Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Uknow Infection [Closed]


  • Please log in to reply

#1
voodookitten

voodookitten

    New Member

  • Member
  • Pip
  • 4 posts
When I have firefox open the browser will spontansously open a new tab. Usually to some site that says I am the winner of the day or some shopping thing. Sometimes it will open them on it's own even if I am not at the computer, other times it seems triggered by a site I am on such as eBay or Facebook. It is not pop up windows or anything though, it is actually opening these in a new tab.

I have gone through your entire Malware any Spyware Cleaning Guide and completed each step. I have also have RUBotted which pops up a report everyday. When it does, I go to house call and do a scan. Sometimes house call detects something which I fix, sometimes it says there is nothing wrong. I have also run AVG which usually detects a couple things and I fix.

It keeps coming back though no matter how many times I scan it and "fix" it.

Here all all my logs. I have to work this afternoon, so if you need anything else or a response from me, it will be when I get home tonight. Thank you for your help!!!


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4189

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

6/11/2010 11:47:08 AM
mbam-log-2010-06-11 (11-47-08).txt

Scan type: Quick scan
Objects scanned: 115266
Time elapsed: 4 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-11 12:06:59
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Debbie\LOCALS~1\Temp\fftiqaow.sys


---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Google\Update\GoogleUpdate.exe[700] @ C:\WINDOWS\System32\mstask.dll [COMCTL32.dll!ImageList_Remove] [773E54F2] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (User Experience Controls Library/Microsoft Corporation)
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[700] @ C:\WINDOWS\System32\mstask.dll [COMCTL32.dll!InitCommonControlsEx] [773D407E] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (User Experience Controls Library/Microsoft Corporation)
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[700] @ C:\WINDOWS\System32\mstask.dll [COMCTL32.dll!ImageList_Destroy] [773E5084] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (User Experience Controls Library/Microsoft Corporation)
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[700] @ C:\WINDOWS\System32\mstask.dll [COMCTL32.dll!ImageList_SetOverlayImage] [773E525B] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (User Experience Controls Library/Microsoft Corporation)
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[700] @ C:\WINDOWS\System32\mstask.dll [COMCTL32.dll!ImageList_AddMasked] [773E52EE] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (User Experience Controls Library/Microsoft Corporation)
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[700] @ C:\WINDOWS\System32\mstask.dll [COMCTL32.dll!ImageList_Create] [773E92D5] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (User Experience Controls Library/Microsoft Corporation)
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[700] @ C:\WINDOWS\System32\mstask.dll [COMCTL32.dll!ImageList_GetIcon] [773E5537] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (User Experience Controls Library/Microsoft Corporation)
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[700] @ C:\WINDOWS\System32\mstask.dll [COMCTL32.dll!ImageList_ReplaceIcon] [773E518D] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (User Experience Controls Library/Microsoft Corporation)
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[700] @ C:\WINDOWS\System32\mstask.dll [COMCTL32.dll!PropertySheetW] [773DCFC2] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (User Experience Controls Library/Microsoft Corporation)
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[700] @ C:\WINDOWS\System32\mstask.dll [COMCTL32.dll!CreatePropertySheetPageW] [773D7ED3] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (User Experience Controls Library/Microsoft Corporation)
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[700] @ C:\WINDOWS\System32\mstask.dll [COMCTL32.dll!DestroyPropertySheetPage] [773D7B54] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (User Experience Controls Library/Microsoft Corporation)
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[700] @ C:\WINDOWS\system32\comdlg32.dll [COMCTL32.dll!PropertySheetW] [773DCFC2] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (User Experience Controls Library/Microsoft Corporation)
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[700] @ C:\WINDOWS\system32\comdlg32.dll [COMCTL32.dll!CreatePropertySheetPageW] [773D7ED3] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (User Experience Controls Library/Microsoft Corporation)
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[700] @ C:\WINDOWS\system32\comdlg32.dll [COMCTL32.dll!InitCommonControlsEx] [773D407E] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (User Experience Controls Library/Microsoft Corporation)
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[700] @ C:\WINDOWS\system32\comdlg32.dll [COMCTL32.dll!ImageList_GetIconSize] [773E55D0] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (User Experience Controls Library/Microsoft Corporation)
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[700] @ C:\WINDOWS\system32\comdlg32.dll [COMCTL32.dll!ImageList_Destroy] [773E5084] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (User Experience Controls Library/Microsoft Corporation)
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[700] @ C:\WINDOWS\system32\comdlg32.dll [COMCTL32.dll!ImageList_Draw] [773E53CD] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (User Experience Controls Library/Microsoft Corporation)
IAT C:\Program Files\Google\Update\GoogleUpdate.exe[700] @ C:\WINDOWS\system32\comdlg32.dll [COMCTL32.dll!CreateToolbarEx] [7744424E] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (User Experience Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[932] @ C:\WINDOWS\system32\MSGINA.dll [COMCTL32.dll!InitCommonControlsEx] [5D093439] C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[932] @ C:\WINDOWS\system32\ODBC32.dll [COMCTL32.dll!ImageList_Create] [5D09BB5B] C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[932] @ C:\WINDOWS\system32\ODBC32.dll [COMCTL32.dll!ImageList_ReplaceIcon] [5D09D440] C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[932] @ C:\WINDOWS\system32\ODBC32.dll [COMCTL32.dll!PropertySheetW] [5D0C8738] C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[932] @ C:\WINDOWS\system32\ODBC32.dll [COMCTL32.dll!PropertySheetA] [5D0C8750] C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[932] @ C:\WINDOWS\system32\comdlg32.dll [COMCTL32.dll!PropertySheetW] [5D0C8738] C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[932] @ C:\WINDOWS\system32\comdlg32.dll [COMCTL32.dll!CreatePropertySheetPageW] [5D0C3447] C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[932] @ C:\WINDOWS\system32\comdlg32.dll [COMCTL32.dll!InitCommonControlsEx] [5D093439] C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[932] @ C:\WINDOWS\system32\comdlg32.dll [COMCTL32.dll!ImageList_GetIconSize] [5D0B0B2E] C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[932] @ C:\WINDOWS\system32\comdlg32.dll [COMCTL32.dll!ImageList_Destroy] [5D09BD2E] C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[932] @ C:\WINDOWS\system32\comdlg32.dll [COMCTL32.dll!ImageList_Draw] [5D0A91C9] C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[932] @ C:\WINDOWS\system32\comdlg32.dll [COMCTL32.dll!CreateToolbarEx] [5D0A9B21] C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1328] @ C:\WINDOWS\System32\rastls.dll [COMCTL32.dll!InitCommonControlsEx] [5D093439] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1328] @ C:\WINDOWS\System32\RASAPI32.dll [TAPI32.dll!lineGetTranslateCapsW] [76ECFB58] C:\WINDOWS\System32\TAPI32.dll (Microsoft® Windows™ Telephony API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1328] @ C:\WINDOWS\System32\RASAPI32.dll [TAPI32.dll!lineGetCountryW] [76EB88E6] C:\WINDOWS\System32\TAPI32.dll (Microsoft® Windows™ Telephony API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1328] @ C:\WINDOWS\System32\RASAPI32.dll [TAPI32.dll!lineTranslateAddressW] [76ECFFAA] C:\WINDOWS\System32\TAPI32.dll (Microsoft® Windows™ Telephony API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1328] @ C:\WINDOWS\System32\RASDLG.dll [TAPI32.dll!lineTranslateDialogW] [76ECE8A5] C:\WINDOWS\System32\TAPI32.dll (Microsoft® Windows™ Telephony API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1328] @ C:\WINDOWS\System32\RASDLG.dll [TAPI32.dll!lineSetCurrentLocation] [76ECEA17] C:\WINDOWS\System32\TAPI32.dll (Microsoft® Windows™ Telephony API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1328] @ C:\WINDOWS\System32\RASDLG.dll [TAPI32.dll!LOpenDialAsst] [76EB423F] C:\WINDOWS\System32\TAPI32.dll (Microsoft® Windows™ Telephony API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1328] @ C:\WINDOWS\System32\RASDLG.dll [TAPI32.dll!lineGetCountryW] [76EB88E6] C:\WINDOWS\System32\TAPI32.dll (Microsoft® Windows™ Telephony API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1328] @ C:\WINDOWS\System32\RASDLG.dll [TAPI32.dll!lineGetTranslateCapsW] [76ECFB58] C:\WINDOWS\System32\TAPI32.dll (Microsoft® Windows™ Telephony API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1328] @ C:\WINDOWS\System32\RASDLG.dll [TAPI32.dll!lineConfigDialogW] [76EBFBF6] C:\WINDOWS\System32\TAPI32.dll (Microsoft® Windows™ Telephony API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1328] @ C:\WINDOWS\System32\RASDLG.dll [TAPI32.dll!lineTranslateAddressW] [76ECFFAA] C:\WINDOWS\System32\TAPI32.dll (Microsoft® Windows™ Telephony API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1328] @ C:\WINDOWS\system32\COMDLG32.dll [COMCTL32.dll!PropertySheetW] [5D0C8738] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1328] @ C:\WINDOWS\system32\COMDLG32.dll [COMCTL32.dll!CreatePropertySheetPageW] [5D0C3447] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1328] @ C:\WINDOWS\system32\COMDLG32.dll [COMCTL32.dll!InitCommonControlsEx] [5D093439] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1328] @ C:\WINDOWS\system32\COMDLG32.dll [COMCTL32.dll!ImageList_GetIconSize] [5D0B0B2E] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1328] @ C:\WINDOWS\system32\COMDLG32.dll [COMCTL32.dll!ImageList_Destroy] [5D09BD2E] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1328] @ C:\WINDOWS\system32\COMDLG32.dll [COMCTL32.dll!ImageList_Draw] [5D0A91C9] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[1328] @ C:\WINDOWS\system32\COMDLG32.dll [COMCTL32.dll!CreateToolbarEx] [5D0A9B21] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1560] @ C:\WINDOWS\system32\COMDLG32.dll [COMCTL32.dll!PropertySheetW] [773DCFC2] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll (User Experience Controls Library/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1560] @ C:\WINDOWS\system32\COMDLG32.dll [COMCTL32.dll!CreatePropertySheetPageW] [773D7ED3] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll (User Experience Controls Library/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1560] @ C:\WINDOWS\system32\COMDLG32.dll [COMCTL32.dll!InitCommonControlsEx] [773D407E] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll (User Experience Controls Library/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1560] @ C:\WINDOWS\system32\COMDLG32.dll [COMCTL32.dll!ImageList_GetIconSize] [773E55D0] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll (User Experience Controls Library/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1560] @ C:\WINDOWS\system32\COMDLG32.dll [COMCTL32.dll!ImageList_Destroy] [773E5084] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll (User Experience Controls Library/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1560] @ C:\WINDOWS\system32\COMDLG32.dll [COMCTL32.dll!ImageList_Draw] [773E53CD] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll (User Experience Controls Library/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1560] @ C:\WINDOWS\system32\COMDLG32.dll [COMCTL32.dll!CreateToolbarEx] [7744424E] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll (User Experience Controls Library/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1560] @ C:\WINDOWS\system32\RASAPI32.DLL [TAPI32.dll!lineGetTranslateCapsW] [76ECFB58] C:\WINDOWS\system32\TAPI32.dll (Microsoft® Windows™ Telephony API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1560] @ C:\WINDOWS\system32\RASAPI32.DLL [TAPI32.dll!lineGetCountryW] [76EB88E6] C:\WINDOWS\system32\TAPI32.dll (Microsoft® Windows™ Telephony API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1560] @ C:\WINDOWS\system32\RASAPI32.DLL [TAPI32.dll!lineTranslateAddressW] [76ECFFAA] C:\WINDOWS\system32\TAPI32.dll (Microsoft® Windows™ Telephony API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1920] @ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [COMCTL32.dll!CreatePropertySheetPageW] [5D0C3447] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1920] @ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [COMCTL32.dll!DestroyPropertySheetPage] [5D0C316C] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1920] @ C:\WINDOWS\System32\nvcpl.dll [COMCTL32.dll!ImageList_Read] [5D0D3B81] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1920] @ C:\WINDOWS\System32\nvcpl.dll [COMCTL32.dll!ImageList_Write] [5D0D2913] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1920] @ C:\WINDOWS\System32\nvcpl.dll [COMCTL32.dll!ImageList_Destroy] [5D09BD2E] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1920] @ C:\WINDOWS\System32\nvcpl.dll [COMCTL32.dll!ImageList_Create] [5D09BB5B] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1920] @ C:\WINDOWS\System32\nvcpl.dll [COMCTL32.dll!ImageList_LoadImageA] [5D0D45A5] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1920] @ C:\WINDOWS\System32\nvcpl.dll [COMCTL32.dll!ImageList_Merge] [5D0D2B57] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1920] @ C:\WINDOWS\System32\nvcpl.dll [COMCTL32.dll!PropertySheetA] [5D0C8750] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1920] @ C:\WINDOWS\System32\nvcpl.dll [COMCTL32.dll!DestroyPropertySheetPage] [5D0C316C] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1920] @ C:\WINDOWS\System32\nvcpl.dll [COMCTL32.dll!CreatePropertySheetPageA] [5D0C3461] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1920] @ C:\WINDOWS\System32\nvcpl.dll [COMCTL32.dll!ImageList_Duplicate] [5D0D28CE] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1920] @ C:\WINDOWS\System32\nvcpl.dll [COMCTL32.dll!ImageList_DrawIndirect] [5D09CF20] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1920] @ C:\WINDOWS\System32\nvcpl.dll [COMCTL32.dll!ImageList_Draw] [5D0A91C9] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1920] @ C:\WINDOWS\System32\nvcpl.dll [COMCTL32.dll!ImageList_GetImageInfo] [5D0D2B0F] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1920] @ C:\WINDOWS\system32\comdlg32.dll [COMCTL32.dll!PropertySheetW] [5D0C8738] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1920] @ C:\WINDOWS\system32\comdlg32.dll [COMCTL32.dll!CreatePropertySheetPageW] [5D0C3447] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1920] @ C:\WINDOWS\system32\comdlg32.dll [COMCTL32.dll!InitCommonControlsEx] [5D093439] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1920] @ C:\WINDOWS\system32\comdlg32.dll [COMCTL32.dll!ImageList_GetIconSize] [5D0B0B2E] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1920] @ C:\WINDOWS\system32\comdlg32.dll [COMCTL32.dll!ImageList_Destroy] [5D09BD2E] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1920] @ C:\WINDOWS\system32\comdlg32.dll [COMCTL32.dll!ImageList_Draw] [5D0A91C9] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1920] @ C:\WINDOWS\system32\comdlg32.dll [COMCTL32.dll!CreateToolbarEx] [5D0A9B21] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\system32\LEXBCES.EXE[1928] @ C:\WINDOWS\system32\lexp2p32.dll [COMCTL32.dll!ImageList_Destroy] [5D09BD2E] C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation)
IAT C:\WINDOWS\system32\spoolsv.exe[2000] @ C:\WINDOWS\system32\LEXLMPM.DLL [COMCTL32.dll!ImageList_Destroy] [5D09BD2E] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device \FileSystem\Ntfs \Ntfs ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Ntfs \Ntfs Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device \FileSystem\Ntfs \Ntfs ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

