,001,714 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CoffeeCup Free FTP.lnk
[2009/09/28 14:37:14 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2009/09/28 14:37:12 | 00,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/08/13 18:47:28 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\S\Application Data\pcouffin.log
[2009/08/13 18:47:07 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\S\Application Data\inst.exe
[2009/08/13 18:47:07 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\S\Application Data\pcouffin.cat
[2009/08/13 18:47:07 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\S\Application Data\pcouffin.inf
[2009/08/10 13:41:41 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll
[2009/08/10 13:41:41 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll
[2009/08/10 13:41:41 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll
[2009/07/28 07:12:32 | 00,000,022 | ---- | C] () -- C:\Documents and Settings\S\Local Settings\Application Data\kodakpcd.ini
[2009/07/19 12:26:39 | 00,000,436 | -HS- | C] () -- C:\WINDOWS\System32\ss.drv
[2009/07/13 20:24:20 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\S\Local Settings\Application Data\ch.log
[2009/06/28 18:04:44 | 00,000,326 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\PrimoPDFSet.xml
[2009/06/27 22:10:57 | 00,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/06/16 13:21:24 | 00,000,046 | ---- | C] () -- C:\Documents and Settings\S\Local Settings\Application Data\DonationCoder_findrunrobot_InstallInfo.dat
[2009/06/07 11:54:57 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009/05/17 16:31:34 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2009/05/17 11:23:59 | 00,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/05/13 19:27:27 | 00,000,091 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/05/10 10:28:14 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\S\Application Data\AVSDVDPlayer.m3u
[2009/05/10 10:18:13 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/05/10 10:18:13 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/05/09 22:41:32 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/05/09 22:41:32 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/05/09 22:41:30 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\cdga.dll
[2009/05/06 12:24:49 | 00,209,008 | ---- | C] () -- C:\WINDOWS\System32\kbhookdll.dll
[2009/05/05 23:46:21 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/05/03 13:56:38 | 00,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/05/03 13:56:38 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/05/03 13:56:38 | 00,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/05/03 13:40:21 | 00,123,904 | ---- | C] () -- C:\Documents and Settings\S\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/01 21:30:59 | 00,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\SnopFree.sys
[2009/04/30 19:41:58 | 00,003,333 | ---- | C] () -- C:\Documents and Settings\S\Application Data\CleanUp!.log
[2009/04/30 18:17:50 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/04/30 10:20:27 | 00,049,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\atirtcap.sys
[2009/04/30 10:20:25 | 00,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmdcd.sys
[2007/11/06 12:19:28 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2004/10/26 14:39:05 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/01/28 14:35:54 | 00,021,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\ProtoWall.sys

========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >
[2009/05/01 21:20:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agnitum
[2009/12/07 20:15:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2009/12/21 14:30:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/12/21 14:34:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/07/27 23:03:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2009/05/01 18:10:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/05/14 13:31:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2009/06/16 13:21:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DonationCoder
[2009/11/18 20:18:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2009/07/27 23:08:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2009/04/30 20:30:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/05/12 19:09:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrium
[2009/12/21 09:33:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/30 18:05:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/05/09 19:35:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/04/30 17:39:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Messenger 6.1.0155
[2009/04/30 17:55:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2009/08/13 22:12:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2009/06/08 21:46:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/06/27 21:19:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Tools(2)
[2009/06/27 22:04:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2009/05/11 19:09:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2009/05/13 12:21:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2009/12/21 09:11:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/09/02 05:39:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2009/12/20 23:47:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/03 13:04:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/07/21 05:57:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2009/09/02 05:39:48 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{62902F53-D725-44F9-B385-979CC0E00E8A}
[2009/11/02 12:31:31 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009/09/01 07:10:42 | 03,247,288 | ---- | M] (Stardock Corporation ) -- C:\Documents and Settings\All Users\Application Data\{62902F53-D725-44F9-B385-979CC0E00E8A}\shareware.exe
[2009/10/02 09:59:29 | 03,254,528 | ---- | M] (Stardock Corporation ) -- C:\Documents and Settings\All Users\Application Data\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}\Fences.exe
[2009/11/05 21:16:58 | 00,073,728 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
[2009/07/27 23:12:55 | 01,844,883 | ---- | M] (ArcSoft Inc. ) -- C:\Documents and Settings\All Users\Application Data\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
[2009/07/10 11:58:56 | 02,479,504 | ---- | M] (Eastman Kodak Company) -- C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0001_10c8df0\Setup.exe
[2009/07/27 16:24:54 | 00,077,824 | ---- | M] (Eastman Kodak Company) -- C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\ess\bindbins\bindbins.exe
[2009/07/27 16:24:37 | 00,175,104 | ---- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\reduced_contents_PrintCreation_expanded\setup.exe
[2009/07/27 16:12:17 | 00,045,056 | ---- | M] (ESTMAN KODAK Company) -- C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\sysfiles\kb945060\kb945060.exe
[2009/07/27 16:24:53 | 00,225,280 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\What the...\finish.exe
[2009/07/27 16:09:53 | 00,225,280 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\What the...\start.exe

< %APPDATA%\*. >
[2009/05/05 18:33:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Adobe
[2009/11/26 16:34:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Amazon
[2009/12/21 14:37:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Apple Computer
[2009/07/27 23:08:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Arcsoft
[2009/10/22 19:30:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Artisteer
[2009/05/05 21:04:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Broad Intelligence
[2009/12/07 00:37:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\CoffeeCup Software
[2009/07/19 14:26:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\CopyTrans
[2009/07/19 18:56:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\CopyTransDoctor
[2009/11/18 19:44:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\CoreFTP
[2009/06/08 19:41:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\COWON
[2009/09/01 12:13:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\DivX
[2009/06/16 13:21:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\DonationCoder
[2009/12/10 18:19:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\dvdcss
[2009/09/16 17:10:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\FFRend
[2009/08/16 13:30:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\FireShot
[2009/05/17 11:40:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Foxit
[2009/05/05 22:54:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\GetRightToGo
[2009/11/18 20:15:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\GlobalSCAPE
[2009/05/20 13:51:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Help
[2009/07/19 16:50:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\iCloner
[2009/04/30 17:34:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Identities
[2009/07/26 22:27:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\ImgBurn
[2009/09/28 16:03:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Jarte
[2009/07/28 07:11:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\KodakCredentialStore
[2009/07/05 19:15:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Launchy
[2009/05/11 20:09:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Macromedia
[2009/12/21 09:34:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Malwarebytes
[2009/09/16 17:15:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Media Player Classic
[2009/07/15 12:19:30 | 00,000,000 | --SD | M] -- C:\Documents and Settings\S\Application Data\Microsoft
[2009/09/28 12:42:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla
[2009/12/06 13:19:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\MSN6
[2009/05/08 19:05:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\MSNInstaller
[2009/06/08 21:46:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\NCH Swift Sound
[2009/09/28 12:42:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Netscape
[2009/09/21 14:29:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Notepad++
[2009/05/23 19:43:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\pdf995
[2009/09/28 12:41:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Photodex
[2009/08/31 20:17:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\QuotePad
[2009/05/03 19:40:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Red Chair Software
[2009/07/19 23:36:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\SharePod
[2009/07/28 07:05:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Skinux
[2009/09/20 18:55:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\SourceTec
[2009/09/02 05:40:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Stardock
[2009/11/07 22:17:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\stickies
[2009/06/07 13:55:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Sun
[2009/08/31 20:16:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Thunderbird
[2009/07/14 16:10:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\TrueCrypt
[2009/09/11 16:59:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\vlc
[2009/12/09 19:19:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Vso
[2009/07/19 14:53:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\WindSolutions
[2009/04/30 19:11:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\WinPatrol
[2009/10/05 15:40:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\XMind

< %APPDATA%\*.exe /s >
[2009/09/16 16:43:12 | 04,182,178 | ---- | M] (The Public) -- C:\Documents and Settings\S\Application Data\Avisynth.exe
[2009/09/16 16:50:44 | 04,284,535 | ---- | M] (ffdshow ) -- C:\Documents and Settings\S\Application Data\ffdshow.exe
[2009/09/16 16:45:45 | 02,169,915 | ---- | M] (LIGHTNING UK!) -- C:\Documents and Settings\S\Application Data\Imgburn.exe
[2009/12/09 19:19:24 | 00,087,608 | ---- | M] () -- C:\Documents and Settings\S\Application Data\inst.exe
[2009/09/16 17:04:16 | 07,760,687 | ---- | M] (Boraxsoft) -- C:\Documents and Settings\S\Application Data\SetupGFD.exe
[2009/09/16 16:46:18 | 00,642,685 | ---- | M] (Xvid team ) -- C:\Documents and Settings\S\Application Data\xvid.exe
[2009/10/13 16:12:16 | 00,355,574 | R--- | M] () -- C:\Documents and Settings\S\Application Data\Microsoft\Installer\{1D0859C7-4C5D-40BA-A3EA-698BA820E7A7}\_244C619FB12F34EE37CA9F.exe
[2009/10/13 16:12:16 | 00,355,574 | R--- | M] () -- C:\Documents and Settings\S\Application Data\Microsoft\Installer\{1D0859C7-4C5D-40BA-A3EA-698BA820E7A7}\_7BAE06742266F3ED1073C2.exe
[2009/05/12 19:05:35 | 00,043,646 | R--- | M] () -- C:\Documents and Settings\S\Application Data\Microsoft\Installer\{3BAD2D97-4900-4014-A2F5-B549802CEEE2}\_21F3885A18D238E15AAE81.exe
[2009/05/12 19:05:35 | 00,109,534 | R--- | M] () -- C:\Documents and Settings\S\Application Data\Microsoft\Installer\{3BAD2D97-4900-4014-A2F5-B549802CEEE2}\_6FEFF9B68218417F98F549.exe
[2009/05/12 19:05:35 | 00,043,646 | R--- | M] () -- C:\Documents and Settings\S\Application Data\Microsoft\Installer\{3BAD2D97-4900-4014-A2F5-B549802CEEE2}\_BBCA226959C1D3D63C885B.exe
[2009/05/12 19:05:35 | 00,043,646 | R--- | M] () -- C:\Documents and Settings\S\Application Data\Microsoft\Installer\{3BAD2D97-4900-4014-A2F5-B549802CEEE2}\_D707CE1C009F1381803C2C.exe
[2009/05/12 19:05:36 | 00,043,646 | R--- | M] () -- C:\Documents and Settings\S\Application Data\Microsoft\Installer\{3BAD2D97-4900-4014-A2F5-B549802CEEE2}\_E3296CA52D73B98AE9B5F9.exe
[2009/05/12 19:05:36 | 00,029,926 | R--- | M] () -- C:\Documents and Settings\S\Application Data\Microsoft\Installer\{3BAD2D97-4900-4014-A2F5-B549802CEEE2}\_EDC08689E679B6EDDC26F8.exe
[2009/09/28 12:24:36 | 00,010,134 | R--- | M] () -- C:\Documents and Settings\S\Application Data\Microsoft\Installer\{410C6CCD-AF5E-4B1D-AD83-800D21892814}\_5A3DFDABDD75B990A3C099.exe
[2009/09/28 10:05:03 | 00,177,024 | ---- | M] () -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\FlashGot.exe
[2009/03/19 22:57:34 | 00,040,960 | ---- | M] () -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-install.exe