AttachedDevice \FileSystem\Ntfs \Ntfs avgntmgr.sys (Avira AntiVir File Filter Driver Manager/Avira GmbH)

Device \FileSystem\Mup \Dfs Mup.sys (Multiple UNC Provider driver/Microsoft Corporation)
Device \Driver\KSecDD \Device\KsecDD KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
Device \Driver\KSecDD \Device\KsecDD ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\NDIS \Device\Ndis NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000032 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000032 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Beep \Device\Beep Beep.SYS (BEEP Driver/Microsoft Corporation)
Device \Driver\Beep \Device\Beep ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\00000025
Device \Device\00000019
Device \Driver\PnpManager \Device\00000033 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000033 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\NetBIOS \Device\Netbios netbios.sys (NetBIOS interface driver/Microsoft Corporation)
Device \FileSystem\NetBIOS \Device\Netbios ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\00000026
Device \Driver\Tcpip \Device\Ip tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000034 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000034 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\swenum \Device\KSENUM#00000001 swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation)
Device \Driver\swenum \Device\KSENUM#00000001 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\TermDD \Device\RDP_CONSOLE0 termdd.sys (Terminal Server Driver/Microsoft Corporation)
Device \Device\00000040
Device \Device\00000027
Device \Driver\swenum \Device\KSENUM#00000002 swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation)
Device \Driver\swenum \Device\KSENUM#00000002 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Kbdclass \Device\KeyboardClass0 kbdclass.sys (Keyboard Class Driver/Microsoft Corporation)
Device \Driver\Kbdclass \Device\KeyboardClass0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Fips \Device\Fips Fips.SYS (FIPS Crypto Driver/Microsoft Corporation)
Device \Driver\Fips \Device\Fips ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\Video0
Device \Driver\TermDD \Device\RDP_CONSOLE1 termdd.sys (Terminal Server Driver/Microsoft Corporation)
Device \Driver\ACPI \Device\00000041 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Device\00000035
Device \Device\00000028
Device \Driver\Kbdclass \Device\KeyboardClass1 kbdclass.sys (Keyboard Class Driver/Microsoft Corporation)
Device \Driver\Kbdclass \Device\KeyboardClass1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\Video1
Device \Driver\NDProxy \Device\NDProxy NDProxy.SYS (NDIS Proxy/Microsoft Corporation)
Device \Driver\NDProxy \Device\NDProxy ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\00000042 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Device\00000036
Device \Device\00000029
Device \Device\Video2
Device \Driver\Mouclass \Device\PointerClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
Device \Driver\Mouclass \Device\PointerClass0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Serial \Device\Serial0 serial.sys (Serial Device Driver/Microsoft Corporation)
Device \Driver\Serial \Device\Serial0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000037 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000037 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\RdpDrDvMgr
Device \Driver\ACPI \Device\00000050 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\ACPI \Device\00000043 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Device\0000000a
Device \Device\Video3
Device \Device\PointerClass1
Device \Driver\usbohci \Device\USBPDO-0 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbohci \Device\USBPDO-0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000038 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000038 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\{2D0AEAEF-3B7D-4B20-A17D-03E2AE6D11F4}
Device \Device\Processor
Device \Driver\ACPI \Device\00000051 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Device\00000044
Device \Device\0000000b
Device \Driver\WMIxWDM \Device\WMIDataDevice ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\WMIxWDM \Device\WMIDataDevice ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\TMPassthruMP \Device\TMPassthru NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\dmio \Device\DmControl\DmIoDaemon dmio.sys (NT Disk Manager I/O Driver/Microsoft Corp., Veritas Software)
Device \Driver\dmio \Device\DmControl\DmIoDaemon ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\dmio \Device\DmControl\DmConfig dmio.sys (NT Disk Manager I/O Driver/Microsoft Corp., Veritas Software)
Device \Driver\dmio \Device\DmControl\DmConfig ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\dmio \Device\DmControl\DmPnP dmio.sys (NT Disk Manager I/O Driver/Microsoft Corp., Veritas Software)
Device \Driver\dmio \Device\DmControl\DmPnP ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\dmio \Device\DmControl\DmInfo dmio.sys (NT Disk Manager I/O Driver/Microsoft Corp., Veritas Software)
Device \Driver\dmio \Device\DmControl\DmInfo ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbohci \Device\USBPDO-1 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbohci \Device\USBPDO-1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\i
Device \FileSystem\RAW \Device\RawTape ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawTape ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\MRxDAV \Device\WebDavRedirector mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation)
Device \FileSystem\MRxDAV \Device\WebDavRedirector ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbhub \Device\USBPDO-2 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\USBPDO-2 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\rdpdr \Device\RdpDrPort rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation)
Device \Driver\rdpdr \Device\RdpDrPort rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation)
Device \Driver\nvatabus \Device\00000060 nvatabus.sys (NVIDIA® nForce™ IDE Performance Driver/NVIDIA Corporation)
Device \Driver\usbscan \Device\Usbscan0 usbscan.sys (USB Scanner Driver/Microsoft Corporation)
Device \Driver\usbscan \Device\Usbscan0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\00000054 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0001 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0001 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\RasAcd \Device\RasAcd rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation)
Device \Driver\RasAcd \Device\RasAcd ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\IpNat \Device\IPNAT ipnat.sys (IP Network Address Translator/Microsoft Corporation)
Device \Driver\IpNat \Device\IPNAT ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbhub \Device\USBPDO-4 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\USBPDO-4 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PSched \Device\PSched NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\GEARAspiWDM \Device\GEARAspiWDMDevice GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.)
Device \Driver\ACPI \Device\00000061 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\ACPI \Device\00000055 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\ACPI \Device\00000048 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\Tcpip \Device\Tcp tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{63F3BD42-54D3-476F-BC34-48ED7C4DDC45} netbt.sys (MBT Transport driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{63F3BD42-54D3-476F-BC34-48ED7C4DDC45} ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ParVdm \Device\ParallelVdm0 ParVdm.SYS (VDM Parallel Driver/Microsoft Corporation)
Device \Driver\ParVdm \Device\ParallelVdm0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbhub \Device\USBPDO-5 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\USBPDO-5 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\avgntdd \Device\AVGNTDD avgntdd.sys (Avira AntiVir File Filter Driver/Avira GmbH)
Device \FileSystem\avgntdd \Device\AVGNTDD ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0003 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0003 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\TMPassthruMP \Device\{714CB8F5-645E-4AF2-AE43-DA1A47482CD4} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\ACPI \Device\00000062 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\ACPI \Device\00000056 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\rdpdr \Device\RdpDr rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation)
Device \Driver\rdpdr \Device\RdpDr rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0004 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0004 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\ACPI \Device\00000063 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume1 ftdisk.sys (FT Disk Driver/Microsoft Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\Http\Filter
Device \Device\Http\AppPool
Device \Device\Http\Control
Device \Driver\BIOS \Device\BIOS BIOS.sys (I/O Interface driver file/BIOSTAR Group)
Device \Driver\BIOS \Device\BIOS ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000002b ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000002b ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\00000058 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\Cdrom \Device\CdRom0 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation)
Device \Driver\Cdrom \Device\CdRom0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\TermDD \Device\Termdd termdd.sys (Terminal Server Driver/Microsoft Corporation)
Device \Driver\sysaudio \Device\sysaudio ks.sys (Kernel CSA Library/Microsoft Corporation)
Device \Driver\sysaudio \Device\sysaudio ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\sysaudio \Device\sysaudio sysaudio.sys (System Audio WDM Filter/Microsoft Corporation)
Device \FileSystem\Rdbss \Device\FsWrap rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation)
Device \FileSystem\Rdbss \Device\FsWrap ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0006 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0006 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\usbhub \Device\00000065 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\00000065 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000002c ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000002c ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Parport \Device\Parallel0 parport.sys (Parallel Port Driver/Microsoft Corporation)
Device \Driver\Parport \Device\Parallel0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbhub \Device\00000066 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\00000066 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000002d ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000002d ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000003a ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000003a hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\nvnetbus \Device\00000067 nvnetbus.sys (NVIDIA Networking Bus Driver./NVIDIA Corporation)
Device \Driver\nvnetbus \Device\00000067 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000002e ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000002e ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0008 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0008 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\usbhub \Device\00000068 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\00000068 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0016 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0016 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000002f ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000002f ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0009 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0009 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\fftiqaow \Device\fftiqaow fftiqaow.sys
Device \Driver\fftiqaow \Device\fftiqaow ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PSched \Device\{A472A7FA-7F0B-4707-BF4D-F66DE9CB38F3} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\ACPI \Device\0000003d ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBt_Wins_Export netbt.sys (MBT Transport driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBt_Wins_Export ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000003e ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\ACPI \Device\0000004b ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\NetBT \Device\NetbiosSmb netbt.sys (MBT Transport driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetbiosSmb ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000004c ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\ACPI \Device\0000004d ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\MountMgr \Device\MountPointManager MountMgr.sys (Mount Manager/Microsoft Corporation)
Device \Driver\MountMgr \Device\MountPointManager ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000004e ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\ssmdrv \Device\ssmctl ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH)
Device \Driver\ssmdrv \Device\ssmctl ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000005b ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \FileSystem\Mup \Device\Mup Mup.sys (Multiple UNC Provider driver/Microsoft Corporation)
Device \FileSystem\Srv \Device\LanmanServer srv.sys (Server driver/Microsoft Corporation)
Device \Driver\Wanarp \Device\WANARP wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation)
Device \Driver\isapnp \Device\0000005c isapnp.sys (PNP ISA Bus Driver/Microsoft Corporation)
Device \Driver\isapnp \Device\0000005c ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Tcpip \Device\Udp tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation)
Device \Driver\Disk \Device\Harddisk0\DR0 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation)
Device \Driver\Disk \Device\Harddisk0\DR0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\Harddisk0\DP(1)0x7e00-0x1fff580a00+1
Device \Driver\Tcpip \Device\RawIp tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation)
Device \Driver\cpuz133 \Device\cpuz133 cpuz133_x32.sys (CPUID Driver/Windows ® Win 7 DDK provider)
Device \Driver\cpuz133 \Device\cpuz133 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\NdisWan \Device\NdisWanIp NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000002 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000002 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawDisk ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawDisk ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbohci \Device\USBFDO-0 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbohci \Device\USBFDO-0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Null \Device\Null Null.SYS (NULL Driver/Microsoft Corporation)
Device \Driver\Null \Device\Null ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PSched \Device\{39B07429-089A-4FC7-9DF3-EC2E25606C3D} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000003 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000003 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\IPSec \Device\IPSEC ipsec.sys (IPSec Driver/Microsoft Corporation)
Device \Driver\IPSec \Device\IPSEC ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbohci \Device\USBFDO-1 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbohci \Device\USBFDO-1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Ptilink \Device\ParTechInc0 ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.)
Device \Driver\Ptilink \Device\ParTechInc0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\nvatabus \Device\NvAta0 nvatabus.sys (NVIDIA® nForce™ IDE Performance Driver/NVIDIA Corporation)
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device \Driver\NVENETFD \Device\{63F3BD42-54D3-476F-BC34-48ED7C4DDC45} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\Tcpip \Device\IPMULTICAST tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation)
Device \Driver\RasPppoe \Device\{E2B8DD59-DF65-42EF-A350-FD6A35BA3808} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\NdisWan \Device\NdisWan NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\NdisTapi \Device\NdisTapi ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation)
Device \Driver\NdisTapi \Device\NdisTapi ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\nvatabus \Device\NvAta1 nvatabus.sys (NVIDIA® nForce™ IDE Performance Driver/NVIDIA Corporation)
Device \Driver\dmload \Device\DmLoader dmload.sys (NT Disk Manager Startup Driver/Microsoft Corp., Veritas Software.)
Device \Driver\dmload \Device\DmLoader ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\MRxSmb \Device\LanmanRedirector mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device \Driver\Gpc \Device\Gpc msgpc.sys (MS General Packet Classifier/Microsoft Corporation)
Device \FileSystem\Npfs \Device\NamedPipe Npfs.SYS (NPFS Driver/Microsoft Corporation)
Device \FileSystem\Npfs \Device\NamedPipe ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Ftdisk \Device\FtControl ftdisk.sys (FT Disk Driver/Microsoft Corporation)
Device \Driver\Ftdisk \Device\FtControl ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Msfs \Device\Mailslot Msfs.SYS (Mailslot driver/Microsoft Corporation)
Device \FileSystem\Msfs \Device\Mailslot ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\AFD \Device\Afd afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation)
Device \Driver\AFD \Device\Afd afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation)
Device \Driver\Ndisuio \Device\Ndisuio ndisuio.sys (NDIS User mode I/O Driver/Microsoft Corporation)
Device \Driver\Ndisuio \Device\Ndisuio ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PptpMiniport \Device\{A438ECD7-91B4-4724-AEDE-6F75E8EE5D1B} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawCdRom ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawCdRom ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\avipbb \Device\avipbb avipbb.sys (Avira Driver for RootKit Detection/Avira GmbH)
Device \Driver\avipbb \Device\avipbb ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\TMPassthruMP \Device\{69ED9AB8-1E01-4816-AB65-5DEB0F6699AD} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \FileSystem\Mup \Device\WinDfs\Root Mup.sys (Multiple UNC Provider driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Filters\FltMgrMsg
Device \FileSystem\Filters\SystemRestore
Device \FileSystem\FltMgr \FileSystem\Filters\FltMgr fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\avgntmgr \FileSystem\Filters\AVGNTMGR avgntmgr.sys (Avira AntiVir File Filter Driver Manager/Avira GmbH)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \
Device \FileSystem\Cdfs \Cdfs Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device -> \Driver\nvatabus \Device\Harddisk0\DR0 82464EC5