< %SYSTEMDRIVE%\*.exe >


< MD5 for: ATAPI.SYS >
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\DRIVERS\ATAPI.SYS

< MD5 for: NETLOGON.DLL >
[2004/08/03 23:56:46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\NETLOGON.DLL

< MD5 for: SCECLI.DLL >
[2004/08/03 23:56:46 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\SCECLI.DLL

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:2B213EDA41E2FBA3
@Alternate Data Stream - 181 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15A45766
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
< End of report >

[surveyer]

There's another strange thing happening. When I try to paste the GMER log results in my reply, the CPU shoots up to 100% and firefox freezes. This happened the more than 3x I tried it. Can I attach a log for GMER? The attachment editor doesn't seem to work.


MALWAREBYTES LOG

Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/21/2009 9:42:04 AM
mbam-log-2009-12-21 (09-42-04).txt

Scan type: Quick Scan
Objects scanned: 100206
Time elapsed: 6 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: xmsev6.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\xmsev6.dll (Trojan.Vundo.H) -> Delete on reboot.

[hammerman]

Hi,

Please upload the GMER log to Mediafire and post the sharing link.

[surveyer]

Hi Hammerman,

Here's the gmer log link:
http://www.mediafire.com/?zzimrwjy5in

[hammerman]

Hi,

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  

  :filefind
  atapi.sys

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

[surveyer]

Hi, here's the SystemLook log:

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 16:59 on 26/12/2009 by S (Administrator - Elevation successful)

========== filefind ==========

Searching for "atapi.sys"
C:\pebuilder3110a\BartPE\I386\SYSTEM32\DRIVERS\ATAPI.SYS --a--- 95360 bytes [18:01 13/05/2009] [05:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51

-=End Of File=-

[hammerman]

Hi,

You have a lot of security applications running and they can interfere with the tools we use. Can you disable ProcessGuard, SnoopFree, I Hate keyloggers and WinPatrol.

Run OTL

• When the window appears, underneath Output at the top change it to Minimal Output.
• Under the Custom Scans/Fixes box paste this in the following.
  
  %SYSTEMDRIVE%\*.exe
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  nvstor32.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  KR10N.sys
  ahcix86s.sys
  nvrd32.sys
  /md5stop
  %systemroot%\*. /mp /s
  c:\$recycle.bin\*.* /s
  CREATERESTOREPOINT
  
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
• When the scan completes, it will open a notepad window, OTL.Txt. This is saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

[surveyer]

Hi, did as you asked and below are the results.

OTL.txt

OTL logfile created on: 12/27/2009 10:29:23 AM - Run 4
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\S\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 592.00 Mb Available Physical Memory | 58.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 6.20 Gb Free Space | 4.16% Space Free | Partition Type: NTFS
Drive D: | 247.72 Mb Total Space | 10.81 Mb Free Space | 4.36% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: S
Current User Name: S
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\S\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\WINDOWS\system32\SnoopFreeSvc.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\ProcessGuard\DCSUserProt.exe (DiamondCS)
PRC - C:\Program Files\ProcessGuard\procguard.exe (DiamondCS)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\PeerGuardian2\pg2.exe (Phoenix Labs)
PRC - C:\Program Files\Globe Software\StatBar\StatBar.exe (Globe Software)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\S\Desktop\OTL.exe (OldTimer Tools)
MOD - c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll (Agnitum Ltd.)


========== Win32 Services (SafeList) ==========

SRV - (WebrootSpySweeperService) -- File not found
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SnoopFreeSvc) -- C:\WINDOWS\system32\SnoopFreeSvc.exe ()
SRV - (acssrv) -- C:\Program Files\Agnitum\Outpost Firewall\acs.exe (Agnitum Ltd.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (ReflectService) -- C:\Program Files\Macrium\Reflect\ReflectService.exe ()
SRV - (DCSPGSRV) -- C:\Program Files\ProcessGuard\dcsuserprot.exe (DiamondCS)
SRV - (NWCWorkstation) -- C:\WINDOWS\system32\nwwks.dll (Microsoft Corporation)
SRV - (EpsonBidirectionalService) -- C:\Program Files\EPSON\ESM2\eEBSvc.exe ()


========== Driver Services (SafeList) ==========

DRV - (pcouffin) -- C:\WINDOWS\system32\drivers\pcouffin.sys (VSO Software)
DRV - (PxHelp20) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SnoopFree) -- C:\WINDOWS\System32\Drivers\SnopFree.sys ()
DRV - (TVICHW32) -- C:\WINDOWS\system32\drivers\TVICHW32.SYS (EnTech Taiwan)
DRV - (SandBox) -- C:\WINDOWS\system32\drivers\SandBox.sys (Agnitum Ltd.)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (afw) -- C:\WINDOWS\system32\drivers\afw.sys (Agnitum Ltd.)
DRV - (avgntmgr) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntmgr.sys (Avira GmbH)
DRV - (avgntdd) -- C:\WINDOWS\system32\drivers\avgntdd.sys (Avira GmbH)
DRV - (afwcore) -- C:\WINDOWS\system32\drivers\afwcore.sys (Agnitum Ltd.)
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (procguard) -- C:\WINDOWS\system32\drivers\procguard.sys (DiamondCS)
DRV - (pssnap) -- C:\WINDOWS\system32\DRIVERS\pssnap.sys (Macrium Software)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (NWRDR) -- C:\WINDOWS\system32\drivers\nwrdr.sys (Microsoft Corporation)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (KeyScrambler) -- C:\WINDOWS\system32\drivers\keyscrambler.sys (QFX Software Corporation)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (pgfilter) -- C:\Program Files\PeerGuardian2\pgfilter.sys ()
DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (LT)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)
DRV - (atinrvxx) ATI WDM Rage Theater Video (Microsoft) -- C:\WINDOWS\system32\drivers\ati1rvxx.sys (ATI Technologies Inc.)
DRV - (MVDCODEC) ATI WDM Specialized MVD Codec (Microsoft) -- C:\WINDOWS\system32\drivers\ati1mdxx.sys (ATI Technologies Inc.)
DRV - (ati2mtaa) -- C:\WINDOWS\system32\drivers\ati2mtaa.sys (ATI Technologies Inc.)
DRV - (nvnforce) Service for NVIDIA® nForce™ -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation)
DRV - (nvax) Service for NVIDIA® nForce™ -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation)
DRV - (ProtoWall) -- C:\WINDOWS\system32\drivers\ProtoWall.sys ()
DRV - (PQNTDrv) -- C:\WINDOWS\system32\drivers\PQNTDRV.sys (PowerQuest Corporation)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ATIVRVXX) ATI Rage Theatre Video (ATIRTCAP) -- C:\WINDOWS\system32\drivers\atirtcap.sys ()
DRV - (ati2mpaa) -- C:\WINDOWS\system32\drivers\ati2mpaa.sys (ATI Technologies Inc.)
DRV - (es1371) Creative AudioPCI (ES1371,ES1373) (WDM) -- C:\WINDOWS\system32\drivers\es1371mp.sys (Creative Technology Ltd.)
DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\aspi32.sys (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "About.com Contests Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Surf Canyon"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {e073c84a-e479-468e-a356-47d96c5ca888}:2.4.0.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.93
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.29
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.4
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.1.0
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5
FF - prefs.js..extensions.enabledItems: {62760FD6-B943-48C9-AB09-F99C6FE96088}:2.0.2
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.5
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.80
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.04
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1
FF - prefs.js..extensions.enabledItems: {4BCC5CF2-DD1B-4f34-80BA-E5A2355D3936}:0.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.3
FF - prefs.js..extensions.enabledItems: [email protected]:2.2.7.4
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.2.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.16.1
FF - prefs.js..extensions.enabledItems: {7102aba3-045c-4ec2-b921-46d87636d84b}:1.35
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.3.1
FF - prefs.js..extensions.enabledItems: {5546F97E-11A5-46b0-9082-32AD74AAA920}:0.5.5.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.4
FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3
FF - prefs.js..extensions.enabledItems: page_info_links@francev_nikolay:0.8
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..extensions.enabledItems: [email protected]:0.9948
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.3
FF - prefs.js..extensions.enabledItems: {75623d5d-4683-402a-b610-ac4bab767c86}:3.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..extensions.enabledItems: {d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}:2.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:0.8.2009102801
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: {b065cadc-711c-4074-a257-63df8e2128d7}:0.1.6.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2009/05/11 19:09:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/10 08:09:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/30 05:45:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: J:\PortableApps\Thunderbird\App\Thunderbird\components
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: J:\PortableApps\Thunderbird\App\Thunderbird\plugins

[2009/04/30 19:12:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Extensions
[2009/12/26 18:16:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions
[2009/08/05 12:57:17 | 00,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009/12/04 05:16:35 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/10/30 19:25:39 | 00,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2009/12/13 08:23:37 | 00,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/06/27 21:19:52 | 00,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(2)
[2009/05/06 20:39:11 | 00,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2009/11/07 00:02:40 | 00,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2009/10/15 05:33:06 | 00,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/11/11 05:03:09 | 00,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2009/11/06 07:29:14 | 00,000,000 | ---D | M] (Form Saver) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{4BCC5CF2-DD1B-4f34-80BA-E5A2355D3936}
[2009/05/10 17:36:39 | 00,000,000 | ---D | M] (InFormEnter) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
[2009/10/27 09:59:23 | 00,000,000 | ---D | M] (eBay Sidebar for Firefox) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
[2009/05/06 20:39:12 | 00,000,000 | ---D | M] (Media Converter) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
[2009/09/22 08:13:52 | 00,000,000 | ---D | M] (History Submenus) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{7102aba3-045c-4ec2-b921-46d87636d84b}
[2009/11/17 19:37:27 | 00,000,000 | ---D | M] (Surf Canyon - Search Engine Assistant) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}
[2009/11/06 07:29:21 | 00,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/12/15 08:18:26 | 00,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2009/05/06 14:20:37 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{b065cadc-711c-4074-a257-63df8e2128d7}
[2009/11/20 05:18:49 | 00,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/12/13 08:23:37 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/23 11:06:15 | 00,000,000 | ---D | M] (Tiny Menu) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}
[2009/05/06 13:35:14 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009/05/06 20:39:29 | 00,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/12/02 05:20:20 | 00,000,000 | ---D | M] (About.com Contests Toolbar) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{e073c84a-e479-468e-a356-47d96c5ca888}
[2009/09/03 05:21:59 | 00,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2009/10/07 05:42:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\[email protected]
[2009/11/04 19:41:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\[email protected]
[2009/11/28 17:07:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\[email protected]
[2009/05/10 17:36:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\[email protected]
[2009/05/13 07:21:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\[email protected]
[2009/12/02 05:20:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\[email protected]
[2009/10/22 05:16:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\[email protected]
[2009/09/03 05:22:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\[email protected]
[2009/08/01 19:13:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\[email protected]
[2009/11/24 19:25:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\page_info_links@francev_nikolay
[2009/06/27 21:19:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\personas@christopher(2).beard
[2009/11/15 10:22:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\[email protected]
[2009/05/06 13:35:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\[email protected]
[2009/11/06 07:29:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\[email protected]
[2009/12/21 15:25:18 | 00,003,291 | ---- | M] () -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\searchplugins\addic7ed-tv-subtitle-search.xml
[2009/08/11 22:43:04 | 00,000,898 | ---- | M] () -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\searchplugins\conduit.xml
[2009/09/20 16:25:47 | 00,002,271 | ---- | M] () -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\searchplugins\surf-canyon.xml
[2009/12/26 18:16:42 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/01 13:14:58 | 00,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: (342967 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 11784 more lines...
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [!1_pgaccount] C:\Program Files\ProcessGuard\pgaccount.exe (DiamondCS)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Copy Handler] File not found
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [SnoopFreeUI] C:\WINDOWS\SnoopFreeUI.exe (SnoopFree Software)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Phoenix Labs)
O4 - HKCU..\Run: [StatBar] C:\Program Files\Globe Software\StatBar\StatBar.exe (Globe Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.micros...cs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll (Agnitum Ltd.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - - File not found
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/30 17:28:43 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/25 16:40:45 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\S\Recent
[2009/12/21 14:37:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\S\Local Settings\Application Data\Apple Computer
[2009/12/21 14:37:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\S\Application Data\Apple Computer
[2009/12/21 14:34:31 | 00,000,000 | ---D | C] -- C:\Program Files\Safari
[2009/12/21 14:34:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/12/21 14:32:15 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/12/21 14:31:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\S\Local Settings\Application Data\Apple
[2009/12/21 14:30:38 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/12/21 14:30:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/12/21 09:34:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\S\Application Data\Malwarebytes
[2009/12/21 09:34:01 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/21 09:33:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/21 09:33:45 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/21 09:33:45 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/20 23:01:43 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/20 17:05:17 | 00,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2009/12/20 16:59:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/12/20 15:54:23 | 00,410,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\S\Desktop\TFC.exe
[2009/12/20 15:53:43 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\S\Desktop\OTL.exe
[2009/12/09 19:19:04 | 00,000,000 | ---D | C] -- C:\Program Files\DVDFab 6
[2009/12/07 20:18:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\IsolatedStorage
[2009/12/07 20:15:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2009/12/07 00:30:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\S\Application Data\CoffeeCup Software
[2009/12/07 00:30:46 | 00,000,000 | ---D | C] -- C:\Program Files\CoffeeCup Software
[2009/09/16 16:50:44 | 07,760,687 | ---- | C] (Boraxsoft) -- C:\Documents and Settings\S\Application Data\SetupGFD.exe
[2009/09/16 16:46:18 | 04,284,535 | ---- | C] (ffdshow ) -- C:\Documents and Settings\S\Application Data\ffdshow.exe
[2009/09/16 16:45:45 | 00,642,685 | ---- | C] (Xvid team ) -- C:\Documents and Settings\S\Application Data\xvid.exe
[2009/09/16 16:43:12 | 02,169,915 | ---- | C] (LIGHTNING UK!) -- C:\Documents and Settings\S\Application Data\Imgburn.exe
[2009/09/16 16:37:59 | 04,182,178 | ---- | C] (The Public) -- C:\Documents and Settings\S\Application Data\Avisynth.exe
[2009/08/13 18:47:07 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\S\Application Data\pcouffin.sys
[2009/08/10 11:50:25 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/05/22 03:43:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/04/30 17:32:38 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/04/30 17:32:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2009/12/27 10:29:12 | 00,326,964 | ---- | M] () -- C:\WINDOWS\System32\pguard.dat
[2009/12/27 10:28:47 | 00,124,532 | ---- | M] () -- C:\WINDOWS\System32\pghash.dat
[2009/12/27 10:17:26 | 10,485,760 | ---- | M] () -- C:\Documents and Settings\S\ntuser.dat
[2009/12/27 10:10:04 | 01,030,850 | ---- | M] () -- C:\Documents and Settings\S\Desktop\Meet the Stars Behind_ Alvi..pdf
[2009/12/27 10:00:19 | 00,685,314 | ---- | M] () -- C:\Documents and Settings\S\Desktop\Redirection Of Search Resul..pdf
[2009/12/27 09:49:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/27 09:49:41 | 10,732,70784 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/26 22:47:04 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\S\ntuser.ini
[2009/12/25 19:03:46 | 00,000,091 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/12/23 20:24:11 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2009/12/22 22:13:11 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/12/21 09:34:15 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/20 23:01:44 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\S\Desktop\HijackThis.lnk
[2009/12/20 22:19:20 | 00,123,904 | ---- | M] () -- C:\Documents and Settings\S\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/20 17:05:18 | 00,000,917 | ---- | M] () -- C:\Documents and Settings\S\Desktop\Revo Uninstaller.lnk
[2009/12/20 15:54:23 | 00,410,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\S\Desktop\TFC.exe
[2009/12/20 15:53:43 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\S\Desktop\OTL.exe
[2009/12/15 11:24:48 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\S\Desktop\gmer.exe
[2009/12/14 14:47:14 | 00,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/09 19:19:24 | 00,087,608 | ---- | M] () -- C:\Documents and Settings\S\Application Data\inst.exe
[2009/12/09 19:19:24 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\drivers\pcouffin.sys
[2009/12/09 19:19:24 | 00,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\S\Application Data\pcouffin.sys
[2009/12/09 19:19:24 | 00,007,887 | ---- | M] () -- C:\Documents and Settings\S\Application Data\pcouffin.cat
[2009/12/09 19:19:24 | 00,001,144 | ---- | M] () -- C:\Documents and Settings\S\Application Data\pcouffin.inf
[2009/12/09 19:19:10 | 00,000,618 | ---- | M] () -- C:\Documents and Settings\S\Desktop\DVDFab 6.lnk
[2009/12/08 16:42:23 | 00,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/08 16:42:23 | 00,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/08 16:42:23 | 00,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/07 20:14:46 | 00,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Amazon Unbox.lnk
[2009/12/07 16:39:38 | 00,153,600 | ---- | M] () -- C:\Documents and Settings\S\Application Data\SharedSettings.ccs
[2009/12/07 00:30:52 | 00,000,208 | ---- | M] () -- C:\WINDOWS\System32\xpysys.dll
[2009/12/07 00:30:49 | 00,001,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CoffeeCup Free FTP.lnk
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/27 22:13:44 | 00,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk

========== Files Created - No Company Name ==========

[2009/12/27 10:10:00 | 01,030,850 | ---- | C] () -- C:\Documents and Settings\S\Desktop\Meet the Stars Behind_ Alvi..pdf
[2009/12/24 05:36:55 | 00,685,314 | ---- | C] () -- C:\Documents and Settings\S\Desktop\Redirection Of Search Resul..pdf
[2009/12/21 14:35:08 | 00,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/12/21 09:34:15 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/20 23:01:44 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\S\Desktop\HijackThis.lnk
[2009/12/20 17:05:18 | 00,000,917 | ---- | C] () -- C:\Documents and Settings\S\Desktop\Revo Uninstaller.lnk
[2009/12/15 11:24:48 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\S\Desktop\gmer.exe
[2009/12/09 19:19:10 | 00,000,618 | ---- | C] () -- C:\Documents and Settings\S\Desktop\DVDFab 6.lnk
[2009/12/07 20:14:46 | 00,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Amazon Unbox.lnk
[2009/12/07 00:36:35 | 00,153,600 | ---- | C] () -- C:\Documents and Settings\S\Application Data\SharedSettings.ccs
[2009/12/07 00:30:52 | 00,000,208 | ---- | C] () -- C:\WINDOWS\System32\xpysys.dll
[2009/12/07 00:30:49 | 00,001,714 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CoffeeCup Free FTP.lnk
[2009/09/28 14:37:14 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2009/09/28 14:37:12 | 00,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/08/13 18:47:28 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\S\Application Data\pcouffin.log
[2009/08/13 18:47:07 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\S\Application Data\inst.exe
[2009/08/13 18:47:07 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\S\Application Data\pcouffin.cat
[2009/08/13 18:47:07 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\S\Application Data\pcouffin.inf
[2009/08/10 13:41:41 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll
[2009/08/10 13:41:41 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll
[2009/08/10 13:41:41 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll
[2009/07/28 07:12:32 | 00,000,022 | ---- | C] () -- C:\Documents and Settings\S\Local Settings\Application Data\kodakpcd.ini
[2009/07/19 12:26:39 | 00,000,436 | -HS- | C] () -- C:\WINDOWS\System32\ss.drv
[2009/07/13 20:24:20 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\S\Local Settings\Application Data\ch.log
[2009/06/28 18:04:44 | 00,000,326 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\PrimoPDFSet.xml
[2009/06/27 22:10:57 | 00,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/06/16 13:21:24 | 00,000,046 | ---- | C] () -- C:\Documents and Settings\S\Local Settings\Application Data\DonationCoder_findrunrobot_InstallInfo.dat
[2009/06/07 11:54:57 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009/05/17 16:31:34 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2009/05/17 11:23:59 | 00,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/05/13 19:27:27 | 00,000,091 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/05/10 10:28:14 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\S\Application Data\AVSDVDPlayer.m3u
[2009/05/10 10:18:13 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/05/10 10:18:13 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/05/09 22:41:32 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/05/09 22:41:32 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/05/09 22:41:30 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\cdga.dll
[2009/05/06 12:24:49 | 00,209,008 | ---- | C] () -- C:\WINDOWS\System32\kbhookdll.dll
[2009/05/05 23:46:21 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/05/03 13:56:38 | 00,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/05/03 13:56:38 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/05/03 13:56:38 | 00,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/05/03 13:40:21 | 00,123,904 | ---- | C] () -- C:\Documents and Settings\S\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/01 21:30:59 | 00,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\SnopFree.sys
[2009/04/30 19:41:58 | 00,003,333 | ---- | C] () -- C:\Documents and Settings\S\Application Data\CleanUp!.log
[2009/04/30 18:17:50 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/04/30 10:20:27 | 00,049,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\atirtcap.sys
[2009/04/30 10:20:25 | 00,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmdcd.sys
[2007/11/06 12:19:28 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2004/10/26 14:39:05 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/01/28 14:35:54 | 00,021,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\ProtoWall.sys