---- EOF - GMER 1.0.15 ----

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL logfile created on: 6/11/2010 12:08:22 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Debbie\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 222.00 Mb Available Physical Memory | 43.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 105.84 Gb Free Space | 82.69% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VOODOOKI-7NK6BD
Current User Name: Debbie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/11 12:07:13 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Debbie\My Documents\Downloads\OTL.exe
PRC - [2008/11/06 11:33:56 | 000,288,088 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
PRC - [2008/11/06 11:33:54 | 000,582,992 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
PRC - [2005/01/27 08:35:16 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/06/11 12:07:13 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Debbie\My Documents\Downloads\OTL.exe
MOD - [2004/08/04 00:57:02 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/20 14:18:28 | 000,297,472 | ---- | M] (Amazon.com) [Disabled | Stopped] -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/11/06 11:33:54 | 000,582,992 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe -- (RUBotted)


========== Driver Services (SafeList) ==========

DRV - [2010/03/30 23:38:26 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys -- (cpuz133)
DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:29:11 | 000,022,360 | ---- | M] (Avira GmbH) [File_System | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntmgr.sys -- (avgntmgr)
DRV - [2009/02/13 12:17:49 | 000,045,416 | ---- | M] (Avira GmbH) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgntdd.sys -- (avgntdd)
DRV - [2008/03/02 03:28:00 | 000,206,608 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TMPassthru.sys -- (TMPassthruMP)
DRV - [2008/03/02 03:28:00 | 000,206,608 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TMPassthru.sys -- (TMPassthru)
DRV - [2006/10/22 12:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/04/06 03:22:30 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/04/06 03:22:28 | 000,033,536 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/03/16 01:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS)
DRV - [2005/01/31 03:29:30 | 002,310,272 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/06/03 10:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2004/04/02 15:40:00 | 000,021,760 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2003/12/23 06:37:00 | 000,008,576 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nvp2p.sys -- (nvp2p)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://swagbucks.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-i3752"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-i3752"
FF - prefs.js..browser.search.selectedEngine: "Ask"
FF - prefs.js..browser.startup.homepage: "http://www.swagbucks....com/?cmd=home"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.3
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.03.01


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/22 23:34:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/09 20:40:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/03/17 20:29:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2009/08/15 22:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Mozilla\Extensions
[2010/06/10 23:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\of5zt2t8.default\extensions
[2010/04/16 12:15:16 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\of5zt2t8.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/02/16 12:21:03 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\of5zt2t8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/02/16 12:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\of5zt2t8.default\extensions\[email protected]
[2010/04/16 12:15:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\of5zt2t8.default\extensions\[email protected]
[2010/04/16 12:15:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\of5zt2t8.default\extensions\[email protected]
[2009/09/04 01:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\of5zt2t8.default\extensions\[email protected]
[2009/10/09 18:22:35 | 000,001,677 | ---- | M] () -- C:\Documents and Settings\Debbie\Application Data\Mozilla\Firefox\Profiles\of5zt2t8.default\searchplugins\ask.uk.xml
[2010/06/11 02:08:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/30 03:55:43 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2001/08/23 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TMRUBottedTray] C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe (Trend Micro Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.micr...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Debbie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Debbie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/15 23:05:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/08/15 23:04:43 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 90 Days ==========

[2010/06/11 10:39:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\Malwarebytes
[2010/06/11 10:39:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/11 10:39:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/11 10:39:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/11 10:39:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/11 10:38:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/11 10:37:00 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/06 00:42:59 | 000,206,608 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TMPassthru.sys
[2010/06/06 00:42:59 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/06 00:16:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2010/06/06 00:14:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/06/04 23:30:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/06/04 23:30:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/06/04 23:01:06 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2010/06/04 23:00:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\InstallShield
[2010/06/04 22:59:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\NVIDIA Shared
[2010/06/04 22:59:01 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/06/04 22:53:33 | 000,020,968 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\cpuz133_x32.sys
[2010/06/04 22:53:33 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2010/06/04 22:03:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/06/04 22:02:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/06/04 20:42:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/04 20:42:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/04 20:31:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/06/04 20:26:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/06/01 02:29:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/05/27 23:57:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Local Settings\Application Data\Deadtime Stories
[2010/05/27 22:53:17 | 000,000,000 | ---D | C] -- C:\Program Files\Luxor Adventures
[2010/05/27 22:34:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Deadtime Stories
[2010/05/27 22:33:29 | 000,000,000 | ---D | C] -- C:\Program Files\Deadtime Stories
[2010/05/22 00:15:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2010/05/19 13:14:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Desktop\Tax folder
[2010/05/08 16:56:58 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/06 23:59:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2010/05/06 23:59:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Help
[2010/05/05 22:19:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Local Settings\Application Data\Move Networks
[2010/05/05 22:18:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\Move Networks
[2010/04/24 03:47:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debbie\Application Data\SulusGames
[2010/04/24 03:47:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SulusGames
[2010/04/16 21:20:24 | 000,000,000 | ---D | C] -- C:\Program Files\LD Supreme
[2010/04/16 21:14:24 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/04/05 12:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun

========== Files - Modified Within 90 Days ==========

[2010/06/11 11:50:29 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/11 11:50:27 | 000,093,765 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/06/11 11:50:25 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/11 11:50:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/11 11:48:18 | 002,359,296 | ---- | M] () -- C:\Documents and Settings\Debbie\ntuser.dat
[2010/06/11 11:48:18 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Debbie\ntuser.ini
[2010/06/11 11:16:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/11 02:07:32 | 000,000,483 | ---- | M] () -- C:\WINDOWS\lexstat.ini
[2010/06/09 20:40:30 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/06 00:49:32 | 000,001,891 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/06 00:30:43 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Debbie\Local Settings\Application Data\housecall.guid.cache
[2010/06/05 15:17:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/04 23:31:03 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/04 23:31:03 | 000,001,100 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/06/04 23:11:26 | 007,720,826 | -H-- | M] () -- C:\Documents and Settings\Debbie\Local Settings\Application Data\IconCache.db
[2010/06/04 23:06:34 | 000,458,340 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/04 23:06:34 | 000,392,626 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/04 23:06:34 | 000,058,800 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/04 20:31:54 | 000,000,519 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/04 20:31:54 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/04 20:31:54 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/05/28 01:05:21 | 000,000,407 | ---- | M] () -- C:\Documents and Settings\Debbie\Desktop\5 8 10.rtf
[2010/05/18 23:08:24 | 000,019,880 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/18 22:29:58 | 002,331,085 | ---- | M] () -- C:\Documents and Settings\Debbie\Desktop\toy story Collectible_Offer_OrderForm.pdf
[2010/05/05 18:37:18 | 000,226,728 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/18 13:48:25 | 000,022,168 | ---- | M] () -- C:\Documents and Settings\Debbie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/18 00:08:28 | 000,122,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/16 21:20:32 | 000,000,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Creative Delights Companion.lnk
[2010/04/12 00:21:23 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\Debbie\Desktop\LinkLove.rtf
[2010/03/30 23:38:26 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\cpuz133_x32.sys

========== Files Created - No Company Name ==========

[2010/06/06 00:30:43 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Debbie\Local Settings\Application Data\housecall.guid.cache
[2010/06/02 20:42:30 | 002,359,296 | ---- | C] () -- C:\Documents and Settings\Debbie\ntuser.dat
[2010/05/18 22:29:48 | 002,331,085 | ---- | C] () -- C:\Documents and Settings\Debbie\Desktop\toy story Collectible_Offer_OrderForm.pdf
[2010/05/08 17:41:02 | 000,000,407 | ---- | C] () -- C:\Documents and Settings\Debbie\Desktop\5 8 10.rtf
[2010/04/16 21:20:32 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Creative Delights Companion.lnk
[2010/04/11 12:57:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Debbie\AdobeWeb.log
[2010/04/07 12:50:27 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\Debbie\Desktop\LinkLove.rtf
[2009/12/06 18:28:23 | 000,000,498 | ---- | C] () -- C:\WINDOWS\eZip.INI
[2009/11/08 14:11:29 | 000,287,744 | ---- | C] () -- C:\WINDOWS\System32\regsystem.dll
[2009/11/08 14:11:29 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\Machnm64.sys
[2009/11/08 14:11:29 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2009/09/01 01:22:36 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2009/08/17 11:10:12 | 000,000,483 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2009/08/15 23:26:13 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009/08/15 23:19:27 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/10/22 12:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 12:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 12:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 12:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2003/08/18 09:46:38 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2002/11/13 14:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2002/09/13 10:40:06 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
[2001/08/23 07:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== LOP Check ==========