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: ATAPI.SYS >
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\DRIVERS\ATAPI.SYS

< MD5 for: NETLOGON.DLL >
[2004/08/03 23:56:46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\NETLOGON.DLL

< MD5 for: SCECLI.DLL >
[2004/08/03 23:56:46 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\SCECLI.DLL

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:2B213EDA41E2FBA3
@Alternate Data Stream - 181 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15A45766
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
< End of report >

Extras.txt

OTL Extras logfile created on: 12/27/2009 10:29:23 AM - Run 4
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\S\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 592.00 Mb Available Physical Memory | 58.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 6.20 Gb Free Space | 4.16% Space Free | Partition Type: NTFS
Drive D: | 247.72 Mb Total Space | 10.81 Mb Free Space | 4.36% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: S
Current User Name: S
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe" = C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe:*:Enabled:Anapod Xtreamer -- (Red Chair Software, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-785F-478A-BAA2-87F1A136068C}" = MSN Encarta Plus Support Files
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D0859C7-4C5D-40BA-A3EA-698BA820E7A7}" = MassArticleCreator
"{26A24AE4-039D-4CA4-87B4-2F83216012F0}" = Java™ 6 Update 12
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2DA5F30F-7C93-49CA-BB10-5832F01D6478}_is1" = Sothink iPod Video Converter
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BAD2D97-4900-4014-A2F5-B549802CEEE2}" = Macrium Reflect - Free Edition
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{410C6CCD-AF5E-4B1D-AD83-800D21892814}" = TweakPS
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{491A2E98-1E87-4FA0-B71A-607724BDA8C0}_is1" = ProtoWall 1.42 build 5300
"{4F1CECBC-670F-4daa-81D6-944B12450917}" = DIGReqEx
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{5A347920-4AFC-11D5-9FB0-800649886934}" = SDFormatter
"{5BFB956C-3AB9-492A-9E91-5D8C87DCC598}" = Paint.NET v3.5.1
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHSTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{87C51198-5A95-4577-9F47-B953D862FA90}" = EPSON Status Monitor 2
"{885744A4-1A01-44B0-858A-0AE6738CBCF7}" = PrimoPDF Redistribution Package
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CF6A157-F0E8-4216-B229-C0CA8204BE2C}_is1" = Copy Handler 1.31 Final
"{9F7FC79B-3059-4264-9450-39EB368E3220}" = Microsoft Picture It! Library 9
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A98E3354-AD08-427C-A0AC-32221A3E6598}" = Active@ Partition Manager
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{ABEB838C-A1A7-4C5D-B7E1-8B4314600155}" = MSN Messenger 6.1
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.8.7
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C769B501-2BE8-46ed-9E69-118F008A0917}" = DIGOpt
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF91A5A9-F10D-433D-A677-9505B84EAF1B}" = Stardock Impulse
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0900}" = Microsoft Picture It! Express 9
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"7-Zip" = 7-Zip 4.65
"Active@ DVD Eraser v 1.1" = Active@ DVD Eraser v 1.1
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agnitum Outpost Firewall_is1" = Outpost Firewall 2009
"AI RoboForm" = AI RoboForm (All Users)
"Anapod CopyGear" = Anapod CopyGear (remove only)
"Anapod Explorer" = Anapod Explorer (remove only)
"AnyDVD" = AnyDVD
"AoA Audio Extractor_is1" = AoA Audio Extractor 1.0
"Artisteer 2" = Artisteer 2
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"BE37E547-62DF-43C8-AE6A-D03E82BC67A2_is1" = DVD slideshow GUI 0.9.2.7
"Belarc Advisor" = Belarc Advisor 7.2
"Billy_is1" = Sheep Friends - Billy 1.03
"CCleaner" = CCleaner
"CleanUp!" = CleanUp!
"CloneDVD2" = CloneDVD2
"CloneDVDmobile" = CloneDVDmobile
"CoffeeCup Free FTP 4.2" = CoffeeCup Free FTP
"Cucusoft DVD to iPod + iPod Video Converter Suite_is1" = Cucusoft DVD to iPod + iPod Video Converter Suite 7.19.7.12
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Defraggler" = Defraggler
"DiamondCS ProcessGuard_is1" = DiamondCS ProcessGuard v3.500
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DriverAgent.exe" = DriverAgent by eSupport.com
"DVDFab 6_is1" = DVDFab 6.2.0.5 (11/11/2009)
"Fences" = Fences
"ffdshow_is1" = ffdshow [rev 2583] [2009-01-05]
"filehippo.com" = filehippo.com Update Checker
"FilmFiler-lite_is1" = FFlite version 1.0
"Find and Run Robot_is1" = Find+Run Robot 2.67.01
"FlashGet" = FlashGet 1.9.6.1073
"FLVCodec" = PlayFLV
"FormatFactory" = FormatFactory 2.10
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Free DVD Video Burner_is1" = Free DVD Video Burner version 1.1
"Free Easy Burner_is1" = Free Easy Burner V 3.9
"Free FLV Converter_is1" = Free FLV Converter V 6.6.1
"GUI for dvdauthor" = GUI for dvdauthor 1.07
"HaaliMkx" = Haali Media Splitter
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{87C51198-5A95-4577-9F47-B953D862FA90}" = EPSON Status Monitor 2
"IsoBuster_is1" = IsoBuster 2.5
"KeyScrambler" = KeyScrambler
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NeoKwinto" = NeoKwinto
"NFOPad" = NFOPad 1.54
"NirSoft VideoCacheView" = NirSoft VideoCacheView
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"Papel_is1" = Papel 6.10.20
"PDFTools_is1" = PDFTools Version 1.2 (09/28/2006)
"PE Builder_is1" = PE Builder 3.1.10a
"PeerGuardian_is1" = PeerGuardian 2.0
"PictureIt_POD_v9" = Microsoft Picture It! Library 9
"PictureIt_v9" = Microsoft Picture It! Express 9
"PowerDVD" = PowerDVD
"PrimoPDF3.1" = PrimoPDF
"Q10" = Q10 Editor
"QuotePad_is1" = QuotePad 2.2
"Rainlendar2" = Rainlendar2 (remove only)
"RAR Password Cracker" = RAR Password Cracker 4.12
"Revo Uninstaller" = Revo Uninstaller 1.85
"Slice" = Slice Audio File Splitter
"SnoopFreePrivacyShield" = SnoopFree Privacy Shield
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Stardock Impulse" = Stardock Impulse
"StatBar_is1" = StatBar 2.406
"StorYBook" = StorYBook
"SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009)
"Sweep!" = Sweep!
"SweepsWizard" = SweepsWizard
"The Blocklist Manager_is1" = BLM 2.7.7
"TrueCrypt" = TrueCrypt
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.9
"waterMark V2" = waterMark V2
"WavePad" = WavePad Sound Editor
"WinAVI Video Converter_is1" = WinAVI Video Converter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPatrol" = WinPatrol 2009
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Writer's Blocks" = Writer's Blocks
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XMind" = XMind
"Xvid_is1" = Xvid 1.1.3 final uninstall
"XXClone" = XXClone ver 0.58.0
"ZhornStickies" = Stickies 6.7a
"Zilla PDF to TXT Converter_is1" = Zilla PDF to TXT Converter V1.0.7

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/21/2009 2:55:07 PM | Computer Name = A | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

Error - 12/21/2009 2:55:09 PM | Computer Name = A | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

Error - 12/21/2009 2:56:21 PM | Computer Name = A | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

Error - 12/21/2009 2:57:23 PM | Computer Name = A | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

Error - 12/21/2009 2:57:46 PM | Computer Name = A | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

Error - 12/21/2009 2:57:48 PM | Computer Name = A | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

Error - 12/21/2009 2:57:50 PM | Computer Name = A | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

Error - 12/21/2009 7:51:08 PM | Computer Name = A | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

Error - 12/21/2009 7:51:19 PM | Computer Name = A | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

Error - 12/21/2009 7:51:21 PM | Computer Name = A | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

[ Application Events ]
Error - 12/21/2009 2:55:07 PM | Computer Name = A | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

Error - 12/21/2009 2:55:09 PM | Computer Name = A | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

Error - 12/21/2009 2:56:21 PM | Computer Name = A | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

Error - 12/21/2009 2:57:23 PM | Computer Name = A | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

Error - 12/21/2009 2:57:46 PM | Computer Name = A | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

Error - 12/21/2009 2:57:48 PM | Computer Name = A | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

Error - 12/21/2009 2:57:50 PM | Computer Name = A | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

Error - 12/21/2009 7:51:08 PM | Computer Name = A | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

Error - 12/21/2009 7:51:19 PM | Computer Name = A | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

Error - 12/21/2009 7:51:21 PM | Computer Name = A | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

[ System Events ]
Error - 12/27/2009 2:24:30 PM | Computer Name = A | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/27/2009 2:25:40 PM | Computer Name = A | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/27/2009 2:26:18 PM | Computer Name = A | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/27/2009 2:28:39 PM | Computer Name = A | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/27/2009 2:28:41 PM | Computer Name = A | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/27/2009 2:30:36 PM | Computer Name = A | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/27/2009 2:31:46 PM | Computer Name = A | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/27/2009 2:31:56 PM | Computer Name = A | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/27/2009 2:34:02 PM | Computer Name = A | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/27/2009 2:34:05 PM | Computer Name = A | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.


< End of report >

[hammerman]

Hi,

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

[surveyer]

ComboFix log

ComboFix 09-12-26.05 - S 12/28/2009 9:24.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.709 [GMT -8:00]
Running from: c:\documents and settings\S\Desktop\ComboFix.exe
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\S\Application Data\inst.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\system32\xpysys.dll

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-28 )))))))))))))))))))))))))))))))
.

2009-12-21 22:37 . 2009-12-21 22:37 -------- d-----w- c:\documents and settings\S\Application Data\Apple Computer
2009-12-21 22:37 . 2009-12-21 22:37 -------- d-----w- c:\documents and settings\S\Local Settings\Application Data\Apple Computer
2009-12-21 22:34 . 2009-12-21 22:35 -------- d-----w- c:\program files\Safari
2009-12-21 22:34 . 2009-12-21 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-12-21 22:32 . 2009-12-21 22:32 -------- d-----w- c:\program files\Common Files\Apple
2009-12-21 22:31 . 2009-12-21 22:31 -------- d-----w- c:\documents and settings\S\Local Settings\Application Data\Apple
2009-12-21 22:30 . 2009-12-21 22:30 -------- d-----w- c:\program files\Apple Software Update
2009-12-21 22:30 . 2009-12-21 22:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-12-21 17:34 . 2009-12-21 17:34 -------- d-----w- c:\documents and settings\S\Application Data\Malwarebytes
2009-12-21 17:34 . 2009-12-04 00:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-21 17:33 . 2009-12-21 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-21 17:33 . 2009-12-21 17:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-21 17:33 . 2009-12-04 00:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-21 07:01 . 2009-12-21 07:01 -------- d-----w- c:\program files\Trend Micro
2009-12-21 01:05 . 2009-12-21 01:05 -------- d-----w- c:\program files\VS Revo Group
2009-12-20 21:10 . 2009-12-20 21:10 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-12-10 03:19 . 2009-12-10 03:19 -------- d-----w- c:\program files\DVDFab 6
2009-12-08 04:18 . 2009-12-08 04:18 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\IsolatedStorage
2009-12-08 04:15 . 2009-12-08 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Amazon
2009-12-07 08:30 . 2009-12-07 08:37 -------- d-----w- c:\documents and settings\S\Application Data\CoffeeCup Software
2009-12-07 08:30 . 2009-12-07 08:30 -------- d-----w- c:\program files\CoffeeCup Software
2009-12-02 13:20 . 2009-11-05 08:10 52224 ----a-w- c:\documents and settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{e073c84a-e479-468e-a356-47d96c5ca888}\components\FFExternalAlert.dll
2009-12-02 13:20 . 2009-11-05 08:10 114688 ----a-w- c:\documents and settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{e073c84a-e479-468e-a356-47d96c5ca888}\components\npmozax.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-28 17:41 . 2009-05-02 11:29 156620 ----a-w- c:\windows\system32\pghash.dat
2009-12-28 17:07 . 2009-05-01 04:24 -------- d-----w- c:\program files\PeerGuardian2
2009-12-28 10:05 . 2009-05-01 03:19 -------- d-----w- c:\program files\FlashGet
2009-12-28 08:57 . 2009-05-01 03:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-27 18:49 . 2009-05-02 11:29 326964 ----a-w- c:\windows\system32\pguard.dat
2009-12-26 01:30 . 2009-05-01 01:55 -------- d-----w- c:\documents and settings\S\Application Data\MSN6
2009-12-26 00:39 . 2009-05-01 03:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-25 02:49 . 2009-06-16 21:21 -------- d-----w- c:\program files\FindAndRunRobot
2009-12-24 04:24 . 2001-08-23 12:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-21 17:02 . 2009-11-26 23:16 -------- d-----w- c:\program files\Amazon
2009-12-21 17:02 . 2009-05-21 05:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-21 06:14 . 2009-05-01 03:10 -------- d-----w- c:\program files\SpywareBlaster
2009-12-11 02:19 . 2009-06-07 19:45 -------- d-----w- c:\documents and settings\S\Application Data\dvdcss
2009-12-10 03:19 . 2009-08-14 02:47 -------- d-----w- c:\documents and settings\S\Application Data\Vso
2009-12-10 03:19 . 2009-08-14 02:47 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-12-10 03:19 . 2009-08-14 02:47 47360 ----a-w- c:\documents and settings\S\Application Data\pcouffin.sys
2009-12-10 03:19 . 2009-08-14 02:47 47360 ----a-w- c:\documents and settings\S\Application Data\pcouffin.sys
2009-12-08 18:23 . 2009-05-01 03:41 -------- d-----w- c:\program files\CleanUp!
2009-12-06 18:16 . 2009-05-13 20:56 -------- d-----w- c:\program files\Free Easy Burner
2009-11-28 06:13 . 2009-08-06 04:01 -------- d-----w- c:\program files\Paint.NET
2009-11-27 00:34 . 2009-11-26 23:17 -------- d-----w- c:\documents and settings\S\Application Data\Amazon
2009-11-19 04:18 . 2009-11-19 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\GlobalSCAPE
2009-11-19 04:15 . 2009-11-19 04:15 -------- d-----w- c:\documents and settings\S\Application Data\GlobalSCAPE
2009-11-19 04:14 . 2009-11-19 04:14 -------- d-----w- c:\program files\GlobalSCAPE
2009-11-19 03:44 . 2009-11-03 00:16 -------- d-----w- c:\documents and settings\S\Application Data\CoreFTP
2009-11-17 23:46 . 2009-06-07 02:28 -------- d-----w- c:\program files\Advanced Pdf Tool Free
2009-11-15 23:03 . 2009-11-15 23:02 -------- d-----w- c:\program files\EasyPHP5.3.0
2009-11-08 06:17 . 2009-08-04 18:16 -------- d-----w- c:\documents and settings\S\Application Data\stickies
2009-11-06 15:27 . 2009-05-20 21:50 -------- d-----w- c:\program files\Sweep
2009-11-06 05:16 . 2009-11-06 05:16 73728 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-02 20:31 . 2009-11-02 20:31 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
2009-10-29 07:45 . 2001-08-23 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-26 17:21 . 2009-10-27 17:59 94208 ----a-w- c:\documents and settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayAccessComponent.dll
2009-10-26 17:21 . 2009-10-27 17:59 50176 ----a-w- c:\documents and settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayShortcutMaker.dll
2009-10-21 05:38 . 2009-05-10 03:17 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38 . 2009-05-10 03:17 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-20 19:13 . 2009-05-02 05:49 19560 ----a-w- c:\documents and settings\S\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-20 16:20 . 2009-05-10 03:17 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-14 00:12 . 2009-10-14 00:12 355574 ----a-r- c:\documents and settings\S\Application Data\Microsoft\Installer\{1D0859C7-4C5D-40BA-A3EA-698BA820E7A7}\_7BAE06742266F3ED1073C2.exe
2009-10-14 00:12 . 2009-10-14 00:12 355574 ----a-r- c:\documents and settings\S\Application Data\Microsoft\Installer\{1D0859C7-4C5D-40BA-A3EA-698BA820E7A7}\_244C619FB12F34EE37CA9F.exe
2009-10-13 10:30 . 2001-08-23 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2001-08-23 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2001-08-23 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-08 17:31 . 2009-10-31 03:25 3204096 ----a-w- c:\documents and settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\SSS.dll
2009-10-08 01:06 . 2009-10-31 03:25 106496 ----a-w- c:\documents and settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\FSAddin.dll
2009-10-05 23:40 . 2009-10-05 23:40 77824 ----a-w- c:\documents and settings\S\Application Data\XMind\configuration-cathy\org.eclipse.osgi\bundles\153\1\.cp\swt-gdip-win32-3449.dll
2009-10-05 23:40 . 2009-10-05 23:40 335872 ----a-w- c:\documents and settings\S\Application Data\XMind\configuration-cathy\org.eclipse.osgi\bundles\153\1\.cp\swt-win32-3449.dll
2009-10-05 22:27 . 2009-07-19 20:26 436 --sha-w- c:\windows\system32\ss.drv
2009-10-02 17:59 . 2009-11-02 20:31 3254528 -c--a-w- c:\documents and settings\All Users\Application Data\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}\Fences.exe
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-30 1432064]
"StatBar"="c:\program files\Globe Software\StatBar\StatBar.exe" [2003-07-25 335872]
"I-Hate-Keyloggers"="c:\documents and settings\S\My Documents\i-hate-keyloggers.exe" [2006-07-17 195584]
"!1_ProcessGuard_Startup"="c:\program files\ProcessGuard\procguard.exe" [2008-07-25 267287]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-04-20 337216]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"!1_pgaccount"="c:\program files\ProcessGuard\pgaccount.exe" [2008-07-25 120832]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-15 2374464]
"WinPatrol [FREE Edition]"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-04-20 16:07 337216]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Launchy.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Launchy.lnk
backup=c:\windows\pss\Launchy.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MagicKey.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MagicKey.lnk
backup=c:\windows\pss\MagicKey.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgr.exe"=

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [5/1/2009 6:10 PM 22360]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [5/20/2008 7:32 AM 15328]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [5/1/2009 6:10 PM 45416]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [5/1/2009 9:23 PM 704384]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [5/1/2009 9:21 PM 1195008]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/1/2009 6:10 PM 108289]
R2 DCSPGSRV;DiamondCS ProcessGuard Service v3.500;c:\program files\ProcessGuard\DCSUserProt.exe [5/1/2009 9:55 PM 31744]
R2 procguard;procguard;c:\windows\system32\drivers\procguard.sys [5/1/2009 9:55 PM 26688]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [5/1/2009 9:21 PM 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [5/1/2009 9:23 PM 257432]
R3 ProtoWall;ProtoWall Defender;c:\windows\system32\drivers\ProtoWall.sys [1/28/2004 2:35 PM 21376]
S2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [8/6/2008 10:34 AM 216032]
S3 ATIVRVXX;ATI Rage Theatre Video (ATIRTCAP);c:\windows\system32\drivers\atirtcap.sys [4/30/2009 10:20 AM 49920]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [7/31/2009 10:34 PM 113896]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PGFILTER
.
------- Supplementary Scan -------
.
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
FF - ProfilePath - c:\documents and settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2318762&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Surf Canyon
FF - component: c:\documents and settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: c:\documents and settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayAccessComponent.dll
FF - component: c:\documents and settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\ebayShortcutMaker.dll
FF - component: c:\documents and settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{e073c84a-e479-468e-a356-47d96c5ca888}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\[email protected]\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\documents and settings\S\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Copy Handler - (no file)
AddRemove-FoxyTunesForFirefox - j:\portableapps\Firefox\App\firefox\firefox.exe
AddRemove-Mozilla Thunderbird (2.0.0.23) - j:\portableapps\Thunderbird\App\Thunderbird\uninstall\helper.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-28 09:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
!1_pgaccount = "c:\program files\ProcessGuard\pgaccount.exe"???????????~???~???????????????????????????????
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
StatBar = c:\program files\Globe Software\StatBar\StatBar.exe??????

scanning hidden files ...


c:\windows\$hf_mig$
c:\windows\$MSI31Uninstall_KB893803v2$
c:\windows\msdfmap.ini 1405 bytes
c:\windows\mui
c:\windows\network diagnostic
c:\windows\NIRCMD.exe 31232 bytes executable
c:\windows\notepad.exe 69120 bytes executable
c:\windows\nsreg.dat 0 bytes
c:\windows\ODBCINST.INI 4161 bytes
c:\windows\Offline Web Pages
c:\windows\Papel.ini 109 bytes
c:\windows\PCHEALTH
c:\windows\pdf995.ini 28 bytes
c:\windows\peernet
c:\windows\PEV.exe 261632 bytes executable
c:\windows\Prairie Wind.bmp 65954 bytes
c:\windows\Prefetch
c:\windows\PrimoPDF
c:\windows\primopdf.ini 310 bytes
c:\windows\provisioning
c:\windows\pss
c:\windows\regedit.exe 146432 bytes executable
c:\windows\RegisteredPackages
c:\windows\Registration
c:\windows\sed.exe 98816 bytes executable
c:\windows\ServicePackFiles
c:\windows\setupapi.log 3582 bytes
c:\windows\slrundll.exe 32866 bytes executable
c:\windows\SnoopFreeDll.dll 45056 bytes executable
c:\windows\SnoopFreeUI.exe 221184 bytes executable
c:\windows\Soap Bubbles.bmp 65978 bytes
c:\windows\SoftwareDistribution
c:\windows\ERDNT
c:\windows\explorer.exe 1033728 bytes executable
c:\windows\explorer.scf 80 bytes
c:\windows\FeatherTexture.bmp 16730 bytes
c:\windows\Fonts
c:\windows\Gone Fishing.bmp 17336 bytes
c:\windows\GPInstall.exe 796672 bytes executable
c:\windows\Greenstone.bmp 26582 bytes
c:\windows\grep.exe 80412 bytes executable
c:\windows\Help
c:\windows\hh.exe 10752 bytes executable
c:\windows\ie8
c:\windows\ie8updates
c:\windows\IfoEdit.INI 107 bytes
c:\windows\ime
c:\windows\inf
c:\windows\install.dat 164 bytes
c:\windows\REGLOCS.OLD 8192 bytes
c:\windows\repair
c:\windows\Resources
c:\windows\Rhododendron.bmp 17362 bytes
c:\windows\River Sumida.bmp 26680 bytes
c:\windows\Santa Fe Stucco.bmp 65832 bytes
c:\windows\SchedLgU.Txt 32620 bytes
c:\windows\vbaddin.ini 37 bytes
c:\windows\vmmreg32.dll 18944 bytes executable
c:\windows\WB3USER.INI 0 bytes
c:\windows\WBEM
c:\windows\WBLOCKSP.INI 362 bytes
c:\windows\Web
c:\windows\wiadebug.log 159 bytes
c:\windows\wiaservc.log 50 bytes
c:\windows\win.ini 533 bytes
c:\windows\WindowsShell.Manifest 749 bytes
c:\windows\WindowsUpdate.log 1568998 bytes
c:\windows\winhelp.exe 256192 bytes
c:\windows\winhlp32.exe 283648 bytes executable
c:\windows\winnt.bmp 48680 bytes
c:\windows\winnt256.bmp 48680 bytes
c:\windows\WinSxS
c:\windows\WMSysPr8.prx 156910 bytes
c:\windows\WMSysPr9.prx 316640 bytes
c:\windows\WMSysPrx.prx 299552 bytes
c:\windows\wpd99.drv 60 bytes
c:\windows\xxclone.ini 511 bytes
c:\windows\Zapotec.bmp 9522 bytes
c:\windows\zip.exe 68096 bytes executable
c:\windows\_default.pif 707 bytes
c:\windows\$NtUninstallKB950974_0$
c:\windows\$NtUninstallKB954600$
c:\windows\$NtUninstallKB958687_0$
c:\windows\$NtUninstallKB967715$
c:\windows\$NtUninstallKB973815$
c:\windows\EHome
c:\windows\Installer
c:\windows\java
c:\windows\msapps
c:\windows\security
c:\windows\vb.ini 36 bytes
c:\windows\is-1OC3J.exe 775168 bytes executable
c:\windows\is-1OC3J.lst 238 bytes
c:\windows\is-1OC3J.msg 10194 bytes
c:\windows\is-1TDCL.exe 680960 bytes executable
c:\windows\is-1TDCL.lst 980 bytes
c:\windows\is-1TDCL.msg 10453 bytes
c:\windows\IsUninst.exe 306688 bytes executable
c:\windows\bootstat.dat 2048 bytes
c:\windows\clock.avi 82944 bytes
c:\windows\Coffee Bean.bmp 17062 bytes
c:\windows\Config
c:\windows\Connection Wizard
c:\windows\control.ini 0 bytes
c:\windows\Cursors
c:\windows\Debug
c:\windows\desktop.ini 2 bytes
c:\windows\Downloaded Installations
c:\windows\Downloaded Program Files
c:\windows\Driver Cache
c:\windows\$NtUninstallKB951066$
c:\windows\$NtUninstallKB951066_0$
c:\windows\$NtUninstallKB951376-v2$
c:\windows\$NtUninstallKB951376-v2_0$
c:\windows\$NtUninstallKB951748$
c:\windows\$NtUninstallKB951748_0$
c:\windows\$NtUninstallKB951978$
c:\windows\$NtUninstallKB952004$
c:\windows\$NtUninstallKB952004_0$
c:\windows\$NtUninstallKB952069_WM9$
c:\windows\$NtUninstallKB952287$
c:\windows\$NtUninstallKB952287_0$
c:\windows\$NtUninstallKB952954$
c:\windows\$NtUninstallKB952954_0$
c:\windows\$NtUninstallKB954154_WM11$
c:\windows\$NtUninstallKB954155_WM9$
c:\windows\$NtUninstallKB954459$
c:\windows\$NtUninstallKB967715_0$
c:\windows\$NtUninstallKB968389$
c:\windows\$NtUninstallKB968537$
c:\windows\$NtUninstallKB968816_WM9$
c:\windows\$NtUninstallKB969059$
c:\windows\$NtUninstallKB969898$
c:\windows\$NtUninstallKB969947$
c:\windows\$NtUninstallKB970238$
c:\windows\$NtUninstallKB970430$
c:\windows\$NtUninstallKB970653-v3$
c:\windows\$NtUninstallKB971486$
c:\windows\$NtUninstallKB971557$
c:\windows\$NtUninstallKB971633$
c:\windows\$NtUninstallKB971657$
c:\windows\$NtUninstallKB971737$
c:\windows\$NtUninstallKB973346$
c:\windows\$NtUninstallKB973354$
c:\windows\$NtUninstallKB973507$
c:\windows\$NtUninstallKB973525$
c:\windows\$NtUninstallKB973540_WM9$
c:\windows\$NtUninstallKB973687$
c:\windows\srchasst
c:\windows\Sti_Trace.log 0 bytes
c:\windows\Sun
c:\windows\SWREG.exe 161792 bytes executable
c:\windows\SWSC.exe 136704 bytes executable
c:\windows\SWXCACLS.exe 212480 bytes executable
c:\windows\SxsCaPendDel
c:\windows\system.ini 250 bytes
c:\windows\system32
c:\windows\TSKMAN.EXE 15360 bytes executable
c:\windows\Tasks
c:\windows\Temp
c:\windows\Thumbs.db 7168 bytes
c:\windows\transp.gif 49 bytes
c:\windows\twain.dll 94784 bytes
c:\windows\twain_32
c:\windows\twain_32.dll 50688 bytes executable
c:\windows\twunk_16.exe 49680 bytes
c:\windows\twunk_32.exe 25600 bytes executable
c:\windows\uninst.exe 299520 bytes executable
c:\windows\uninstallstickies.bat 489 bytes
c:\windows\v2d.INI 28 bytes
c:\windows\$NtUninstallKB958690$
c:\windows\$NtUninstallKB958690_0$
c:\windows\$NtUninstallKB958869$
c:\windows\$NtUninstallKB959426$
c:\windows\$NtUninstallKB959426_0$
c:\windows\$NtUninstallKB960225$
c:\windows\$NtUninstallKB960225_0$
c:\windows\$NtUninstallKB960715$
c:\windows\$NtUninstallKB960803$
c:\windows\$NtUninstallKB960803_0$
c:\windows\$NtUninstallKB960859$
c:\windows\$NtUninstallKB961118$
c:\windows\$NtUninstallKB961371$
c:\windows\$NtUninstallKB961373$
c:\windows\$NtUninstallKB961373_0$
c:\windows\$NtUninstallKB961501$
c:\windows\$NtUninstallKB963027$
c:\windows\$NtUninstallKB963027_0$
c:\windows\$NtServicePackUninstall$
c:\windows\$NtUninstallKB898461$
c:\windows\$NtUninstallKB923561$
c:\windows\$NtUninstallKB923561_0$
c:\windows\$NtUninstallKB929399$
c:\windows\$NtUninstallKB932716-v2$
c:\windows\$NtUninstallKB938464-v2$
c:\windows\$NtUninstallKB938464-v2_0$
c:\windows\$NtUninstallKB939209$
c:\windows\$NtUninstallKB939683$
c:\windows\$NtUninstallKB941569$
c:\windows\$NtUninstallKB944338-v2$
c:\windows\$NtUninstallKB945060-v3$
c:\windows\$NtUninstallKB946648$
c:\windows\$NtUninstallKB946648_0$
c:\windows\$NtUninstallKB950760$
c:\windows\$NtUninstallKB950762$
c:\windows\$NtUninstallKB950762_0$
c:\windows\$NtUninstallKB950974$
c:\windows\l2schemas
c:\windows\MBR.exe 77312 bytes executable
c:\windows\Media
c:\windows\Microsoft.NET
c:\windows\Minidump
c:\windows\msagent
c:\windows\$NtUninstallKB954600_0$
c:\windows\$NtUninstallKB955069$
c:\windows\$NtUninstallKB955069_0$
c:\windows\$NtUninstallKB955839$
c:\windows\$NtUninstallKB956572$
c:\windows\$NtUninstallKB956572_0$
c:\windows\$NtUninstallKB956744$
c:\windows\$NtUninstallKB956802$
c:\windows\$NtUninstallKB956802_0$
c:\windows\$NtUninstallKB956803$
c:\windows\$NtUninstallKB956803_0$
c:\windows\$NtUninstallKB956844$
c:\windows\$NtUninstallKB957097$
c:\windows\$NtUninstallKB957097_0$
c:\windows\$NtUninstallKB958644$
c:\windows\$NtUninstallKB958644_0$
c:\windows\$NtUninstallKB958687$
c:\windows\$NtUninstallKB973869$
c:\windows\$NtUninstallKB973904$
c:\windows\$NtUninstallKB974112$
c:\windows\$NtUninstallKB974318$
c:\windows\$NtUninstallKB974392$
c:\windows\$NtUninstallKB974571$
c:\windows\$NtUninstallKB975025$
c:\windows\$NtUninstallKB975467$
c:\windows\$NtUninstallKB976098-v2$
c:\windows\$NtUninstallMSCompPackV1$
c:\windows\$NtUninstallWMFDist11$
c:\windows\$NtUninstallwmp11$
c:\windows\$NtUninstallWudf01000$
c:\windows\0.log 0 bytes
c:\windows\addins
c:\windows\apdfpr.ini 278 bytes
c:\windows\AppPatch
c:\windows\assembly
c:\windows\AviSplitter.INI 38 bytes
c:\windows\Blue Lace 16.bmp 1272 bytes

scan completed successfully
hidden files: 250

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2132)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\SnoopFreeSvc.exe
c:\windows\SnoopFreeUI.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-12-28 09:45:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-28 17:45

Pre-Run: 5,983,666,176 bytes free
Post-Run: 5,870,239,744 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 8DD15EC0B45751546D08D01B5FA1DC3A

[surveyer]

Some initial observations after running combofix:
-not getting immediate 100% CPU spike anymore after system reboots/restarts
-6 svchost.exe processes still showing up, is this normal or would additional cleanup be needed?
-first search result from google not being redirected (yay!)
-WinPatrol detected a change in the HOSTS file, should this be accepted?

[hammerman]

Hi,

Accept the change in hosts file.
Multiple svchost.exe file is normal.
Do you know which application is causing all the windows files/folders to be hidden?

Run OTL and select Minimal Output. Use the Quick Scan button to start a scan.
Please post the OTL report in your reply.

[surveyer]

Hi Hammerman. Below is the OTL report.

OTL.txt

OTL logfile created on: 12/28/2009 12:50:55 PM - Run 5
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\S\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 645.00 Mb Available Physical Memory | 63.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 5.50 Gb Free Space | 3.69% Space Free | Partition Type: NTFS
Drive D: | 247.72 Mb Total Space | 10.81 Mb Free Space | 4.36% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 931.51 Gb Total Space | 0.53 Gb Free Space | 0.06% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 3.73 Gb Total Space | 1.85 Gb Free Space | 49.58% Space Free | Partition Type: FAT32

Computer Name: A
Current User Name: S
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\S\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\WINDOWS\SnoopFreeUI.exe (SnoopFree Software)
PRC - C:\WINDOWS\system32\SnoopFreeSvc.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\ProcessGuard\DCSUserProt.exe (DiamondCS)
PRC - C:\Program Files\ProcessGuard\pgaccount.exe (DiamondCS)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Globe Software\StatBar\StatBar.exe (Globe Software)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\S\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\SnoopFreeDll.dll ()


========== Win32 Services (SafeList) ==========

SRV - (WebrootSpySweeperService) -- File not found
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SnoopFreeSvc) -- C:\WINDOWS\system32\SnoopFreeSvc.exe ()
SRV - (acssrv) -- C:\Program Files\Agnitum\Outpost Firewall\acs.exe (Agnitum Ltd.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (ReflectService) -- C:\Program Files\Macrium\Reflect\ReflectService.exe ()
SRV - (DCSPGSRV) -- C:\Program Files\ProcessGuard\dcsuserprot.exe (DiamondCS)
SRV - (NWCWorkstation) -- C:\WINDOWS\system32\nwwks.dll (Microsoft Corporation)
SRV - (EpsonBidirectionalService) -- C:\Program Files\EPSON\ESM2\eEBSvc.exe ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "About.com Contests Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {e073c84a-e479-468e-a356-47d96c5ca888}:2.4.0.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.93
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.29
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.4
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.1.0
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5
FF - prefs.js..extensions.enabledItems: {62760FD6-B943-48C9-AB09-F99C6FE96088}:2.0.2
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.5
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.80
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.04
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1
FF - prefs.js..extensions.enabledItems: {4BCC5CF2-DD1B-4f34-80BA-E5A2355D3936}:0.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.3
FF - prefs.js..extensions.enabledItems: [email protected]:2.2.7.4
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.2.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.16.1
FF - prefs.js..extensions.enabledItems: {7102aba3-045c-4ec2-b921-46d87636d84b}:1.35
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.3.1
FF - prefs.js..extensions.enabledItems: {5546F97E-11A5-46b0-9082-32AD74AAA920}:0.5.5.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.4
FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3
FF - prefs.js..extensions.enabledItems: page_info_links@francev_nikolay:0.8
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..extensions.enabledItems: [email protected]:0.9948
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.3
FF - prefs.js..extensions.enabledItems: {75623d5d-4683-402a-b610-ac4bab767c86}:3.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..extensions.enabledItems: {d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}:2.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:0.8.2009102801
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: {b065cadc-711c-4074-a257-63df8e2128d7}:0.1.6.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2009/05/11 19:09:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/10 08:09:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/30 05:45:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: J:\PortableApps\Thunderbird\App\Thunderbird\components [2009/07/19 18:20:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: J:\PortableApps\Thunderbird\App\Thunderbird\plugins [2009/09/01 13:11:44 | 00,000,000 | ---D | M]

[2009/04/30 19:12:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Extensions
[2009/12/27 18:29:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions
[2009/08/05 12:57:17 | 00,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009/12/04 05:16:35 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/10/30 19:25:39 | 00,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2009/12/13 08:23:37 | 00,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/06/27 21:19:52 | 00,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(2)
[2009/05/06 20:39:11 | 00,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2009/11/07 00:02:40 | 00,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2009/10/15 05:33:06 | 00,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/11/11 05:03:09 | 00,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2009/11/06 07:29:14 | 00,000,000 | ---D | M] (Form Saver) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{4BCC5CF2-DD1B-4f34-80BA-E5A2355D3936}
[2009/05/10 17:36:39 | 00,000,000 | ---D | M] (InFormEnter) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
[2009/10/27 09:59:23 | 00,000,000 | ---D | M] (eBay Sidebar for Firefox) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
[2009/05/06 20:39:12 | 00,000,000 | ---D | M] (Media Converter) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
[2009/09/22 08:13:52 | 00,000,000 | ---D | M] (History Submenus) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{7102aba3-045c-4ec2-b921-46d87636d84b}
[2009/11/17 19:37:27 | 00,000,000 | ---D | M] (Surf Canyon - Search Engine Assistant) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}
[2009/11/06 07:29:21 | 00,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/12/15 08:18:26 | 00,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2009/05/06 14:20:37 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{b065cadc-711c-4074-a257-63df8e2128d7}
[2009/11/20 05:18:49 | 00,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/12/13 08:23:37 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/23 11:06:15 | 00,000,000 | ---D | M] (Tiny Menu) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}
[2009/05/06 13:35:14 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009/05/06 20:39:29 | 00,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/12/02 05:20:20 | 00,000,000 | ---D | M] (About.com Contests Toolbar) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{e073c84a-e479-468e-a356-47d96c5ca888}
[2009/09/03 05:21:59 | 00,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2009/10/07 05:42:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\[email protected]
[2009/11/04 19:41:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\[email protected]
[2009/11/28 17:07:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\[email protected]
[2009/05/10 17:36:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\[email protected]
[2009/05/13 07:21:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\[email protected]
[2009/12/02 05:20:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\[email protected]
[2009/10/22 05:16:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\[email protected]
[2009/09/03 05:22:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\[email protected]
[2009/08/01 19:13:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\[email protected]
[2009/11/24 19:25:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\page_info_links@francev_nikolay
[2009/06/27 21:19:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\personas@christopher(2).beard
[2009/11/15 10:22:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\[email protected]
[2009/05/06 13:35:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\[email protected]
[2009/11/06 07:29:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\extensions\[email protected]
[2009/12/21 15:25:18 | 00,003,291 | ---- | M] () -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\searchplugins\addic7ed-tv-subtitle-search.xml
[2009/08/11 22:43:04 | 00,000,898 | ---- | M] () -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\searchplugins\conduit.xml
[2009/09/20 16:25:47 | 00,002,271 | ---- | M] () -- C:\Documents and Settings\S\Application Data\Mozilla\Firefox\Profiles\dw624khd.default\searchplugins\surf-canyon.xml
[2009/12/27 18:29:31 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/01 13:14:58 | 00,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [!1_pgaccount] C:\Program Files\ProcessGuard\pgaccount.exe (DiamondCS)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [SnoopFreeUI] C:\WINDOWS\SnoopFreeUI.exe (SnoopFree Software)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKLM..\Run: [WinPatrol [FREE Edition]] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [!1_ProcessGuard_Startup] C:\Program Files\ProcessGuard\procguard.exe (DiamondCS)
O4 - HKCU..\Run: [I-Hate-Keyloggers] C:\Documents and Settings\S\My Documents\i-hate-keyloggers.exe (DewaSoft)
O4 - HKCU..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Phoenix Labs)
O4 - HKCU..\Run: [StatBar] C:\Program Files\Globe Software\StatBar\StatBar.exe (Globe Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.micros...cs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - - File not found
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/30 17:28:43 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/07/19 23:51:04 | 00,000,107 | ---- | M] () - J:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{dab77db2-74c5-11de-b1ec-806d6172696f}\Shell\AutoRun\command - "" = J:\StartPortableApps.exe -- [2009/03/10 23:31:48 | 00,089,280 | ---- | M] (PortableApps.com)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2009/12/28 09:18:28 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/12/28 09:08:52 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/25 16:40:45 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\S\Recent
[2009/12/21 14:37:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\S\Local Settings\Application Data\Apple Computer
[2009/12/21 14:37:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\S\Application Data\Apple Computer
[2009/12/21 14:34:31 | 00,000,000 | ---D | C] -- C:\Program Files\Safari
[2009/12/21 14:34:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/12/21 14:32:15 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/12/21 14:31:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\S\Local Settings\Application Data\Apple
[2009/12/21 14:30:38 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/12/21 14:30:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/12/21 09:34:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\S\Application Data\Malwarebytes
[2009/12/21 09:34:01 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/21 09:33:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/21 09:33:45 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/21 09:33:45 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/20 23:01:43 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/20 17:05:17 | 00,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2009/12/20 16:59:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/12/20 15:54:23 | 00,410,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\S\Desktop\TFC.exe
[2009/12/20 15:53:43 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\S\Desktop\OTL.exe
[2009/12/07 20:18:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\IsolatedStorage
[2009/09/16 16:50:44 | 07,760,687 | ---- | C] (Boraxsoft) -- C:\Documents and Settings\S\Application Data\SetupGFD.exe
[2009/09/16 16:46:18 | 04,284,535 | ---- | C] (ffdshow ) -- C:\Documents and Settings\S\Application Data\ffdshow.exe
[2009/09/16 16:45:45 | 00,642,685 | ---- | C] (Xvid team ) -- C:\Documents and Settings\S\Application Data\xvid.exe
[2009/09/16 16:43:12 | 02,169,915 | ---- | C] (LIGHTNING UK!) -- C:\Documents and Settings\S\Application Data\Imgburn.exe
[2009/09/16 16:37:59 | 04,182,178 | ---- | C] (The Public) -- C:\Documents and Settings\S\Application Data\Avisynth.exe
[2009/08/13 18:47:07 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\S\Application Data\pcouffin.sys
[2009/08/10 11:50:25 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/05/22 03:43:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/04/30 17:32:38 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/04/30 17:32:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2009/12/28 12:50:31 | 00,155,092 | ---- | M] () -- C:\WINDOWS\System32\pghash.dat
[2009/12/28 11:33:09 | 00,000,091 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/12/28 11:32:06 | 10,485,760 | ---- | M] () -- C:\Documents and Settings\S\ntuser.dat
[2009/12/28 10:28:46 | 00,888,440 | ---- | M] () -- C:\Documents and Settings\S\Desktop\Redirection Of Search Resul..pdf
[2009/12/28 09:36:28 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/12/28 09:36:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/28 09:36:16 | 10,732,70784 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/28 09:35:12 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\S\ntuser.ini
[2009/12/28 09:18:35 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/12/27 16:00:39 | 00,123,904 | ---- | M] () -- C:\Documents and Settings\S\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/27 14:01:34 | 03,867,118 | R--- | M] () -- C:\Documents and Settings\S\Desktop\ComboFix.exe
[2009/12/27 10:49:25 | 00,326,964 | ---- | M] () -- C:\WINDOWS\System32\pguard.dat
[2009/12/27 10:49:04 | 00,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/27 10:49:04 | 00,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/27 10:49:04 | 00,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/22 22:13:11 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/12/21 09:34:15 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/20 23:01:44 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\S\Desktop\HijackThis.lnk
[2009/12/20 17:05:18 | 00,000,917 | ---- | M] () -- C:\Documents and Settings\S\Desktop\Revo Uninstaller.lnk
[2009/12/20 15:54:23 | 00,410,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\S\Desktop\TFC.exe
[2009/12/20 15:53:43 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\S\Desktop\OTL.exe
[2009/12/15 11:24:48 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\S\Desktop\gmer.exe
[2009/12/14 14:47:14 | 00,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

========== Files Created - No Company Name ==========

[2009/12/28 09:18:35 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/12/28 09:18:30 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/12/27 14:01:34 | 03,867,118 | R--- | C] () -- C:\Documents and Settings\S\Desktop\ComboFix.exe
[2009/12/24 05:36:55 | 00,888,440 | ---- | C] () -- C:\Documents and Settings\S\Desktop\Redirection Of Search Resul..pdf
[2009/12/21 14:35:08 | 00,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/12/21 09:34:15 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/20 23:01:44 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\S\Desktop\HijackThis.lnk
[2009/12/20 17:05:18 | 00,000,917 | ---- | C] () -- C:\Documents and Settings\S\Desktop\Revo Uninstaller.lnk
[2009/12/15 11:24:48 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\S\Desktop\gmer.exe
[2009/12/07 00:36:35 | 00,153,600 | ---- | C] () -- C:\Documents and Settings\S\Application Data\SharedSettings.ccs
[2009/09/28 14:37:14 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2009/09/28 14:37:12 | 00,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/08/13 18:47:28 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\S\Application Data\pcouffin.log
[2009/08/13 18:47:07 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\S\Application Data\pcouffin.cat
[2009/08/13 18:47:07 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\S\Application Data\pcouffin.inf
[2009/08/10 13:41:41 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll
[2009/08/10 13:41:41 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll
[2009/08/10 13:41:41 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll
[2009/07/28 07:12:32 | 00,000,022 | ---- | C] () -- C:\Documents and Settings\S\Local Settings\Application Data\kodakpcd.ini
[2009/07/19 12:26:39 | 00,000,436 | -HS- | C] () -- C:\WINDOWS\System32\ss.drv
[2009/07/13 20:24:20 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\S\Local Settings\Application Data\ch.log
[2009/06/28 18:04:44 | 00,000,326 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\PrimoPDFSet.xml
[2009/06/27 22:10:57 | 00,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/06/16 13:21:24 | 00,000,046 | ---- | C] () -- C:\Documents and Settings\S\Local Settings\Application Data\DonationCoder_findrunrobot_InstallInfo.dat
[2009/06/07 11:54:57 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009/05/17 16:31:34 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2009/05/17 11:23:59 | 00,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/05/13 19:27:27 | 00,000,091 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/05/10 10:28:14 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\S\Application Data\AVSDVDPlayer.m3u
[2009/05/10 10:18:13 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/05/10 10:18:13 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/05/09 22:41:32 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/05/09 22:41:32 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/05/09 22:41:30 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\cdga.dll
[2009/05/06 12:24:49 | 00,209,008 | ---- | C] () -- C:\WINDOWS\System32\kbhookdll.dll
[2009/05/05 23:46:21 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/05/03 13:56:38 | 00,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/05/03 13:56:38 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/05/03 13:56:38 | 00,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/05/03 13:40:21 | 00,123,904 | ---- | C] () -- C:\Documents and Settings\S\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/01 21:30:59 | 00,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\SnopFree.sys
[2009/04/30 19:41:58 | 00,003,333 | ---- | C] () -- C:\Documents and Settings\S\Application Data\CleanUp!.log
[2009/04/30 18:17:50 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/04/30 10:20:27 | 00,049,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\atirtcap.sys
[2009/04/30 10:20:25 | 00,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmdcd.sys
[2004/10/26 14:39:05 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/01/28 14:35:54 | 00,021,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\ProtoWall.sys

========== LOP Check ==========

[2009/05/01 21:20:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agnitum
[2009/12/07 20:15:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2009/06/16 13:21:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DonationCoder
[2009/11/18 20:18:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2009/05/12 19:09:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrium
[2009/04/30 17:39:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Messenger 6.1.0155
[2009/06/08 21:46:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/06/27 22:04:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2009/05/11 19:09:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2009/05/13 12:21:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2009/09/02 05:39:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2009/12/28 00:57:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/21 05:57:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2009/09/02 05:39:48 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{62902F53-D725-44F9-B385-979CC0E00E8A}
[2009/11/02 12:31:31 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
[2009/11/26 16:34:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Amazon
[2009/10/22 19:30:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Artisteer
[2009/05/05 21:04:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Broad Intelligence
[2009/12/07 00:37:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\CoffeeCup Software
[2009/07/19 14:26:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\CopyTrans
[2009/07/19 18:56:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\CopyTransDoctor
[2009/11/18 19:44:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\CoreFTP
[2009/06/08 19:41:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\COWON
[2009/06/16 13:21:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\DonationCoder
[2009/09/16 17:10:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\FFRend
[2009/08/16 13:30:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\FireShot
[2009/05/17 11:40:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Foxit
[2009/05/05 22:54:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\GetRightToGo
[2009/11/18 20:15:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\GlobalSCAPE
[2009/07/19 16:50:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\iCloner
[2009/07/26 22:27:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\ImgBurn
[2009/09/28 16:03:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Jarte
[2009/07/05 19:15:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Launchy
[2009/05/08 19:05:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\MSNInstaller
[2009/06/08 21:46:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\NCH Swift Sound
[2009/09/28 12:42:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Netscape
[2009/09/21 14:29:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Notepad++
[2009/05/23 19:43:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\pdf995
[2009/09/28 12:41:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Photodex
[2009/08/31 20:17:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\QuotePad
[2009/05/03 19:40:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Red Chair Software
[2009/07/19 23:36:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\SharePod
[2009/07/28 07:05:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Skinux
[2009/09/20 18:55:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\SourceTec
[2009/09/02 05:40:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Stardock
[2009/11/07 22:17:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\stickies
[2009/08/31 20:16:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Thunderbird
[2009/07/14 16:10:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\TrueCrypt
[2009/12/09 19:19:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\Vso
[2009/07/19 14:53:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\WindSolutions
[2009/04/30 19:11:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\WinPatrol
[2009/10/05 15:40:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\S\Application Data\XMind

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 181 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15A45766
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
< End of report >

Unfortunately, I have no idea what application is causing the hidden files/folders.