[2009/10/02 12:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2009/08/17 11:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/05/27 22:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Deadtime Stories
[2010/06/01 02:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/11/24 02:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoWorks
[2010/04/24 03:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SulusGames
[2010/06/01 02:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/06 18:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/11/24 02:04:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{33D84E0F-EFCA-4F8C-9C07-F1090572D8BF}
[2009/10/07 02:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/12/02 15:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Amazon
[2009/08/29 03:27:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Argonyt
[2009/08/29 03:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Babylonia
[2009/11/30 03:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\E-centives
[2009/10/09 04:29:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\ERS G-Studio
[2010/02/28 02:50:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Facebook
[2010/01/14 17:39:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Home Budget For Dummies
[2009/12/11 11:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\ONE
[2009/12/11 11:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\OpenOffice.org
[2009/11/24 02:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\PhotoWorks
[2010/04/24 03:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\SulusGames
[2009/08/15 23:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debbie\Application Data\Thunderbird

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/08/15 23:05:01 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/06/04 20:31:54 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2009/08/15 23:05:01 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/09/24 23:56:30 | 000,000,202 | ---- | M] () -- C:\InstallHelper.log
[2009/08/15 23:05:01 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/08/15 23:05:01 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/09/01 01:19:19 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/09/01 01:19:19 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/06/11 11:50:22 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2009/11/08 13:37:56 | 000,003,640 | ---- | M] () -- C:\scramble.log
[2009/08/17 11:17:06 | 000,000,168 | ---- | M] () -- C:\setupfax.log

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2003/07/29 10:27:40 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBKPP5C.DLL
[2002/05/14 16:50:34 | 000,011,264 | ---- | M] (BVRP Software) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\wfxprint2000.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2004/08/04 00:56:44 | 000,357,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2004/08/04 00:56:44 | 000,201,728 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/08/15 17:55:41 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/08/15 17:55:41 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/08/15 17:55:40 | 000,401,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2004/08/04 00:56:48 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2004/08/04 00:56:48 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\ws2_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17C48B08
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE39C93C
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2249B7E
@Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3A89E47
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56DA0F9E
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:996104FC
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47A24D4B
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35A81752
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E91ADC66
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC83EA04
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEB25EAE
< End of report >


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL Extras logfile created on: 6/11/2010 12:08:22 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Debbie\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 222.00 Mb Available Physical Memory | 43.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 105.84 Gb Free Space | 82.69% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VOODOOKI-7NK6BD
Current User Name: Debbie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{12650598-D7B9-4FB5-91B2-2CAA641AC589}" = Trend Micro RUBotted
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 19
"{2F804739-6A81-47E1-AA98-CC0F32172F0D}" = Home Budget For Dummies
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F3B007A-2393-11D5-8F18-00D0B740B228}" = Compaq Monitor Driver (INF) Software 3.00
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7148F0A8-6813-11D6-A77B-00B0D0142100}" = Java 2 Runtime Environment, SE v1.4.2_10
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer
"{E0F1D3B6-F50E-49AE-A942-FFDFFA16F9A9}" = PhotoStreamer Desktop
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"7-Zip" = 7-Zip 9.13 beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
"Ask.com Search Assistant" = Ask.com Search Assistant 1.0.1
"BFG-Babylonia" = Babylonia
"BFGC" = Big Fish Games: Game Manager
"BFG-Deadtime Stories" = Deadtime Stories
"BFG-Luxor Adventures" = Luxor Adventures
"BFG-Midnight Mysteries - The Edgar Allan Poe Conspiracy" = Midnight Mysteries: The Edgar Allan Poe Conspiracy
"BFG-Pure Hidden" = Pure Hidden
"BFG-Sky Kingdoms" = Sky Kingdoms
"BFG-Strange Cases - The Tarot Card Mystery" = Strange Cases: The Tarot Card Mystery
"BFG-The Magician's Handbook II - BlackLore" = The Magician's Handbook II: BlackLore
"BFG-World Mosaics 2" = World Mosaics 2
"Big Kahuna Reef_is1" = Big Kahuna Reef
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.54
"Creative Delights Companion" = Creative Delights Companion
"Dora's World Adventure" = Dora's World Adventure
"DVD Flick_is1" = DVD Flick 1.3.0.7
"ERUNT_is1" = ERUNT 1.1j
"Lexmark X1100 Series" = Lexmark X1100 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MSCSR" = Microsoft Speech Recognition Engine 4.0 (English)
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoStreamer Desktop" = PhotoStreamer Desktop
"SystemRequirementsLab" = System Requirements Lab
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"VLC media player" = VLC media player 1.0.1
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows XP Service Pack" = Windows XP Service Pack 2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/29/2010 12:43:46 PM | Computer Name = VOODOOKI-7NK6BD | Source = Avira AntiVir | ID = 4112
Description = An error occurred during a resource request to the Windows NT system.
The resource <INIT11> has not been allocated. This could be due to an out-of-memory
error or any other system failure. Returned error code:

Error - 5/2/2010 6:37:09 PM | Computer Name = VOODOOKI-7NK6BD | Source = Avira AntiVir | ID = 4112
Description = An error occurred during a resource request to the Windows NT system.
The resource <INIT11> has not been allocated. This could be due to an out-of-memory
error or any other system failure. Returned error code:

Error - 5/8/2010 6:42:16 PM | Computer Name = VOODOOKI-7NK6BD | Source = Avira AntiVir | ID = 4112
Description = An error occurred during a resource request to the Windows NT system.
The resource <INIT11> has not been allocated. This could be due to an out-of-memory
error or any other system failure. Returned error code:

Error - 5/12/2010 8:28:37 PM | Computer Name = VOODOOKI-7NK6BD | Source = Application Hang | ID = 1002
Description = Hanging application thunderbird.exe, version 1.8.20100.22820, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/12/2010 8:28:38 PM | Computer Name = VOODOOKI-7NK6BD | Source = Application Hang | ID = 1002
Description = Hanging application thunderbird.exe, version 1.8.20100.22820, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/13/2010 11:15:21 AM | Computer Name = VOODOOKI-7NK6BD | Source = Avira AntiVir | ID = 4112
Description = An error occurred during a resource request to the Windows NT system.
The resource <INIT11> has not been allocated. This could be due to an out-of-memory
error or any other system failure. Returned error code:

Error - 5/17/2010 12:46:55 AM | Computer Name = VOODOOKI-7NK6BD | Source = Avira AntiVir | ID = 4112
Description = An error occurred during a resource request to the Windows NT system.
The resource <INIT11> has not been allocated. This could be due to an out-of-memory
error or any other system failure. Returned error code:

Error - 5/17/2010 1:41:12 PM | Computer Name = VOODOOKI-7NK6BD | Source = Avira AntiVir | ID = 4112
Description = An error occurred during a resource request to the Windows NT system.
The resource <INIT11> has not been allocated. This could be due to an out-of-memory
error or any other system failure. Returned error code:

Error - 5/18/2010 7:27:34 PM | Computer Name = VOODOOKI-7NK6BD | Source = Avira AntiVir | ID = 4112
Description = An error occurred during a resource request to the Windows NT system.
The resource <INIT11> has not been allocated. This could be due to an out-of-memory
error or any other system failure. Returned error code:

Error - 5/19/2010 1:15:44 AM | Computer Name = VOODOOKI-7NK6BD | Source = Avira AntiVir | ID = 4112
Description = An error occurred during a resource request to the Windows NT system.
The resource <INIT11> has not been allocated. This could be due to an out-of-memory
error or any other system failure. Returned error code:

[ System Events ]
Error - 6/9/2010 9:40:38 PM | Computer Name = VOODOOKI-7NK6BD | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 6/10/2010 4:17:59 PM | Computer Name = VOODOOKI-7NK6BD | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 6/10/2010 4:17:59 PM | Computer Name = VOODOOKI-7NK6BD | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 6/11/2010 2:51:48 AM | Computer Name = VOODOOKI-7NK6BD | Source = Service Control Manager | ID = 7034
Description = The LexBce Server service terminated unexpectedly. It has done this
1 time(s).

Error - 6/11/2010 2:51:49 AM | Computer Name = VOODOOKI-7NK6BD | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 6/11/2010 2:51:49 AM | Computer Name = VOODOOKI-7NK6BD | Source = Service Control Manager | ID = 7034
Description = The Trend Micro RUBotted Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 6/11/2010 2:58:12 AM | Computer Name = VOODOOKI-7NK6BD | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 6/11/2010 2:58:12 AM | Computer Name = VOODOOKI-7NK6BD | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 6/11/2010 12:50:39 PM | Computer Name = VOODOOKI-7NK6BD | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 6/11/2010 12:50:39 PM | Computer Name = VOODOOKI-7NK6BD | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.


< End of report >
  • 0

Advertisements


#2
voodookitten

voodookitten

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Now I am having google redirect problems. When I do a search and click on a link it takes me to one of the pages that has been spontaneously opening in tabs.....
  • 0

#3
Elliot

Elliot

    Retired Staff

  • Expert
  • 3,769 posts
Hello voodookitten!

:)

My name is Elster and I will be helping you fix your computer.

Please keep in mind that very rarely will a computer be "dis-infected" on the first sweep. The absence of symptoms does not mean that your computer is clean, so please stick with me until I give you the All Clear!

I recommend that you save and print each of my posts, as there will be times when you will not be able to be online to access them.

Before we begin, I see that you have swagbucks.com as your start page. Is this the site that claims you are a winner, or have you chosen this site as your home?


Step 1:

OTL

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    [2010/05/05 18:37:18 | 000,226,728 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
    [2010/06/04 23:31:03 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/06/04 23:31:03 | 000,001,100 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
    @Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17C48B08
    @Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE39C93C
    @Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2249B7E
    @Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3A89E47
    @Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56DA0F9E
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:996104FC
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47A24D4B
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35A81752
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E91ADC66
    @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC83EA04
    @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEB25EAE
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Then post a new OTL log

Step 2:

ComboFix

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.


Step 3:

Reply

Things I need to see in your reply:
  • OTL log
  • ComboFix log
Thanks!

Elster
  • 0

#4
voodookitten

voodookitten

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I chose swagbucks as my home page. I have had it over a year with no problems.

Here are some examples of what is open tabs on it's own:



In my history, the following web address is in between every one of the addresses I just listed above:



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
C:\WINDOWS\system32\cpnprt2.cid moved successfully.
C:\WINDOWS\system32\d3d9caps.dat moved successfully.
C:\WINDOWS\system32\d3d8caps.dat moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:17C48B08 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EE39C93C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D2249B7E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D3A89E47 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:56DA0F9E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:996104FC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:47A24D4B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:35A81752 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E91ADC66 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AC83EA04 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EEB25EAE deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Debbie
->Temporary Internet Files folder emptied: 75181 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2811 bytes

User: Default User
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temporary Internet Files folder emptied: 24243501 bytes
->Flash cache emptied: 6283 bytes

User: NetworkService
->Temporary Internet Files folder emptied: 22231045 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 5868 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 167223070 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 13407 bytes

Total Files Cleaned = 204.00 mb


OTL by OldTimer - Version 3.2.6.0 log created on 06122010_195021

Files\Folders moved on Reboot...
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UTDW0QY3\favicon[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UTDW0QY3\Rediscovering_China_20091022_part_1[1].flv moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LUTD7LBB\channels[1] moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LUTD7LBB\fw-nonplayer-banner[1].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LUTD7LBB\login_status[2].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\75VXRQ6R\video[2] moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\61K6XK79\fw-nonplayer-banner[1].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\61K6XK79\login_status[1].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\61K6XK79\xd_receiver[2].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\61K6XK79\xd_receiver[3].php moved successfully.
C:\WINDOWS\temp\fla45.tmp moved successfully.
C:\WINDOWS\temp\fla46.tmp moved successfully.
C:\WINDOWS\temp\fla47.tmp moved successfully.
C:\WINDOWS\temp\fla48.tmp moved successfully.
C:\WINDOWS\temp\fla4B.tmp moved successfully.
C:\WINDOWS\temp\fla4D.tmp moved successfully.
C:\WINDOWS\temp\fla4E.tmp moved successfully.
C:\WINDOWS\temp\fla57.tmp moved successfully.
C:\WINDOWS\temp\fla5F.tmp moved successfully.

Registry entries deleted on Reboot...

Edited by Elster, 12 June 2010 - 08:08 PM.

  • 0

#5
voodookitten

voodookitten

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
ComboFix 10-06-12.02 - Debbie 06/12/2010 20:20:38.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.351 [GMT -5:00]
Running from: c:\documents and settings\Debbie\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\driver
c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\Web\default.htt

Infected copy of c:\windows\system32\drivers\nv_agp.SYS was found and disinfected
Restored copy from - Kitty had a snack :)
.
((((((((((((((((((((((((( Files Created from 2010-05-13 to 2010-06-13 )))))))))))))))))))))))))))))))
.

2010-06-11 15:37 . 2010-06-11 15:37 -------- d-----w- c:\program files\ERUNT
2010-06-11 06:32 . 2010-06-11 06:32 388096 ----a-r- c:\documents and settings\Debbie\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-10 08:21 . 2010-06-10 08:21 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-06-06 06:39 . 2001-08-18 03:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-06-06 06:39 . 2001-08-18 03:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-06-06 06:39 . 2001-08-18 03:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-06-06 06:39 . 2001-08-18 03:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-06-06 06:39 . 2001-08-17 19:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-06-06 06:39 . 2001-08-17 19:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-06-06 06:39 . 2001-08-17 19:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-06-06 06:39 . 2001-08-17 19:55 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-06-06 06:39 . 2001-08-17 19:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-06-06 06:39 . 2001-08-17 19:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-06-06 06:39 . 2001-08-17 19:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2010-06-06 06:39 . 2001-08-17 19:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-06-06 05:42 . 2010-06-11 06:32 -------- d-----w- c:\program files\Trend Micro
2010-06-06 05:42 . 2008-03-02 08:28 206608 ----a-w- c:\windows\system32\drivers\TMPassthru.sys
2010-06-06 05:16 . 2010-06-06 05:16 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-06-06 05:14 . 2010-06-06 05:14 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-06-05 04:30 . 2010-06-05 04:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-06-05 04:01 . 2006-07-02 03:39 36864 ----a-w- c:\windows\system32\drivers\AmdK8.sys
2010-06-05 04:01 . 2010-06-05 04:01 -------- d-----w- c:\program files\AMD
2010-06-05 04:00 . 2010-06-05 04:00 -------- d-----w- c:\documents and settings\Debbie\Application Data\InstallShield
2010-06-05 03:59 . 2010-06-05 03:59 -------- d-----w- c:\program files\NVIDIA Corporation
2010-06-05 03:59 . 2010-06-05 03:59 -------- d-----w- c:\program files\Common Files\NVIDIA Shared
2010-06-05 03:53 . 2010-06-05 03:53 -------- d-----w- c:\program files\CPUID
2010-06-05 03:53 . 2010-03-31 04:38 20968 ----a-w- c:\windows\system32\drivers\cpuz133_x32.sys
2010-06-05 01:29 . 2010-06-05 01:29 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-01 07:29 . 2010-06-01 07:29 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo
2010-05-28 04:57 . 2010-05-28 06:36 -------- d-----w- c:\documents and settings\Debbie\Local Settings\Application Data\Deadtime Stories
2010-05-28 03:53 . 2010-05-28 03:54 -------- d-----w- c:\program files\Luxor Adventures
2010-05-28 03:34 . 2010-05-28 03:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Deadtime Stories
2010-05-28 03:33 . 2010-05-28 03:34 -------- d-----w- c:\program files\Deadtime Stories
2010-05-28 03:20 . 2010-05-28 03:21 3085800 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\Unpack\bfgsetup_s1_l1.exe
2010-05-23 18:53 . 2010-05-23 18:53 12800 ----a-w- c:\documents and settings\Debbie\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3c839b03-n\decora-d3d.dll
2010-05-23 18:53 . 2010-05-23 18:53 61440 ----a-w- c:\documents and settings\Debbie\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3c839b03-n\decora-sse.dll
2010-05-23 18:53 . 2010-05-23 18:53 503808 ----a-w- c:\documents and settings\Debbie\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2ee10c9e-n\msvcp71.dll
2010-05-23 18:53 . 2010-05-23 18:53 499712 ----a-w- c:\documents and settings\Debbie\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2ee10c9e-n\jmc.dll
2010-05-23 18:53 . 2010-05-23 18:53 348160 ----a-w- c:\documents and settings\Debbie\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2ee10c9e-n\msvcr71.dll
2010-05-22 05:15 . 2010-05-22 05:16 -------- d-----w- c:\windows\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-13 01:06 . 2009-08-16 03:33 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-06-11 15:39 . 2010-06-11 15:39 -------- d-----w- c:\documents and settings\Debbie\Application Data\Malwarebytes
2010-06-11 15:39 . 2010-06-11 15:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-11 15:39 . 2010-06-11 15:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-06 05:42 . 2009-08-16 04:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-01 18:01 . 2009-11-15 01:19 -------- d-----w- c:\program files\Safari
2010-06-01 07:44 . 2009-08-16 08:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-28 06:06 . 2009-08-16 07:53 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2010-05-28 03:22 . 2009-08-16 07:54 -------- d-----w- c:\program files\bfgclient
2010-05-21 17:24 . 2009-12-06 23:36 -------- d-----w- c:\program files\Lexmark X1100 Series
2010-05-19 04:08 . 2009-11-15 01:21 19880 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-13 04:02 . 2010-05-11 23:19 59644 ----a-w- c:\documents and settings\Debbie\Application Data\Thunderbird\Profiles\xmdwmgkl.default\Mail\Local Folders\Reviews in the works.sbd\Measamommy.com
2010-05-08 22:42 . 2009-10-07 07:48 -------- d-----w- c:\documents and settings\Debbie\Application Data\Apple Computer
2010-05-08 21:57 . 2010-05-08 21:56 -------- d-----w- c:\program files\Bonjour
2010-05-08 18:17 . 2009-12-25 00:01 -------- d-----w- c:\program files\Google
2010-05-06 03:19 . 2010-05-06 03:19 144195 ----a-w- c:\documents and settings\Debbie\Application Data\Move Networks\uninstall.exe
2010-05-06 03:19 . 2010-05-06 03:18 -------- d-----w- c:\documents and settings\Debbie\Application Data\Move Networks
2010-05-06 03:18 . 2010-03-25 20:06 5605824 ----a-w- c:\documents and settings\Debbie\Application Data\Move Networks\plugins\071803000001\npqmp071803000001.dll
2010-04-29 20:39 . 2010-06-11 15:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2010-06-11 15:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-24 08:47 . 2010-04-24 08:47 -------- d-----w- c:\documents and settings\Debbie\Application Data\SulusGames
2010-04-24 08:47 . 2010-04-24 08:47 -------- d-----w- c:\documents and settings\All Users\Application Data\SulusGames
2010-04-18 18:48 . 2009-08-30 04:51 22168 ----a-w- c:\documents and settings\Debbie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-17 02:23 . 2010-04-17 02:20 -------- d-----w- c:\program files\LD Supreme
2010-04-17 02:14 . 2010-04-17 02:14 -------- d-----w- c:\program files\7-Zip
2010-04-10 04:08 . 2009-12-11 16:33 1 ----a-w- c:\documents and settings\Debbie\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-08 18:20 . 2010-04-08 18:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 18:20 . 2010-04-08 18:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-05 17:06 . 2010-04-05 17:06 503808 ----a-w- c:\documents and settings\Debbie\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-46e40615-n\msvcp71.dll
2010-04-05 17:06 . 2010-04-05 17:06 499712 ----a-w- c:\documents and settings\Debbie\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-46e40615-n\jmc.dll
2010-04-05 17:06 . 2010-04-05 17:06 348160 ----a-w- c:\documents and settings\Debbie\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-46e40615-n\msvcr71.dll
2010-04-05 17:06 . 2010-04-05 17:06 61440 ----a-w- c:\documents and settings\Debbie\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3eb32db1-n\decora-sse.dll
2010-04-05 17:06 . 2010-04-05 17:06 12800 ----a-w- c:\documents and settings\Debbie\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3eb32db1-n\decora-d3d.dll
2010-03-25 20:06 . 2010-03-25 20:06 97216 ----a-w- c:\documents and settings\Debbie\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-11-08 19:11 . 2009-11-08 19:11 11079 ---h--w- c:\program files\folder.htt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-01-27 77824]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-10-22 86016]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-04 131072]
"TMRUBottedTray"="c:\program files\Trend Micro\RUBotted\TMRUBottedTray.exe" [2008-11-06 288088]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Debbie^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Debbie\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 07:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmazonGSDownloaderTray]
2009-05-20 19:17 223744 ----a-w- c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-23 01:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
2003-08-19 16:43 57344 ----a-w- c:\program files\Lexmark X1100 Series\lxbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 16:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [8/15/2009 11:14 PM 22360]
R0 nvp2p;NVIDIA PCI to PCI Bridge Filter;c:\windows\system32\drivers\nvp2p.sys [8/15/2009 11:24 PM 8576]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [8/15/2009 11:14 PM 45416]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [8/15/2009 11:18 PM 13696]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [6/4/2010 10:53 PM 20968]
R2 RUBotted;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\TMRUBotted.exe [6/6/2010 12:42 AM 582992]
R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [6/6/2010 12:42 AM 206608]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/15/2009 11:14 PM 108289]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [6/6/2010 12:42 AM 206608]
S4 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [10/2/2009 12:52 PM 297472]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/24/2009 7:01 PM 135664]
.
Contents of the 'Scheduled Tasks' folder

2010-06-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 00:01]

2010-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 00:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://swagbucks.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
FF - ProfilePath - c:\documents and settings\Debbie\Application Data\Mozilla\Firefox\Profiles\of5zt2t8.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.swagbucks.com/?cmd=home
FF - plugin: c:\documents and settings\Debbie\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\Debbie\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Debbie\Application Data\Move Networks\plugins\071803000001\npqmp071803000001.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-12 20:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-06-12 20:26:29
ComboFix-quarantined-files.txt 2010-06-13 01:26

Pre-Run: 113,794,682,880 bytes free
Post-Run: 113,852,596,224 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 31642E025ED13838030C956D70CF1AC3
  • 0

#6
Elliot

Elliot

    Retired Staff

  • Expert
  • 3,769 posts
Hello voodookitten!

Looks like we got rid of quite a few there. Are you still getting redirected?

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter
    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • System Memory
  • Startup Objects
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.


Thanks!

Elster
  • 0

#7
Elliot

Elliot

    Retired Staff

  • Expert
  • 3,769 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP