Google Redirect lingering after Defense Center removal [Solved] - Geeks to Go Forums

Jump to content

Log in Register Register Malware removal guide How it works

Google Redirect lingering after Defense Center removal [Solved]

#1 NeoLux

  • Group: Member
  • Posts: 5
  • Joined: 13-June 10

Posted 13 June 2010 - 05:50 PM

My dear friends --

First, thank you all enormously for so kindly and generously volunteering your time and expertise to provide your amazing service to the community. You are truly wonderful and caring people, unsung heroes of the Internet. I--and countless others--am so deeply grateful to you for your vital assistance!

Yesterday my Windows XP laptop was attacked by the truly vicious Defense Center malware. A combination of Malwarebytes and Microsoft Security Essentials has seemed to beat the infestation into submission.

But I still have the lingering problem--seemingly similar to that reported in other postings--of finding my Google search results redirected through a Web site called traffic-essentials.com to random ad-based search sites.

I have no idea how to remove this problem, and so I appeal to you all for a moment of your time and your wisdom. I followed your Malware and Spyware Cleaning Guide, and I have posted the results of its various diagnostics below for your inspection. I also ran GooredFix and TDSSKiller, to no avail.

Possibly of interest, the computer also became insanely slow as it was running GMER, and my Microsoft Security Essentials seemed to have disabled itself when I restarted.

Thank you so enormously, and I am very much looking forward to getting this issue resolved!

With all my deepest appreciation for you, and all my very best wishes,

NeoLux


MBAM:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4192

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/13/2010 2:46:20 AM
mbam-log-2010-06-13 (02-46-20).txt

Scan type: Quick scan
Objects scanned: 137877
Time elapsed: 12 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




GMER:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-13 15:39:02
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\JEREMY~1\LOCALS~1\Temp\pxtdapow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAF2D0620]

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xB988A900]

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D5ADD9FF-F202-4ED5-A28C-94C13E1933C6}@LeaseObtainedTime 1276425482
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D5ADD9FF-F202-4ED5-A28C-94C13E1933C6}@T1 1276468682
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D5ADD9FF-F202-4ED5-A28C-94C13E1933C6}@T2 1276501082
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D5ADD9FF-F202-4ED5-A28C-94C13E1933C6}@LeaseTerminatesTime 1276511882
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D5ADD9FF-F202-4ED5-A28C-94C13E1933C6}@DhcpRetryTime 43197
Reg HKLM\SYSTEM\CurrentControlSet\Services\{D5ADD9FF-F202-4ED5-A28C-94C13E1933C6}\Parameters\Tcpip@LeaseObtainedTime 1276425482
Reg HKLM\SYSTEM\CurrentControlSet\Services\{D5ADD9FF-F202-4ED5-A28C-94C13E1933C6}\Parameters\Tcpip@T1 1276468682
Reg HKLM\SYSTEM\CurrentControlSet\Services\{D5ADD9FF-F202-4ED5-A28C-94C13E1933C6}\Parameters\Tcpip@T2 1276501082
Reg HKLM\SYSTEM\CurrentControlSet\Services\{D5ADD9FF-F202-4ED5-A28C-94C13E1933C6}\Parameters\Tcpip@LeaseTerminatesTime 1276511882
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\JeremyNew\Local Settings\Temporary Internet Files\Content.IE5\DOBLRDV1\ping_tssm[1].htm 5 bytes

---- EOF - GMER 1.0.15 ----


OTL:

OTL logfile created on: 6/13/2010 4:15:20 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\JeremyNew\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 40.89 Gb Free Space | 36.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: -
Current User Name: JeremyNew
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/13 02:28:40 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JeremyNew\Desktop\OTL.exe
PRC - [2010/06/07 10:13:53 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/02/21 05:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/07/20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/19 18:14:28 | 000,135,168 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\Toshiba\Power Management\CePMTray.exe
PRC - [2004/07/13 21:51:04 | 000,892,928 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2004/07/07 15:16:24 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2004/06/23 05:07:58 | 000,036,960 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
PRC - [2004/06/16 16:44:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2004/06/14 05:00:08 | 000,638,976 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\Toshiba\E-KEY\CeEKey.exe
PRC - [2004/05/14 10:29:50 | 000,712,704 | ---- | M] (Dritek System Inc.) -- C:\Program Files\EzButton\EzButton.EXE
PRC - [2004/05/13 14:46:02 | 000,053,248 | ---- | M] () -- c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
PRC - [2004/03/14 20:17:54 | 000,053,248 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\Toshiba\TouchPad\TPTray.exe
PRC - [2004/02/03 14:47:06 | 001,089,589 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\Touch and Launch\PadExe.exe
PRC - [2003/10/20 09:39:26 | 000,159,744 | ---- | M] (TOSHIBA Corporation) -- C:\Toshiba\Ivp\ISM\pinger.exe
PRC - [2003/09/05 03:24:46 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2003/05/23 13:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2003/03/14 11:38:12 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2001/12/13 00:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\BRSS01A.EXE
PRC - [2001/11/23 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\BRSVC01A.EXE


========== Modules (SafeList) ==========

MOD - [2010/06/13 02:28:40 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JeremyNew\Desktop\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Asynaeos)
SRV - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/07/20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/10/05 01:48:37 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2004/07/07 15:16:24 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2004/06/23 05:07:58 | 000,036,960 | ---- | M] (COMPAL ELECTRONIC INC.) [Auto | Running] -- C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe -- (CeEPwrSvc)
SRV - [2004/06/16 16:44:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/05/13 14:46:02 | 000,053,248 | ---- | M] () [Auto | Running] -- c:\Toshiba\Ivp\Swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2003/05/23 13:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2003/04/01 23:08:30 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\IcdSptSv.exe -- (ICDSPTSV)
SRV - [2001/11/23 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\WINDOWS\system32\BRSVC01A.EXE -- (Brother XP spl Service)


========== Driver Services (SafeList) ==========

DRV - [2010/06/11 20:39:03 | 000,054,016 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\afyd.sys -- (glcao)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/06/03 23:05:00 | 001,570,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/05/07 20:57:48 | 001,351,104 | ---- | M] (TamoSoft) [CommView] Atheros AR5008 Wireless Network Adapter Service [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ts_athw.sys -- (TS_AR5416)
DRV - [2008/01/21 13:58:46 | 000,558,624 | ---- | M] (TamoSoft) [CommView] Atheros Wireless Network Adapter Service [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007/03/07 16:51:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/03/07 16:51:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/09/23 23:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2004/09/02 15:51:08 | 000,004,224 | ---- | M] (Compal Electronic Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hkdrv.sys -- (EPOWER)
DRV - [2004/08/19 14:03:08 | 000,005,248 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ECioctl.sys -- (SrvcEPECioctl)
DRV - [2004/08/10 13:55:11 | 000,015,890 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/08/03 15:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/07/30 15:05:08 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSIOMngr.sys -- (SrvcSSIOMngr)
DRV - [2004/07/30 15:05:06 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPIOMngr.sys -- (SrvcTPIOMngr)
DRV - [2004/07/30 15:05:04 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EPIOMngr.sys -- (SrvcEPIOMngr)
DRV - [2004/07/30 15:05:04 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EKIOMngr.sys -- (SrvcEKIOMngr)
DRV - [2004/07/12 13:48:08 | 000,036,480 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2004/07/12 13:48:02 | 000,330,624 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2004/06/25 10:37:22 | 000,058,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2004/06/21 16:53:20 | 000,626,204 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/05/08 20:38:06 | 000,101,833 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/04/21 23:11:06 | 000,729,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/02/24 11:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2004/02/20 15:00:44 | 001,265,388 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/01/30 10:32:32 | 000,090,480 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2004/01/12 17:05:58 | 000,017,497 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2003/10/15 17:48:00 | 000,082,576 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2003/10/15 17:48:00 | 000,006,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2003/10/15 17:47:00 | 000,051,040 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2003/09/19 15:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/08/13 15:27:22 | 000,065,280 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003/06/11 08:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2003/04/23 15:06:40 | 000,013,174 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atisgkaf.sys -- (caboagp)
DRV - [2003/01/29 14:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/11/28 22:23:24 | 000,039,048 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IcdUsb2.sys -- (ICDUSB2) Sony IC Recorder (P)
DRV - [2001/08/17 05:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:1038

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 1038
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/22 15:31:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/12 01:22:32 | 000,000,000 | ---D | M]

[2010/04/19 22:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeremyNew\Application Data\Mozilla\Extensions
[2010/06/12 19:10:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeremyNew\Application Data\Mozilla\Firefox\Profiles\z8kam7zy.default\extensions
[2010/04/21 21:43:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\JeremyNew\Application Data\Mozilla\Firefox\Profiles\z8kam7zy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/12 19:10:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/12 01:22:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/06/10 06:15:38 | 000,000,765 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 84.16.244.58 www.google.com
O1 - Hosts: 84.16.244.58 us.search.yahoo.com
O1 - Hosts: 84.16.244.58 uk.search.yahoo.com
O1 - Hosts: 84.16.244.58 search.yahoo.com
O1 - Hosts: 84.16.244.58 www.google.com.br
O1 - Hosts: 84.16.244.58 www.google.it
O1 - Hosts: 84.16.244.58 www.google.es
O1 - Hosts: 84.16.244.58 www.google.co.jp
O1 - Hosts: 84.16.244.58 www.google.com.mx
O1 - Hosts: 84.16.244.58 www.google.ca
O1 - Hosts: 84.16.244.58 www.google.com.au
O1 - Hosts: 84.16.244.58 www.google.nl
O1 - Hosts: 84.16.244.58 www.google.co.za
O1 - Hosts: 84.16.244.58 www.google.be
O1 - Hosts: 84.16.244.58 www.google.gr
O1 - Hosts: 84.16.244.58 www.google.at
O1 - Hosts: 84.16.244.58 www.google.se
O1 - Hosts: 84.16.244.58 www.google.ch
O1 - Hosts: 84.16.244.58 www.google.pt
O1 - Hosts: 84.16.244.58 www.google.dk
O1 - Hosts: 84.16.244.58 www.google.fi
O1 - Hosts: 84.16.244.58 www.google.ie
O1 - Hosts: 84.16.244.58 www.google.no
O1 - Hosts: 84.16.244.58 www.google.de
O1 - Hosts: 84.16.244.58 www.google.fr
O1 - Hosts: 2 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [CeEKEY] C:\Program Files\Toshiba\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [CeEPOWER] C:\Program Files\Toshiba\Power Management\CePMTray.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [PadTouch] C:\Program Files\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPNF] C:\Program Files\Toshiba\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\JeremyNew\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\JeremyNew\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/09 17:08:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1c331bb1-4a79-11d9-aa25-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{1c331bb1-4a79-11d9-aa25-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1c331bb1-4a79-11d9-aa25-806d6172696f}\Shell\AutoRun\command - "" = D:\INSTALL.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/09 17:07:46 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.divx - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mjpg - C:\WINDOWS\System32\pvmjpg30.dll (Pegasus Imaging Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.vp60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 90 Days ==========

[2010/06/13 02:28:40 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JeremyNew\Desktop\OTL.exe
[2010/06/12 15:35:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JeremyNew\Desktop\GooredFix Backups
[2010/06/12 15:35:14 | 000,070,858 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\JeremyNew\Desktop\GooredFix.exe
[2010/06/12 03:21:30 | 000,998,736 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\JeremyNew\Desktop\123awesome.exe
[2010/06/12 03:19:01 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/06/12 03:16:20 | 000,518,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JeremyNew\Desktop\OTM.exe
[2010/06/12 03:04:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JeremyNew\Application Data\SUPERAntiSpyware.com
[2010/06/12 03:04:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/06/12 03:02:56 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/06/12 02:44:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/06/12 01:54:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/06/12 01:45:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/12 01:44:00 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/12 01:23:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/06/12 00:23:56 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JeremyNew\Desktop\TFC.exe
[2010/06/10 03:31:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/10 03:31:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/10 03:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JeremyNew\Local Settings\Application Data\dpevcaity
[2010/06/10 03:02:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Update
[2010/05/27 23:20:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/05/18 19:06:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JeremyNew\My Documents\My Skype Content
[2010/05/07 14:01:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JeremyNew\Application Data\Skype
[2010/05/07 14:01:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JeremyNew\My Documents\My Skype Pictures
[2010/05/07 14:01:45 | 000,000,000 | ---D | C] -- C:\Program Files\Skype
[2010/04/22 14:11:09 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010/04/22 14:09:30 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/22 14:09:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/04/22 14:08:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/04/22 14:08:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JeremyNew\Local Settings\Application Data\Apple
[2010/04/22 14:08:15 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/04/22 14:08:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/04/22 00:23:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JeremyNew\Desktop\fleXcroll_SampleStyles
[2010/04/21 17:34:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pendulo Studios
[2010/04/21 05:53:03 | 000,000,000 | ---D | C] -- C:\Program Files\Pendulo Studios
[2010/04/20 00:58:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JeremyNew\My Documents\Downloads
[2010/04/19 23:41:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JeremyNew\My Documents\InstantCDDVD
[2010/04/19 23:41:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JeremyNew\Local Settings\Application Data\Pinnacle
[2010/04/19 22:33:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JeremyNew\Local Settings\Application Data\Mozilla
[2010/04/19 22:33:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JeremyNew\Application Data\Mozilla
[2010/04/19 22:33:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/04/19 18:49:30 | 000,000,000 | ---D | C] -- C:\ATI
[2010/04/19 17:14:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JeremyNew\Application Data\DivX
[2010/04/19 15:38:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JeremyNew\Application Data\proDAD
[2010/04/19 15:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\proDAD
[2010/04/19 15:37:45 | 000,049,152 | ---- | C] (Canopus Co., Ltd.) -- C:\WINDOWS\System32\CvoAPI.dll
[2010/04/19 15:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\Boris FX, Inc
[2010/04/19 15:31:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/04/19 15:30:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pinnacle
[2010/04/19 15:30:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JeremyNew\Local Settings\Application Data\Downloaded Installations
[2010/04/19 15:30:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Ultimate
[2010/04/19 15:28:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/04/19 15:21:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Yahoo!
[2010/04/19 15:21:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Studio 12
[2010/04/19 15:21:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
[2010/04/19 15:21:20 | 000,000,000 | ---D | C] -- C:\Program Files\Pinnacle
[2010/04/19 15:21:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Pinnacle
[2010/04/19 15:21:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\My Projects
[2010/04/19 15:17:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/04/15 02:21:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JeremyNew\Desktop\journey2_data
[2010/04/12 03:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\IsolatedStorage
[2010/04/12 03:00:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JeremyNew\Desktop\TurboTax 2009 Home & Business + eFile
[2010/04/04 22:03:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JeremyNew\Desktop\iMST
[2010/04/04 18:48:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JeremyNew\Local Settings\Application Data\IsolatedStorage
[2010/04/04 16:04:17 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/04/04 16:03:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JeremyNew\Application Data\uTorrent
[2010/04/04 00:54:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JeremyNew\My Documents\JIPHOTOS
[2010/03/31 21:48:21 | 000,000,000 | ---D | C] -- C:\Program Files\PHP
[2010/03/31 17:40:32 | 000,000,000 | ---D | C] -- C:\Program Files\Abitec
[2010/03/31 17:40:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2010/03/18 21:31:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\custom matrices
[2010/03/18 21:31:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\C2MP
[2010/03/18 21:02:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/03/18 21:02:14 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2010/03/18 20:53:32 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2004/08/19 14:00:02 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\ECioctl.dll

========== Files - Modified Within 90 Days ==========

[2010/06/13 16:13:49 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/06/13 15:49:05 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/13 15:49:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/13 02:28:40 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JeremyNew\Desktop\OTL.exe
[2010/06/12 17:32:00 | 000,243,474 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\wk3_04a_10.02.15_HOW_TO_REHEARSE.pdf
[2010/06/12 17:29:27 | 009,323,248 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\wk3_02_15_SECOND_PRINCIPLE.pdf
[2010/06/12 16:13:18 | 009,437,184 | ---- | M] () -- C:\Documents and Settings\JeremyNew\NTUSER.DAT
[2010/06/12 16:13:18 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\JeremyNew\ntuser.ini
[2010/06/12 15:35:18 | 000,070,858 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\JeremyNew\Desktop\GooredFix.exe
[2010/06/12 14:49:41 | 000,259,048 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/12 04:21:48 | 000,000,649 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/12 04:20:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/12 04:06:33 | 000,508,318 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/12 04:06:33 | 000,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/12 04:06:33 | 000,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/12 03:42:00 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/06/12 03:16:20 | 000,518,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JeremyNew\Desktop\OTM.exe
[2010/06/12 03:15:10 | 000,000,103 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\fix.reg
[2010/06/12 03:03:01 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/06/12 02:49:53 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/12 02:49:53 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/06/12 02:06:53 | 000,000,073 | ---- | M] () -- C:\WINDOWS\data6.set
[2010/06/12 02:04:00 | 002,643,702 | -H-- | M] () -- C:\Documents and Settings\JeremyNew\Local Settings\Application Data\IconCache.db
[2010/06/12 01:54:20 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/06/12 01:53:23 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/12 01:44:07 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\NTREGOPT.lnk
[2010/06/12 01:44:07 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\ERUNT.lnk
[2010/06/12 01:15:54 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Gtaviri.dat
[2010/06/12 01:04:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Hlazu.bin
[2010/06/12 00:23:56 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JeremyNew\Desktop\TFC.exe
[2010/06/12 00:15:02 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Local Settings\Application Data\prvlcl.dat
[2010/06/12 00:12:49 | 000,062,382 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\wk3_06_IN_THE_LOOP.pdf
[2010/06/12 00:12:23 | 000,070,774 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\wk3_10c_10_SC4P_SHIT_MY_DAD_SAYS_Henry_Revised_(A.Rose).pdf
[2010/06/12 00:12:11 | 000,114,110 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\wk3_10b_10_SC1P_SHIT_MY_DAD_SAYS_full_script.pdf
[2010/06/12 00:12:05 | 000,021,954 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\wk3_10a_10_SC1P_SHIT_MY_DAD_SAYS_bd.pdf
[2010/06/11 20:39:03 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\afyd.sys
[2010/06/11 16:58:37 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\rkill.com
[2010/06/11 16:55:00 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\rkill.exe
[2010/06/07 15:41:32 | 000,050,882 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\Anniversary Party Scene.pdf
[2010/06/03 04:12:35 | 000,109,182 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\wk2_09a_10_SC4P_UNTITLED_PETER_KNIGHT_Full_Script.pdf
[2010/06/03 04:12:29 | 000,048,318 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\wk2_09a_10_SC4P_UNTITLED_PETER_KNIGHT_Gracie_(K.Cassidy).pdf
[2010/06/03 04:12:16 | 000,034,830 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\wk2_08b_YOU_SEND_ME.pdf
[2010/06/03 04:12:12 | 000,033,883 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\wk2_08a_SUDDENLY_SUSAN.pdf
[2010/06/03 04:10:45 | 000,260,220 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\How_to_make_a_post_on_the_submissions_blog_5.pdf
[2010/05/31 10:41:00 | 000,998,736 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\JeremyNew\Desktop\123awesome.exe
[2010/05/29 22:09:13 | 000,020,582 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\stan_lee.jpg
[2010/05/29 22:08:06 | 000,021,799 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\sc0000b304.jpg
[2010/05/29 22:02:22 | 000,135,735 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\2481043297_1f12ed170a.jpg
[2010/05/29 22:01:17 | 000,008,396 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\stan-lees-autograph-paying-200X200.jpg
[2010/05/27 23:43:34 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/05/27 15:30:49 | 000,029,809 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\policySummary.xhtml
[2010/05/26 00:44:28 | 000,029,910 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\csi_greg_nobler.pdf
[2010/05/26 00:28:36 | 000,065,417 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\Conner.pdf
[2010/05/26 00:26:28 | 000,032,933 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\Jesse_Male_Teen.pdf
[2010/05/20 18:32:46 | 000,506,843 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\High School Confidential.pdf
[2010/05/19 17:54:40 | 000,090,708 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\Attachment_Agreement.pdf
[2010/05/18 21:03:18 | 000,022,021 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\744px-Flag_of_Zaire_svg.png
[2010/05/18 19:52:39 | 041,408,878 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\Go Your Own Way.mp4
[2010/05/18 19:45:45 | 025,692,766 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\Lost in Translation.mp4
[2010/05/14 18:10:00 | 010,898,208 | ---- | M] () -- C:\9.CAP
[2010/05/14 18:09:12 | 021,641,631 | ---- | M] () -- C:\8.CAP
[2010/05/14 18:09:02 | 100,833,828 | ---- | M] () -- C:\7.CAP
[2010/05/14 18:08:41 | 100,833,828 | ---- | M] () -- C:\6.CAP
[2010/05/14 18:08:25 | 100,833,828 | ---- | M] () -- C:\5.CAP
[2010/05/14 18:07:59 | 021,648,792 | ---- | M] () -- C:\4.CAP
[2010/05/14 18:07:35 | 173,865,783 | ---- | M] () -- C:\3.CAP
[2010/05/14 18:06:51 | 099,026,483 | ---- | M] () -- C:\2.CAP
[2010/05/14 18:06:22 | 010,023,933 | ---- | M] () -- C:\1.CAP
[2010/05/14 01:42:32 | 092,798,895 | ---- | M] () -- C:\18.CAP
[2010/05/14 01:36:54 | 100,833,828 | ---- | M] () -- C:\17.CAP
[2010/05/14 01:35:37 | 021,648,792 | ---- | M] () -- C:\16.CAP
[2010/05/14 01:34:37 | 074,839,324 | ---- | M] () -- C:\15.CAP
[2010/05/14 01:32:58 | 099,026,483 | ---- | M] () -- C:\14.CAP
[2010/05/14 01:31:49 | 010,023,933 | ---- | M] () -- C:\13.CAP
[2010/05/14 00:10:14 | 000,024,030 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\plasticface.jpg
[2010/05/13 00:43:01 | 000,035,442 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\30869_1271009344766_1515840782_31453790_3292506_n.jpg
[2010/05/12 19:59:01 | 090,398,965 | ---- | M] () -- C:\38.CAP
[2010/05/12 19:57:43 | 238,532,363 | ---- | M] () -- C:\37.CAP
[2010/05/12 19:56:39 | 139,348,838 | ---- | M] () -- C:\19.CAP
[2010/05/12 19:55:21 | 040,684,980 | ---- | M] () -- C:\21.CAP
[2010/05/12 19:21:21 | 261,799,901 | ---- | M] () -- C:\22.CAP
[2010/05/12 19:19:42 | 162,119,826 | ---- | M] () -- C:\23.CAP
[2010/05/12 19:17:38 | 063,087,002 | ---- | M] () -- C:\24.CAP
[2010/05/12 19:15:50 | 045,265,554 | ---- | M] () -- C:\25.CAP
[2010/05/12 19:14:10 | 242,848,345 | ---- | M] () -- C:\26.CAP
[2010/05/12 19:12:37 | 143,768,448 | ---- | M] () -- C:\27.CAP
[2010/05/12 19:11:38 | 099,239,089 | ---- | M] () -- C:\20.CAP
[2010/05/12 02:10:41 | 000,000,134 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\Mark Wheeler.vcf
[2010/05/09 18:20:12 | 000,026,198 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\Daddy Issues.pdf
[2010/05/09 18:18:23 | 000,022,417 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\Interrogation.pdf
[2010/05/09 17:00:55 | 000,037,240 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\naked-girl+-101-4.jpg
[2010/05/07 19:44:38 | 000,057,792 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/07 14:01:50 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/05/05 23:42:43 | 034,415,956 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\Full GDL for YouTube Part II.mp4
[2010/05/05 21:44:02 | 167,704,179 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\Full GDL for YouTube Part I.mp4
[2010/05/05 20:26:52 | 000,003,823 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\Raw GDL footage with intro and splices.mpg.scn
[2010/05/05 20:19:55 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2010/05/05 19:53:23 | 000,006,844 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\JI on Showbiz Tonight.cos2
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/27 21:53:49 | 000,418,353 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\DeltStandard.doc
[2010/04/23 00:26:50 | 000,003,711 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\Edited GDL.mpg.scn
[2010/04/23 00:14:56 | 815,405,056 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\Raw GDL footage with intro and splices.mpg
[2010/04/22 22:31:08 | 000,222,763 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\Color Jeremy for YouTube.jpg
[2010/04/22 22:29:25 | 001,060,141 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\Color Jeremy flip to B&W for YouTube.jpg
[2010/04/22 14:10:03 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/21 18:39:32 | 000,162,227 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\Directory Listing for Mr_ Wolff Klabin.mht
[2010/04/21 17:33:31 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/21 05:53:10 | 000,000,940 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RUNAWAY - A TWIST OF FATE.lnk
[2010/04/20 00:20:43 | 000,000,459 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\HCONF_AUDITION.scn
[2010/04/19 22:33:42 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/04/19 20:33:31 | 000,000,897 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Pinnacle Studio 12.lnk
[2010/04/19 19:45:00 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/04/19 19:45:00 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/04/19 16:39:08 | 000,076,080 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/19 15:33:22 | 000,001,890 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Pinnacle Instant DVD Recorder.lnk
[2010/04/15 08:04:54 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\Just a New York girl.doc
[2010/04/15 03:51:46 | 000,057,761 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\journey2.aup
[2010/04/15 03:41:35 | 000,043,323 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\journey2.aup.bak
[2010/04/13 13:04:54 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/12 04:22:48 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
[2010/04/12 00:48:47 | 000,034,406 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\Jeremy sings!.jpg
[2010/04/10 14:27:13 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\jeremy.doc
[2010/04/10 14:26:50 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\Now I understand what.doc
[2010/04/04 21:44:20 | 000,785,931 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\I-FAKER_Desktop_Pro.rar
[2010/04/04 16:25:18 | 507,142,144 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\TurboTax 2009
[2010/04/04 16:04:20 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ĩTorrent.lnk
[2010/04/03 21:26:34 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\In active and meaningful discussions.doc
[2010/04/02 01:05:32 | 000,023,927 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\Monique in conference room.pdf
[2010/03/20 22:38:20 | 000,838,383 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\Color Jeremy flip.jpg
[2010/03/19 16:09:53 | 000,818,453 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\Color Jeremy.jpg
[2010/03/19 16:01:24 | 000,700,235 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\Brighter Jeremy.jpg
[2010/03/19 03:10:48 | 000,014,125 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\Jeremy sings.jpg
[2010/03/18 20:31:04 | 014,187,589 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\HCONF_AUDITION.mp4

========== Files Created - No Company Name ==========

[2010/06/13 02:53:31 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\gmer.exe
[2010/06/12 17:31:59 | 000,243,474 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\wk3_04a_10.02.15_HOW_TO_REHEARSE.pdf
[2010/06/12 17:28:51 | 009,323,248 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\wk3_02_15_SECOND_PRINCIPLE.pdf
[2010/06/12 03:15:09 | 000,000,103 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\fix.reg
[2010/06/12 03:03:01 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/06/12 01:59:51 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/06/12 01:54:19 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/06/12 01:44:07 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\NTREGOPT.lnk
[2010/06/12 01:44:07 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\ERUNT.lnk
[2010/06/12 01:39:01 | 000,000,073 | ---- | C] () -- C:\WINDOWS\data6.set
[2010/06/12 00:26:23 | 000,021,954 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\wk3_10a_10_SC1P_SHIT_MY_DAD_SAYS_bd.pdf
[2010/06/12 00:12:49 | 000,062,382 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\wk3_06_IN_THE_LOOP.pdf
[2010/06/12 00:12:23 | 000,070,774 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\wk3_10c_10_SC4P_SHIT_MY_DAD_SAYS_Henry_Revised_(A.Rose).pdf
[2010/06/12 00:12:11 | 000,114,110 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\wk3_10b_10_SC1P_SHIT_MY_DAD_SAYS_full_script.pdf
[2010/06/11 20:39:03 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\afyd.sys
[2010/06/11 16:58:27 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\rkill.com
[2010/06/11 16:54:48 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\rkill.exe
[2010/06/10 03:04:08 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Gtaviri.dat
[2010/06/10 03:04:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Hlazu.bin
[2010/06/07 15:36:55 | 000,050,882 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\Anniversary Party Scene.pdf
[2010/06/03 04:12:34 | 000,109,182 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\wk2_09a_10_SC4P_UNTITLED_PETER_KNIGHT_Full_Script.pdf
[2010/06/03 04:12:29 | 000,048,318 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\wk2_09a_10_SC4P_UNTITLED_PETER_KNIGHT_Gracie_(K.Cassidy).pdf
[2010/06/03 04:12:16 | 000,034,830 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\wk2_08b_YOU_SEND_ME.pdf
[2010/06/03 04:12:12 | 000,033,883 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\wk2_08a_SUDDENLY_SUSAN.pdf
[2010/06/03 04:11:06 | 000,260,220 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\How_to_make_a_post_on_the_submissions_blog_5.pdf
[2010/05/29 22:10:13 | 000,008,396 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\stan-lees-autograph-paying-200X200.jpg
[2010/05/29 22:09:58 | 000,021,799 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\sc0000b304.jpg
[2010/05/29 22:09:40 | 000,135,735 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\2481043297_1f12ed170a.jpg
[2010/05/29 22:09:27 | 000,020,582 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\stan_lee.jpg
[2010/05/27 23:31:01 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/05/27 15:30:49 | 000,029,809 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\policySummary.xhtml
[2010/05/26 00:44:28 | 000,029,910 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\csi_greg_nobler.pdf
[2010/05/26 00:31:47 | 000,065,417 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\Conner.pdf
[2010/05/26 00:31:36 | 000,032,933 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\Jesse_Male_Teen.pdf
[2010/05/20 18:32:46 | 000,506,843 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\High School Confidential.pdf
[2010/05/18 21:03:27 | 000,022,021 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\744px-Flag_of_Zaire_svg.png
[2010/05/18 19:52:39 | 041,408,878 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\Go Your Own Way.mp4
[2010/05/18 19:45:45 | 025,692,766 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\Lost in Translation.mp4
[2010/05/14 18:10:00 | 010,898,208 | ---- | C] () -- C:\9.CAP
[2010/05/14 18:09:11 | 021,641,631 | ---- | C] () -- C:\8.CAP
[2010/05/14 18:08:52 | 100,833,828 | ---- | C] () -- C:\7.CAP
[2010/05/14 00:10:17 | 000,024,030 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\plasticface.jpg
[2010/05/13 00:39:08 | 000,035,442 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\30869_1271009344766_1515840782_31453790_3292506_n.jpg
[2010/05/12 02:10:41 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\Mark Wheeler.vcf
[2010/05/09 18:21:23 | 000,022,417 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\Interrogation.pdf
[2010/05/09 18:21:16 | 000,026,198 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\Daddy Issues.pdf
[2010/05/09 17:03:22 | 000,037,240 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\naked-girl+-101-4.jpg
[2010/05/07 19:44:38 | 000,057,792 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/07 14:01:50 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/05/05 23:32:39 | 034,415,956 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\Full GDL for YouTube Part II.mp4
[2010/05/05 20:46:30 | 167,704,179 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\Full GDL for YouTube Part I.mp4
[2010/05/05 20:26:52 | 000,003,823 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\Raw GDL footage with intro and splices.mpg.scn
[2010/05/05 19:53:22 | 000,006,844 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\JI on Showbiz Tonight.cos2
[2010/04/27 21:53:49 | 000,418,353 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\DeltStandard.doc
[2010/04/23 00:26:50 | 000,003,711 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\Edited GDL.mpg.scn
[2010/04/23 00:11:57 | 815,405,056 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\Raw GDL footage with intro and splices.mpg
[2010/04/22 22:36:10 | 003,833,913 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\JI on Showbiz Tonight.wmv
[2010/04/22 22:31:08 | 000,222,763 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\Color Jeremy for YouTube.jpg
[2010/04/22 22:29:23 | 001,060,141 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\Color Jeremy flip to B&W for YouTube.jpg
[2010/04/22 14:11:31 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/04/22 14:10:02 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/21 18:39:30 | 000,162,227 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\Directory Listing for Mr_ Wolff Klabin.mht
[2010/04/21 05:53:10 | 000,000,940 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RUNAWAY - A TWIST OF FATE.lnk
[2010/04/20 00:20:42 | 000,000,459 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\HCONF_AUDITION.scn
[2010/04/19 22:33:42 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/04/19 19:45:00 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/04/19 19:45:00 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/04/19 15:37:45 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BFXSrcFilter.ax
[2010/04/19 15:37:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Graffiti5.2Pin.ini
[2010/04/19 15:33:22 | 000,001,890 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Pinnacle Instant DVD Recorder.lnk
[2010/04/19 15:27:08 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Pinnacle Studio 12.lnk
[2010/04/19 15:19:15 | 000,000,349 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2010/04/15 02:21:13 | 000,057,761 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\journey2.aup
[2010/04/15 02:21:13 | 000,043,323 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\journey2.aup.bak
[2010/04/12 15:12:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/12 03:37:04 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
[2010/04/10 14:27:13 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\jeremy.doc
[2010/04/10 14:26:50 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\Now I understand what.doc
[2010/04/08 18:54:47 | 000,034,406 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\Jeremy sings!.jpg
[2010/04/08 04:26:23 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\Just a New York girl.doc
[2010/04/04 21:44:09 | 000,785,931 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\I-FAKER_Desktop_Pro.rar
[2010/04/04 16:05:35 | 507,142,144 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\TurboTax 2009
[2010/04/04 16:04:20 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ĩTorrent.lnk
[2010/04/02 01:05:32 | 000,023,927 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\Monique in conference room.pdf
[2010/04/01 17:36:05 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\In active and meaningful discussions.doc
[2010/03/26 02:27:24 | 000,090,708 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\Attachment_Agreement.pdf
[2010/03/20 22:38:19 | 000,838,383 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\Color Jeremy flip.jpg
[2010/03/19 16:05:20 | 000,818,453 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\Color Jeremy.jpg
[2010/03/19 16:01:24 | 000,700,235 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\Brighter Jeremy.jpg
[2010/03/19 03:10:47 | 000,014,125 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\Jeremy sings.jpg
[2010/03/18 20:31:04 | 014,187,589 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\HCONF_AUDITION.mp4
[2010/03/02 17:00:00 | 004,555,278 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/03/02 17:00:00 | 001,449,935 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010/03/02 17:00:00 | 000,882,688 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/03/02 17:00:00 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2010/03/02 17:00:00 | 000,556,491 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/03/02 17:00:00 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010/03/02 17:00:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/03/02 17:00:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010/03/02 17:00:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010/03/02 17:00:00 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010/03/02 17:00:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010/03/02 17:00:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/03/02 17:00:00 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010/03/02 17:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010/03/02 17:00:00 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2010/03/02 17:00:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010/03/02 17:00:00 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/02/01 13:50:32 | 000,000,156 | ---- | C] () -- C:\WINDOWS\Kpcms.ini
[2010/02/01 13:50:10 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2009/11/14 11:37:08 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/11/14 11:33:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/11/14 11:11:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/11/14 11:11:42 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/11/14 11:11:42 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/11/14 11:11:40 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/11/14 11:11:40 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/11/14 11:11:38 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/11/14 11:11:32 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/11/14 11:11:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2009/07/06 02:13:24 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2009/07/06 02:13:24 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2009/06/07 09:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/02/05 08:22:29 | 000,000,026 | ---- | C] () -- C:\WINDOWS\FPKPMSV.INI
[2009/01/10 15:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008/11/06 09:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/02 19:33:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVEdit.INI
[2008/11/02 19:29:54 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SCapPro.INI
[2008/11/02 19:29:05 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\trc.dll
[2008/11/02 19:28:41 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dsp_trc.dll
[2008/11/02 19:28:41 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\IcdSptSvps.dll
[2008/10/05 01:51:46 | 000,000,040 | ---- | C] () -- C:\WINDOWS\RUNAWAY2.INI
[2008/09/19 23:59:01 | 000,000,058 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2008/09/19 23:59:01 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_1440.ini
[2008/09/19 23:59:00 | 000,000,447 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2008/09/19 23:58:59 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2008/09/19 23:58:58 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/09/18 02:45:17 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/09/17 11:34:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/09/17 11:34:22 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/10/13 02:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/01/26 02:04:12 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2007/01/26 02:04:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2004/08/19 14:03:08 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\ECioctl.sys
[2004/08/16 13:43:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CeEKey.INI
[2004/08/10 15:37:33 | 000,000,921 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/08/10 15:35:16 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/08/10 15:35:16 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/08/10 15:35:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/08/10 15:35:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/08/10 15:35:16 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/08/10 15:35:16 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/08/10 15:10:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2004/08/10 15:09:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CePMTray.INI
[2004/08/10 13:57:26 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2004/08/10 13:57:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2004/08/10 13:57:26 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2004/08/10 13:57:26 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2004/08/10 13:34:04 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/08/10 13:23:21 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2004/08/09 17:37:33 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\EMCRI.dll
[2004/08/09 17:17:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/09 17:12:23 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/09 17:04:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/09 16:32:25 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/04/21 22:58:26 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2008/10/30 03:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACASystems
[2008/10/30 00:55:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AnyCapture
[2008/09/18 02:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Final Draft
[2008/09/18 02:42:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2009/07/06 02:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/04/21 17:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pendulo Studios
[2010/04/19 15:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/04/19 15:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
[2010/04/19 20:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Ultimate
[2010/04/19 15:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Studio 12
[2008/10/05 02:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/11 11:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Update
[2008/10/30 03:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeremyNew\Application Data\ACASystems
[2008/09/18 01:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeremyNew\Application Data\Azureus
[2009/02/05 08:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeremyNew\Application Data\Downloaded Installations
[2008/09/18 01:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeremyNew\Application Data\Ethereal
[2008/09/18 01:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeremyNew\Application Data\FileOpen
[2008/09/18 01:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeremyNew\Application Data\Final Draft
[2010/05/29 22:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeremyNew\Application Data\FrostWire
[2009/07/06 02:13:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeremyNew\Application Data\GetRightToGo
[2008/09/18 01:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeremyNew\Application Data\InterTrust
[2008/09/18 01:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeremyNew\Application Data\InterVideo
[2009/02/05 08:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeremyNew\Application Data\Kinko's
[2008/09/18 01:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeremyNew\Application Data\Learn2.com
[2009/07/06 02:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeremyNew\Application Data\NCH Swift Sound
[2008/09/18 00:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeremyNew\Application Data\PGP
[2010/04/19 15:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeremyNew\Application Data\proDAD
[2008/09/18 00:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeremyNew\Application Data\Template
[2008/09/18 00:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeremyNew\Application Data\toshiba
[2008/09/18 00:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeremyNew\Application Data\uqm
[2010/04/19 05:02:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeremyNew\Application Data\uTorrent
[2008/09/18 00:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeremyNew\Application Data\Viewpoint
[2010/06/13 16:13:49 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/05/14 18:06:22 | 010,023,933 | ---- | M] () -- C:\1.CAP
[2010/02/10 15:20:32 | 196,670,167 | ---- | M] () -- C:\10.CAP
[2010/02/10 15:26:16 | 098,176,462 | ---- | M] () -- C:\11.CAP
[2010/02/10 15:27:49 | 170,227,453 | ---- | M] () -- C:\12.CAP
[2010/05/14 01:31:49 | 010,023,933 | ---- | M] () -- C:\13.CAP
[2010/05/14 01:32:58 | 099,026,483 | ---- | M] () -- C:\14.CAP
[2010/05/14 01:34:37 | 074,839,324 | ---- | M] () -- C:\15.CAP
[2010/05/14 01:35:37 | 021,648,792 | ---- | M] () -- C:\16.CAP
[2010/05/14 01:36:54 | 100,833,828 | ---- | M] () -- C:\17.CAP
[2010/05/14 01:42:32 | 092,798,895 | ---- | M] () -- C:\18.CAP
[2010/05/12 19:56:39 | 139,348,838 | ---- | M] () -- C:\19.CAP
[2010/05/14 18:06:51 | 099,026,483 | ---- | M] () -- C:\2.CAP
[2010/05/12 19:11:38 | 099,239,089 | ---- | M] () -- C:\20.CAP
[2010/05/12 19:55:21 | 040,684,980 | ---- | M] () -- C:\21.CAP
[2010/05/12 19:21:21 | 261,799,901 | ---- | M] () -- C:\22.CAP
[2010/05/12 19:19:42 | 162,119,826 | ---- | M] () -- C:\23.CAP
[2010/05/12 19:17:38 | 063,087,002 | ---- | M] () -- C:\24.CAP
[2010/05/12 19:15:50 | 045,265,554 | ---- | M] () -- C:\25.CAP
[2010/05/12 19:14:10 | 242,848,345 | ---- | M] () -- C:\26.CAP
[2010/05/12 19:12:37 | 143,768,448 | ---- | M] () -- C:\27.CAP
[2010/02/08 16:48:08 | 097,755,755 | ---- | M] () -- C:\28.CAP
[2010/02/08 16:50:58 | 098,191,220 | ---- | M] () -- C:\29.CAP
[2010/05/14 18:07:35 | 173,865,783 | ---- | M] () -- C:\3.CAP
[2010/02/08 16:52:00 | 098,254,376 | ---- | M] () -- C:\30.CAP
[2010/02/08 16:54:16 | 098,214,040 | ---- | M] () -- C:\31.CAP
[2010/02/09 02:04:10 | 098,564,322 | ---- | M] () -- C:\32.CAP
[2010/02/09 02:05:32 | 183,741,523 | ---- | M] () -- C:\33.CAP
[2010/02/10 15:15:30 | 098,139,361 | ---- | M] () -- C:\34.CAP
[2010/02/10 15:16:49 | 116,770,602 | ---- | M] () -- C:\35.CAP
[2010/02/10 15:18:14 | 098,339,057 | ---- | M] () -- C:\36.CAP
[2010/05/12 19:57:43 | 238,532,363 | ---- | M] () -- C:\37.CAP
[2010/05/12 19:59:01 | 090,398,965 | ---- | M] () -- C:\38.CAP
[2010/05/14 18:07:59 | 021,648,792 | ---- | M] () -- C:\4.CAP
[2010/05/14 18:08:25 | 100,833,828 | ---- | M] () -- C:\5.CAP
[2010/05/14 18:08:41 | 100,833,828 | ---- | M] () -- C:\6.CAP
[2010/05/14 18:09:02 | 100,833,828 | ---- | M] () -- C:\7.CAP
[2010/05/14 18:09:12 | 021,641,631 | ---- | M] () -- C:\8.CAP
[2010/05/14 18:10:00 | 010,898,208 | ---- | M] () -- C:\9.CAP
[2010/02/09 02:38:34 | 001,754,724 | ---- | M] () -- C:\aircrack-ng.exe
[2004/08/09 17:08:24 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/06/12 02:49:53 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2004/08/09 17:08:24 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/03/25 10:38:00 | 001,100,288 | ---- | M] () -- C:\cygcrypto-0.9.8.dll
[2008/06/12 10:35:00 | 001,872,884 | ---- | M] (Red Hat) -- C:\cygwin1.dll
[2009/03/01 18:42:00 | 000,066,048 | ---- | M] () -- C:\cygz.dll
[2004/08/09 17:08:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2004/08/10 14:43:33 | 000,000,835 | -H-- | M] () -- C:\IPH.PH
[2010/06/10 06:44:50 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2004/08/09 17:08:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2005/11/12 14:00:00 | 000,344,064 | ---- | M] (Microsoft Corporation) -- C:\msvcr70.dll
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/18 06:17:14 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2008/04/23 17:54:02 | 059,473,816 | ---- | M] () -- C:\OurFunVacation.mpg
[2008/04/23 17:54:06 | 000,000,619 | ---- | M] () -- C:\OurFunVacation.mpg.scn
[2010/06/13 15:48:57 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/06/11 20:38:25 | 000,000,377 | ---- | M] () -- C:\rkill.log
[2010/06/12 03:27:34 | 000,038,192 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_12.06.2010_03.27.19_log.txt
[2010/06/12 15:36:41 | 000,037,256 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_12.06.2010_15.36.28_log.txt
[2010/06/12 15:44:40 | 000,037,278 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_12.06.2010_15.44.26_log.txt
[2010/06/12 15:56:09 | 000,037,256 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_12.06.2010_15.55.56_log.txt
[2010/06/12 16:17:49 | 000,037,256 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_12.06.2010_16.17.37_log.txt
[2007/10/01 22:02:00 | 000,053,248 | ---- | M] () -- C:\wzcook.exe

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2001/12/13 00:01:00 | 000,027,836 | ---- | M] (Brother Industries ,Ltd ) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\BRPP2KA.DLL
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/09 09:58:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/09 09:58:00 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/09 09:58:00 | 000,880,640 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\aircrack-ng.exe:SummaryInformation
@Alternate Data Stream - 12 bytes -> C:\WINDOWS\system32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}
< End of report >

Extras:

OTL Extras logfile created on: 6/13/2010 4:15:20 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\JeremyNew\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 40.89 Gb Free Space | 36.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: -
Current User Name: JeremyNew
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe (Macromedia, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.com [@ = comfile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
jsfile [open] -- "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Program Files\Final Draft 7\Final Draft.exe" = C:\Program Files\Final Draft 7\Final Draft.exe:*:Enabled:Final Draft -- (Final Draft Inc.)
"C:\Program Files\FiSTiNG4FUN\Commview for Wifi\CommViewWiFi\WEPdecoder.exe" = C:\Program Files\FiSTiNG4FUN\Commview for Wifi\CommViewWiFi\WEPdecoder.exe:*:Enabled:WEP key recovery -- (TamoSoft)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:ĩTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI card Driver
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1485ABFA-12D7-4107-9148-54EE30CDBA67}" = Samsung USB Driver (MCCI 4.16)
"{262BF2CD-601D-4F43-919C-4B00B1D1F338}" = Boris Graffiti
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 20
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}" = TOSHIBA Console
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{49188E15-9B2E-4913-9107-A5D01821AC68}" = TouchPad On/Off Utility
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{5EB90C06-964F-4195-B83E-BD7E55C88415}" = Pinnacle Video Driver
"{68D368EE-F5AC-4402-BD45-B454B5453FE1}" = SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}" = Digital Voice Editor 3
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}" = Atheros Client Utility
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{78D62D17-D970-42DA-B8CF-5E5576293B33}" = Final Draft 7
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = Realtek Fast Ethernet Adapter Driver
"{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}" = Roxio Burn Engine
"{9AC200C3-A4C8-401C-A5A8-202BE888B165}" = TOSHIBA Fax Extension
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{AC76BA86-1033-F400-7760-000000000001}" = Adobe Acrobat 6.0 Professional - English, Franįais, Deutsch
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AD961D56-DCEE-415C-978C-62317C206826}" = Commview for Wifi
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{BA561482-C49D-4687-A61C-96236C1688F0}" = ArcSoft Software Suite
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}" = Pinnacle Instant DVD Recorder
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cb7d100f-d1e8-46d7-93fc-f5c838c928c4}" = Nero 9 Essentials
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
"{D1860E6E-520E-4380-8433-E58E8F88B473}" = Pinnacle Studio 12 Ultimate Plugins
"{D2A03D7A-5803-48DD-BA43-AAE5DED2CB19}" = TOSHIBA Hotkey Utility
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}" = Apple Application Support
"{E583ED6F-BD99-4066-A420-C815BF692B69}" = Macromedia Fireworks MX 2004
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EDF04509-B350-4EAB-BE77-5F2C87C33B35}_is1" = MPEG Video Wizard DVD 4.0.4.114 (06/2009)
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F16086C2-21CD-42CE-9EC8-2E5302D010B2}" = TOSHIBA Power Management Utility
"{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" = SMSC IrCC V5.1.3600.3 SP1
"{F69B66A8-61C9-424C-AFA1-7EC6093AC5AD}" = TOSHIBA Software Upgrades
"{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FC12A400-77D8-430A-90A6-3DC74DF78F55}" = I-Faker Desktop Pro
"Active@ KillDisk FREE Suite" = Active@ KillDisk FREE Suite
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe PageMaker 7.0" = Adobe PageMaker 7.0
"Alabaster" = Alabaster
"All ATI Software" = ATI - Software Uninstall Utility
"Allok Video to 3GP Converter_is1" = Allok Video to 3GP Converter 6.2.0603
"AT&T Connection Services Software" = AT&T Connection Services Manager
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"DVDGenie" = DVD Genie (remove only)
"ERUNT_is1" = ERUNT 1.1j
"EzButton" = Easy Button
"FrostWire" = FrostWire 4.17.0
"GenoPro" = GenoPro
"GenoPro Beta" = GenoPro Beta
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{1485ABFA-12D7-4107-9148-54EE30CDBA67}" = Samsung USB Driver (MCCI 4.16)
"InstallShield_{49188E15-9B2E-4913-9107-A5D01821AC68}" = TouchPad On/Off Utility
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"InstallShield_{68D368EE-F5AC-4402-BD45-B454B5453FE1}" = SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.2
"InstallShield_{D2A03D7A-5803-48DD-BA43-AAE5DED2CB19}" = TOSHIBA Hotkey Utility
"InstallShield_{F16086C2-21CD-42CE-9EC8-2E5302D010B2}" = TOSHIBA Power Management Utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Player - Codec Pack" = Media Player Codec Pack 3.9.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mpeg Video Wizard DVD" = MPEG Video Wizard DVD 4.0.4.111 (12/2008)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notebook_Maximizer" = Notebook Maximizer
"Ogg Codecs" = Ogg Codecs 0.81.15562
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"proDAD-Vitascene-1.0" = proDAD Vitascene 1.0
"RUNAWAY: A TWIST OF FATE (en)" = RUNAWAY: A TWIST OF FATE (English)
"Skype_is1" = Skype 2.5
"StreetPlugin" = Learn2 Player (Uninstall Only)
"TOSHIBA Access" = TOSHIBA Access
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"uTorrent" = ĩTorrent
"WavePad" = WavePad Sound Editor
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/16/2010 9:32:23 PM | Computer Name = - | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/22/2010 8:05:38 PM | Computer Name = - | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00009e32.

Error - 1/22/2010 8:05:47 PM | Computer Name = - | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 1/22/2010 8:08:42 PM | Computer Name = - | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/22/2010 8:08:48 PM | Computer Name = - | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 1/22/2010 8:12:11 PM | Computer Name = - | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00009e32.

Error - 1/22/2010 8:12:21 PM | Computer Name = - | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 1/22/2010 8:12:31 PM | Computer Name = - | Source = Application Error | ID = 1001
Description = Fault bucket 223121472.

Error - 1/22/2010 8:14:07 PM | Computer Name = - | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00009e32.

Error - 1/22/2010 8:14:10 PM | Computer Name = - | Source = Application Error | ID = 1001
Description = Fault bucket 1228329324.


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#2 SweetTech

  • Group: Moderator
  • Posts: 7,649
  • Joined: 28-April 09

Posted 13 June 2010 - 05:55 PM

Hello,

My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instruction that I give you.
    Reading too lightly will cause you to miss important steps, which could have destructive effects.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :)
    Because of this, you must reply within three days     failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 4 days) and you need an explanation. If that's the case, just send me a message to me on here. :)
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

    :Services
:OTL
SRV - File not found [On_Demand | Stopped] -- -- (Asynaeos)
DRV - [2010/06/11 20:39:03 | 000,054,016 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\afyd.sys -- (glcao)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:1038
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 1038
FF - prefs.js..network.proxy.type: 4
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [NDSTray.exe] File not found
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O33 - MountPoints2\{1c331bb1-4a79-11d9-aa25-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{1c331bb1-4a79-11d9-aa25-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1c331bb1-4a79-11d9-aa25-806d6172696f}\Shell\AutoRun\command - "" = D:\INSTALL.EXE -- File not found
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found
[2010/06/12 01:15:54 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Gtaviri.dat
[2010/06/12 01:04:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Hlazu.bin

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot]


  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.



NEXT:



Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Posted Image

  • Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now



NEXT:



Please make sure you include the following items in your next post:
1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The log that is produced after running the OTL Fix.
3. The log that is produced after running the ComboFix scan.
4. An update on how your computer is currently running.


It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

#3 NeoLux

  • Group: Member
  • Posts: 5
  • Joined: 13-June 10

Posted 13 June 2010 - 06:59 PM

Hi, SweetTech --

(1) Thank you so enormously for your ultra-valuable help, my friend! I deeply appreciate your time and your wisdom.

In CliffsNotes summary, the Google Redirect problem went away after I ran your OTL fix! :-D I'm still sending you everything you asked for in case you see anything else that we should fix!


(2) OTL

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Service Asynaeos stopped successfully!
Service Asynaeos deleted successfully!
Service glcao stopped successfully!
Service glcao deleted successfully!
C:\WINDOWS\system32\drivers\afyd.sys moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 1038 removed from network.proxy.http_port
Prefs.js: 4 removed from network.proxy.type
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NDSTray.exe deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\turbotax.com\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c331bb1-4a79-11d9-aa25-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c331bb1-4a79-11d9-aa25-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c331bb1-4a79-11d9-aa25-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c331bb1-4a79-11d9-aa25-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c331bb1-4a79-11d9-aa25-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c331bb1-4a79-11d9-aa25-806d6172696f}\ not found.
File D:\INSTALL.EXE not found.
Registry key HKEY_CURRENT_USER\Software\Classes\.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\comfile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.com\\|comfile /E : value set successfully!
C:\WINDOWS\Gtaviri.dat moved successfully.
C:\WINDOWS\Hlazu.bin moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jeremy

User: JeremyNew
->Temp folder emptied: 53691655 bytes
->Temporary Internet Files folder emptied: 53558328 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3856605 bytes
->Apple Safari cache emptied: 53449 bytes
->Flash cache emptied: 1871 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 71472 bytes
->Temporary Internet Files folder emptied: 383555 bytes
->Flash cache emptied: 3823 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 174760 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 29308943 bytes

Total Files Cleaned = 135.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: Jeremy

User: JeremyNew
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.6.0 log created on 06132010_170210

Files\Folders moved on Reboot...
C:\Documents and Settings\JeremyNew\Local Settings\Temporary Internet Files\Content.IE5\NVB7VJ9B\iframe[3].htm moved successfully.
C:\Documents and Settings\JeremyNew\Local Settings\Temporary Internet Files\Content.IE5\DOBLRDV1\Google-Redirect-lingering-after-Defense-Center-removal-t279447[2].html moved successfully.

Registry entries deleted on Reboot...


(3) ComboFix

ComboFix 10-06-13.01 - JeremyNew 06/13/2010 17:31:00.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1407.959 [GMT -7:00]
Running from: c:\documents and settings\JeremyNew\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\JeremyNew\GoToAssistDownloadHelper.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4


((((((((((((((((((((((((( Files Created from 2010-05-14 to 2010-06-14 )))))))))))))))))))))))))))))))
.

2010-06-14 00:02 . 2010-06-14 00:02 -------- d-----w- C:\_OTL
2010-06-12 23:30 . 2010-05-21 21:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-06-12 10:34 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-12 10:19 . 2010-06-12 10:19 -------- d-----w- C:\_OTM
2010-06-12 10:04 . 2010-06-12 10:04 -------- d-----w- c:\documents and settings\JeremyNew\Application Data\SUPERAntiSpyware.com
2010-06-12 10:04 . 2010-06-12 10:04 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-12 10:02 . 2010-06-12 10:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-12 08:54 . 2010-06-12 08:54 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-06-12 08:44 . 2010-06-12 08:45 -------- d-----w- c:\program files\ERUNT
2010-06-12 08:22 . 2010-04-13 00:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-10 10:03 . 2010-06-11 17:59 -------- d-----w- c:\documents and settings\JeremyNew\Local Settings\Application Data\dpevcaity
2010-06-10 10:02 . 2010-06-11 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-06-04 10:00 . 2010-06-04 10:00 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-05-28 06:20 . 2010-05-29 00:00 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-12 10:30 . 2010-06-12 10:30 63488 ----a-w- c:\documents and settings\JeremyNew\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-12 10:30 . 2010-06-12 10:30 52224 ----a-w- c:\documents and settings\JeremyNew\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-12 10:30 . 2010-06-12 10:30 117760 ----a-w- c:\documents and settings\JeremyNew\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-12 10:28 . 2004-08-09 23:26 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2010-06-12 08:22 . 2010-06-12 08:22 503808 ----a-w- c:\documents and settings\JeremyNew\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-120df49f-n\msvcp71.dll
2010-06-12 08:22 . 2010-06-12 08:22 499712 ----a-w- c:\documents and settings\JeremyNew\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-120df49f-n\jmc.dll
2010-06-12 08:22 . 2010-06-12 08:22 348160 ----a-w- c:\documents and settings\JeremyNew\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-120df49f-n\msvcr71.dll
2010-06-12 08:22 . 2010-06-12 08:22 61440 ----a-w- c:\documents and settings\JeremyNew\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-263f58b5-n\decora-sse.dll
2010-06-12 08:22 . 2010-06-12 08:22 12800 ----a-w- c:\documents and settings\JeremyNew\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-263f58b5-n\decora-d3d.dll
2010-06-12 08:22 . 2004-08-13 17:54 -------- d-----w- c:\program files\Java
2010-06-12 07:15 . 2010-03-03 10:34 0 ----a-w- c:\documents and settings\JeremyNew\Local Settings\Application Data\prvlcl.dat
2010-06-10 13:44 . 2009-10-22 18:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-10 10:06 . 2010-01-24 05:29 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-02 19:46 . 2010-05-07 21:01 -------- d-----w- c:\documents and settings\JeremyNew\Application Data\Skype
2010-05-30 05:11 . 2008-09-18 08:01 -------- d-----w- c:\documents and settings\JeremyNew\Application Data\FrostWire
2010-05-28 06:30 . 2004-08-10 22:34 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-28 06:23 . 2010-05-28 06:23 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-05-08 02:44 . 2010-05-08 02:44 57792 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-07 21:01 . 2010-05-07 21:01 -------- d-----w- c:\program files\Skype
2010-05-06 10:41 . 2004-08-09 23:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-09 23:28 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 22:39 . 2009-10-22 18:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2009-10-22 18:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-22 21:12 . 2008-09-18 08:01 -------- d-----w- c:\documents and settings\JeremyNew\Application Data\Apple Computer
2010-04-22 21:11 . 2010-04-22 21:11 -------- d-----w- c:\program files\Safari
2010-04-22 21:10 . 2010-04-22 21:09 -------- d-----w- c:\program files\QuickTime
2010-04-22 21:09 . 2010-04-22 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-04-22 21:08 . 2010-04-22 21:08 -------- d-----w- c:\program files\Common Files\Apple
2010-04-22 21:08 . 2010-04-22 21:08 -------- d-----w- c:\program files\Apple Software Update
2010-04-22 21:08 . 2010-04-22 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-04-22 00:34 . 2010-04-22 00:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Pendulo Studios
2010-04-21 12:53 . 2010-04-21 12:53 -------- d-----w- c:\program files\Pendulo Studios
2010-04-20 05:30 . 2004-08-09 23:26 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-20 03:37 . 2010-04-19 22:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle Studio Ultimate
2010-04-20 00:14 . 2010-04-20 00:14 -------- d-----w- c:\documents and settings\JeremyNew\Application Data\DivX
2010-04-19 23:39 . 2008-09-18 05:54 76080 ----a-w- c:\documents and settings\JeremyNew\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-19 22:38 . 2010-04-19 22:38 -------- d-----w- c:\documents and settings\JeremyNew\Application Data\proDAD
2010-04-19 22:38 . 2010-04-19 22:38 -------- d-----w- c:\program files\proDAD
2010-04-19 22:37 . 2010-04-19 22:36 -------- d-----w- c:\program files\Boris FX, Inc
2010-04-19 22:36 . 2004-08-10 20:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-19 22:35 . 2010-04-19 22:21 -------- d-----w- c:\program files\Pinnacle
2010-04-19 22:32 . 2010-04-19 22:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle
2010-04-19 22:31 . 2010-04-19 22:31 29926 ----a-r- c:\documents and settings\JeremyNew\Application Data\Microsoft\Installer\{5EB90C06-964F-4195-B83E-BD7E55C88415}\ARPPRODUCTICON.exe
2010-04-19 22:30 . 2010-04-19 22:30 -------- d-----w- c:\program files\Common Files\Pinnacle
2010-04-19 22:21 . 2010-04-19 22:21 -------- d-----w- c:\program files\Common Files\Yahoo!
2010-04-19 22:21 . 2010-04-19 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Studio 12
2010-04-19 22:21 . 2010-04-19 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle Studio Plus
2010-04-19 12:02 . 2010-04-04 23:03 -------- d-----w- c:\documents and settings\JeremyNew\Application Data\uTorrent
2010-04-13 20:04 . 2010-04-12 22:12 664 ----a-w- c:\windows\system32\d3d9caps.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-07 2403568]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2004-06-14 638976]
"CeEPOWER"="c:\program files\TOSHIBA\Power Management\CePMTray.exe" [2004-08-20 135168]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2004-03-15 53248]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-22 335872]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 88363]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-30 192512]
"EzButton"="c:\program files\EzButton\EzButton.EXE" [2004-05-14 712704]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 1089589]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2003-10-20 159744]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-1 113664]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2004-8-10 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Final Draft 7\\Final Draft.exe"=
"c:\\Program Files\\FiSTiNG4FUN\\Commview for Wifi\\CommViewWiFi\\WEPdecoder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R3 TS_AR5416;[CommView] Atheros AR5008 Wireless Network Adapter Service;c:\windows\system32\drivers\ts_athw.sys [2/7/2010 9:49 PM 1351104]
S2 mrtRate;mrtRate; [x]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [11/2/2008 7:29 PM 39048]
S3 mercury;mercury;\??\c:\windows\system32\mercury.sys --> c:\windows\system32\mercury.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-06-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-10 01:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\JeremyNew\Application Data\Mozilla\Firefox\Profiles\z8kam7zy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.http -
FF - prefs.js: network.proxy.http_port -
FF - prefs.js: network.proxy.type -
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys
MSConfigStartUp-skb - dpkgtceo.dll
MSConfigStartUp-Tvakanedevacu - c:\windows\vsersdb.dll
AddRemove-DVDGenie - c:\program files\DVD Genie\uninst-dvdgenie.exe
AddRemove-GenoPro Beta - c:\program files\GenoPro Beta\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-13 17:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3516)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\ACS.exe
c:\windows\system32\brss01a.exe
c:\program files\Toshiba\Power Management\CeEPwrSvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\toshiba\Ivp\Swupdate\swupdtmr.exe
c:\windows\system32\wscntfy.exe
c:\windows\AGRSMMSG.exe
c:\program files\Apoint2K\Apntex.exe
.
**************************************************************************
.
Completion time: 2010-06-13 17:46:05 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-14 00:46

Pre-Run: 43,945,885,696 bytes free
Post-Run: 43,844,726,784 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 88CAD4BB2421A49BD15BFB7A60BFEC98


(4) As I said before, the Google Redirect issue is gone, and nothing else unexpected has popped up in the past five minutes. :-)

With all my deepest thanks,

NeoLux

#4 SweetTech

  • Group: Moderator
  • Posts: 7,649
  • Joined: 28-April 09

Posted 13 June 2010 - 07:07 PM

Hello,

The reason you were being redirected was because your host files were hijacked. I'd like for you to do a few more scans for me to make sure that nothing else is hiding anywhere else.


ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
Folder::
c:\documents and settings\JeremyNew\Local Settings\Application Data\dpevcaity

Driver::
mrtRate


Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware

  • Select the Update tab

  • Click Check for Updates

  • After the update have been completed, Select the Scanner tab.

  • Select Perform quick scan, then click on Scan

  • Leave the default options as it is and click on Start Scan

  • When done, you will be prompted. Click OK, then click on Show Results

  • Checked (ticked) all items and click on Remove Selected

  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.


  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.

  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image



NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following bolded text into the Posted Image textbox.


    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /180
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll


  • Push Posted Image
  • A report will open. Copy and Paste that report in your next reply.




NEXT:


Please make sure you include the following items in your next post:
1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The log that was produced after running the ComboFix scan.
3. The log that was produced after running the updated MalwareBytes' Anti-Malware scan.
4. The log that was produced after running the ESET Online Virus Scanner.
5. The log that was produced after running the OTL scan.
6. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Cheers,
SweetTech.

#5 NeoLux

  • Group: Member
  • Posts: 5
  • Joined: 13-June 10

Posted 14 June 2010 - 02:49 AM

Hi, SweetTech --

(1) Thank you so much for your assistance, sir! Ha, it looks like ESET found a few trojans--I'm including everything for you in the logs below. :-)

(2) ComboFix

ComboFix 10-06-13.01 - JeremyNew 06/13/2010 18:14:20.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1407.944 [GMT -7:00]
Running from: c:\documents and settings\JeremyNew\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\JeremyNew\Desktop\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\JeremyNew\Local Settings\Application Data\dpevcaity

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MRTRATE
-------\Service_mrtRate


((((((((((((((((((((((((( Files Created from 2010-05-14 to 2010-06-14 )))))))))))))))))))))))))))))))
.

2010-06-14 00:02 . 2010-06-14 00:02 -------- d-----w- C:\_OTL
2010-06-12 23:30 . 2010-05-21 21:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-06-12 10:34 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-12 10:19 . 2010-06-12 10:19 -------- d-----w- C:\_OTM
2010-06-12 10:04 . 2010-06-12 10:04 -------- d-----w- c:\documents and settings\JeremyNew\Application Data\SUPERAntiSpyware.com
2010-06-12 10:04 . 2010-06-12 10:04 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-12 10:02 . 2010-06-12 10:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-12 08:54 . 2010-06-12 08:54 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-06-12 08:44 . 2010-06-12 08:45 -------- d-----w- c:\program files\ERUNT
2010-06-12 08:22 . 2010-04-13 00:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-10 10:02 . 2010-06-11 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-06-04 10:00 . 2010-06-04 10:00 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-05-28 06:20 . 2010-05-29 00:00 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-12 10:30 . 2010-06-12 10:30 63488 ----a-w- c:\documents and settings\JeremyNew\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-12 10:30 . 2010-06-12 10:30 52224 ----a-w- c:\documents and settings\JeremyNew\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-12 10:30 . 2010-06-12 10:30 117760 ----a-w- c:\documents and settings\JeremyNew\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-12 10:28 . 2004-08-09 23:26 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2010-06-12 08:22 . 2010-06-12 08:22 503808 ----a-w- c:\documents and settings\JeremyNew\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-120df49f-n\msvcp71.dll
2010-06-12 08:22 . 2010-06-12 08:22 499712 ----a-w- c:\documents and settings\JeremyNew\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-120df49f-n\jmc.dll
2010-06-12 08:22 . 2010-06-12 08:22 348160 ----a-w- c:\documents and settings\JeremyNew\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-120df49f-n\msvcr71.dll
2010-06-12 08:22 . 2010-06-12 08:22 61440 ----a-w- c:\documents and settings\JeremyNew\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-263f58b5-n\decora-sse.dll
2010-06-12 08:22 . 2010-06-12 08:22 12800 ----a-w- c:\documents and settings\JeremyNew\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-263f58b5-n\decora-d3d.dll
2010-06-12 08:22 . 2004-08-13 17:54 -------- d-----w- c:\program files\Java
2010-06-12 07:15 . 2010-03-03 10:34 0 ----a-w- c:\documents and settings\JeremyNew\Local Settings\Application Data\prvlcl.dat
2010-06-10 13:44 . 2009-10-22 18:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-10 10:06 . 2010-01-24 05:29 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-02 19:46 . 2010-05-07 21:01 -------- d-----w- c:\documents and settings\JeremyNew\Application Data\Skype
2010-05-30 05:11 . 2008-09-18 08:01 -------- d-----w- c:\documents and settings\JeremyNew\Application Data\FrostWire
2010-05-28 06:30 . 2004-08-10 22:34 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-28 06:23 . 2010-05-28 06:23 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-05-08 02:44 . 2010-05-08 02:44 57792 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-07 21:01 . 2010-05-07 21:01 -------- d-----w- c:\program files\Skype
2010-05-06 10:41 . 2004-08-09 23:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-09 23:28 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 22:39 . 2009-10-22 18:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2009-10-22 18:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-22 21:12 . 2008-09-18 08:01 -------- d-----w- c:\documents and settings\JeremyNew\Application Data\Apple Computer
2010-04-22 21:11 . 2010-04-22 21:11 -------- d-----w- c:\program files\Safari
2010-04-22 21:10 . 2010-04-22 21:09 -------- d-----w- c:\program files\QuickTime
2010-04-22 21:09 . 2010-04-22 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-04-22 21:08 . 2010-04-22 21:08 -------- d-----w- c:\program files\Common Files\Apple
2010-04-22 21:08 . 2010-04-22 21:08 -------- d-----w- c:\program files\Apple Software Update
2010-04-22 21:08 . 2010-04-22 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-04-22 00:34 . 2010-04-22 00:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Pendulo Studios
2010-04-21 12:53 . 2010-04-21 12:53 -------- d-----w- c:\program files\Pendulo Studios
2010-04-20 05:30 . 2004-08-09 23:26 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-20 03:37 . 2010-04-19 22:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle Studio Ultimate
2010-04-20 00:14 . 2010-04-20 00:14 -------- d-----w- c:\documents and settings\JeremyNew\Application Data\DivX
2010-04-19 23:39 . 2008-09-18 05:54 76080 ----a-w- c:\documents and settings\JeremyNew\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-19 22:38 . 2010-04-19 22:38 -------- d-----w- c:\documents and settings\JeremyNew\Application Data\proDAD
2010-04-19 22:38 . 2010-04-19 22:38 -------- d-----w- c:\program files\proDAD
2010-04-19 22:37 . 2010-04-19 22:36 -------- d-----w- c:\program files\Boris FX, Inc
2010-04-19 22:36 . 2004-08-10 20:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-19 22:35 . 2010-04-19 22:21 -------- d-----w- c:\program files\Pinnacle
2010-04-19 22:32 . 2010-04-19 22:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle
2010-04-19 22:31 . 2010-04-19 22:31 29926 ----a-r- c:\documents and settings\JeremyNew\Application Data\Microsoft\Installer\{5EB90C06-964F-4195-B83E-BD7E55C88415}\ARPPRODUCTICON.exe
2010-04-19 22:30 . 2010-04-19 22:30 -------- d-----w- c:\program files\Common Files\Pinnacle
2010-04-19 22:21 . 2010-04-19 22:21 -------- d-----w- c:\program files\Common Files\Yahoo!
2010-04-19 22:21 . 2010-04-19 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Studio 12
2010-04-19 22:21 . 2010-04-19 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle Studio Plus
2010-04-19 12:02 . 2010-04-04 23:03 -------- d-----w- c:\documents and settings\JeremyNew\Application Data\uTorrent
2010-04-13 20:04 . 2010-04-12 22:12 664 ----a-w- c:\windows\system32\d3d9caps.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-07 2403568]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2004-06-14 638976]
"CeEPOWER"="c:\program files\TOSHIBA\Power Management\CePMTray.exe" [2004-08-20 135168]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2004-03-15 53248]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-22 335872]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 88363]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-30 192512]
"EzButton"="c:\program files\EzButton\EzButton.EXE" [2004-05-14 712704]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 1089589]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2003-10-20 159744]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-1 113664]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2004-8-10 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Final Draft 7\\Final Draft.exe"=
"c:\\Program Files\\FiSTiNG4FUN\\Commview for Wifi\\CommViewWiFi\\WEPdecoder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R3 TS_AR5416;[CommView] Atheros AR5008 Wireless Network Adapter Service;c:\windows\system32\drivers\ts_athw.sys [2/7/2010 9:49 PM 1351104]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [11/2/2008 7:29 PM 39048]
S3 mercury;mercury;\??\c:\windows\system32\mercury.sys --> c:\windows\system32\mercury.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-06-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-10 01:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\JeremyNew\Application Data\Mozilla\Firefox\Profiles\z8kam7zy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.http -
FF - prefs.js: network.proxy.http_port -
FF - prefs.js: network.proxy.type -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-13 18:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(644)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2020)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\ACS.exe
c:\windows\system32\brss01a.exe
c:\program files\Toshiba\Power Management\CeEPwrSvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\toshiba\Ivp\Swupdate\swupdtmr.exe
c:\windows\system32\wscntfy.exe
c:\windows\AGRSMMSG.exe
c:\program files\Apoint2K\Apntex.exe
.
**************************************************************************
.
Completion time: 2010-06-13 18:28:42 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-14 01:28
ComboFix2.txt 2010-06-14 00:46

Pre-Run: 43,828,899,840 bytes free
Post-Run: 43,833,409,536 bytes free

- - End Of File - - BFC4A48C99D9B360D043A20E3E96F58E



(3) MBAM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4195

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/13/2010 6:40:16 PM
mbam-log-2010-06-13 (18-40-16).txt

Scan type: Quick scan
Objects scanned: 133064
Time elapsed: 7 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



(4) ESET

C:\Documents and Settings\JeremyNew\Desktop\Everything on the Desktop\stats\ac\bin\airodump-ng.exe probably a variant of Win32/Agent trojan
C:\Documents and Settings\JeremyNew\Desktop\TurboTax 2009 Home & Business + eFile\setup.exe probably a variant of Win32/TrojanClicker.Agent trojan
C:\Documents and Settings\JeremyNew\Local Settings\Application Data\Identities\{A2D18F0A-A73D-4174-B402-64127818E88A}\Microsoft\Outlook Express\Deleted Items.dbx HTML/Phishing.gen trojan
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP511\A0274764.exe Win32/Agent.QTP trojan
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP526\A0276828.exe Win32/Toolbar.AskSBar application
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP572\A0295424.sys a variant of Win32/Rootkit.Kryptik.AZ trojan
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP575\A0295747.exe Win32/Adware.Lifze.J application
C:\System Volume Information\_restore{AA6C8498-140E-441D-9DDE-0826BE9E5F33}\RP575\A0295748.exe Win32/Adware.Lifze.J application

(5) OTL

OTL logfile created on: 6/14/2010 12:44:18 AM - Run 2
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\JeremyNew\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 40.73 Gb Free Space | 36.44% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: -
Current User Name: JeremyNew
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/13 02:28:40 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JeremyNew\Desktop\OTL.exe
PRC - [2010/02/21 05:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/07/20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/04/13 17:12:28 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/19 18:14:28 | 000,135,168 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\Toshiba\Power Management\CePMTray.exe
PRC - [2004/07/07 15:16:24 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2004/06/23 05:07:58 | 000,036,960 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
PRC - [2004/06/16 16:44:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2004/06/14 05:00:08 | 000,638,976 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\Toshiba\E-KEY\CeEKey.exe
PRC - [2004/05/14 10:29:50 | 000,712,704 | ---- | M] (Dritek System Inc.) -- C:\Program Files\EzButton\EzButton.EXE
PRC - [2004/05/13 14:46:02 | 000,053,248 | ---- | M] () -- c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
PRC - [2004/03/14 20:17:54 | 000,053,248 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\Toshiba\TouchPad\TPTray.exe
PRC - [2004/02/03 14:47:06 | 001,089,589 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\Touch and Launch\PadExe.exe
PRC - [2003/10/20 09:39:26 | 000,159,744 | ---- | M] (TOSHIBA Corporation) -- C:\Toshiba\Ivp\ISM\pinger.exe
PRC - [2003/09/05 03:24:46 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2003/05/23 13:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2003/03/14 11:38:12 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2001/12/13 00:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\BRSS01A.EXE


========== Modules (SafeList) ==========

MOD - [2010/06/13 02:28:40 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JeremyNew\Desktop\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/07/20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/10/05 01:48:37 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2004/07/07 15:16:24 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2004/06/23 05:07:58 | 000,036,960 | ---- | M] (COMPAL ELECTRONIC INC.) [Auto | Running] -- C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe -- (CeEPwrSvc)
SRV - [2004/06/16 16:44:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/05/13 14:46:02 | 000,053,248 | ---- | M] () [Auto | Running] -- c:\Toshiba\Ivp\Swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2003/05/23 13:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2003/04/01 23:08:30 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\IcdSptSv.exe -- (ICDSPTSV)
SRV - [2001/11/23 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Stopped] -- C:\WINDOWS\system32\BRSVC01A.EXE -- (Brother XP spl Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/06/03 23:05:00 | 001,570,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/05/07 20:57:48 | 001,351,104 | ---- | M] (TamoSoft) [CommView] Atheros AR5008 Wireless Network Adapter Service [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ts_athw.sys -- (TS_AR5416)
DRV - [2008/01/21 13:58:46 | 000,558,624 | ---- | M] (TamoSoft) [CommView] Atheros Wireless Network Adapter Service [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007/03/07 16:51:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/03/07 16:51:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/09/23 23:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2004/09/02 15:51:08 | 000,004,224 | ---- | M] (Compal Electronic Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hkdrv.sys -- (EPOWER)
DRV - [2004/08/19 14:03:08 | 000,005,248 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ECioctl.sys -- (SrvcEPECioctl)
DRV - [2004/08/10 13:55:11 | 000,015,890 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/08/03 15:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/07/30 15:05:08 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSIOMngr.sys -- (SrvcSSIOMngr)
DRV - [2004/07/30 15:05:06 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPIOMngr.sys -- (SrvcTPIOMngr)
DRV - [2004/07/30 15:05:04 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EPIOMngr.sys -- (SrvcEPIOMngr)
DRV - [2004/07/30 15:05:04 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EKIOMngr.sys -- (SrvcEKIOMngr)
DRV - [2004/07/12 13:48:08 | 000,036,480 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2004/07/12 13:48:02 | 000,330,624 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2004/06/25 10:37:22 | 000,058,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2004/06/21 16:53:20 | 000,626,204 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/05/08 20:38:06 | 000,101,833 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/04/21 23:11:06 | 000,729,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/02/24 11:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2004/02/20 15:00:44 | 001,265,388 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/01/30 10:32:32 | 000,090,480 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2004/01/12 17:05:58 | 000,017,497 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2003/10/15 17:48:00 | 000,082,576 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2003/10/15 17:48:00 | 000,006,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2003/10/15 17:47:00 | 000,051,040 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2003/09/19 15:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/08/13 15:27:22 | 000,065,280 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003/06/11 08:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2003/04/23 15:06:40 | 000,013,174 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atisgkaf.sys -- (caboagp)
DRV - [2003/01/29 14:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/11/28 22:23:24 | 000,039,048 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IcdUsb2.sys -- (ICDUSB2) Sony IC Recorder (P)
DRV - [2001/08/17 05:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.type: ""

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/22 15:31:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/12 01:22:32 | 000,000,000 | ---D | M]

[2010/04/19 22:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeremyNew\Application Data\Mozilla\Extensions
[2010/06/12 19:10:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeremyNew\Application Data\Mozilla\Firefox\Profiles\z8kam7zy.default\extensions
[2010/04/21 21:43:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\JeremyNew\Application Data\Mozilla\Firefox\Profiles\z8kam7zy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/12 19:10:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/12 01:22:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/06/13 18:21:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [CeEKEY] C:\Program Files\Toshiba\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [CeEPOWER] C:\Program Files\Toshiba\Power Management\CePMTray.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PadTouch] C:\Program Files\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPNF] C:\Program Files\Toshiba\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\JeremyNew\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\JeremyNew\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/09 17:08:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/09 17:07:46 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2010/06/13 19:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/06/13 18:18:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/06/13 18:13:24 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/06/13 17:28:14 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/13 17:24:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/13 17:24:34 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/13 17:24:34 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/13 17:24:34 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/13 17:23:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/13 17:02:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/13 02:28:40 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JeremyNew\Desktop\OTL.exe
[2010/06/12 16:30:55 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/06/12 15:35:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JeremyNew\Desktop\GooredFix Backups
[2010/06/12 15:35:14 | 000,070,858 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\JeremyNew\Desktop\GooredFix.exe
[2010/06/12 03:34:20 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/06/12 03:21:30 | 000,998,736 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\JeremyNew\Desktop\123awesome.exe
[2010/06/12 03:19:01 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/06/12 03:16:20 | 000,518,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JeremyNew\Desktop\OTM.exe
[2010/06/12 03:04:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JeremyNew\Application Data\SUPERAntiSpyware.com
[2010/06/12 03:04:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/06/12 03:02:56 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/06/12 02:44:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/06/12 01:54:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/06/12 01:45:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/12 01:44:00 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/12 01:23:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/06/12 01:22:32 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/06/12 01:22:32 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/06/12 01:22:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/06/12 01:22:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/06/12 00:23:56 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JeremyNew\Desktop\TFC.exe
[2010/06/10 03:31:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/10 03:31:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/10 03:02:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Update
[2010/05/27 23:20:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/05/18 19:06:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JeremyNew\My Documents\My Skype Content
[2004/08/19 14:00:02 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\ECioctl.dll

========== Files - Modified Within 30 Days ==========

[2010/06/13 18:26:10 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/06/13 18:21:26 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/13 18:21:03 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/13 18:20:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/13 18:20:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/13 18:19:18 | 009,437,184 | ---- | M] () -- C:\Documents and Settings\JeremyNew\NTUSER.DAT
[2010/06/13 18:19:18 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\JeremyNew\ntuser.ini
[2010/06/13 17:28:21 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/06/13 17:21:34 | 003,707,422 | R--- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\ComboFix.exe
[2010/06/13 02:28:40 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JeremyNew\Desktop\OTL.exe
[2010/06/12 17:32:00 | 000,243,474 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\wk3_04a_10.02.15_HOW_TO_REHEARSE.pdf
[2010/06/12 17:29:27 | 009,323,248 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\wk3_02_15_SECOND_PRINCIPLE.pdf
[2010/06/12 15:35:18 | 000,070,858 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\JeremyNew\Desktop\GooredFix.exe
[2010/06/12 14:49:41 | 000,259,048 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/12 04:21:48 | 000,000,649 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/12 04:20:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/12 04:06:33 | 000,508,318 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/12 04:06:33 | 000,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/12 04:06:33 | 000,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/12 03:42:00 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/06/12 03:16:20 | 000,518,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JeremyNew\Desktop\OTM.exe
[2010/06/12 03:15:10 | 000,000,103 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\fix.reg
[2010/06/12 03:03:01 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/06/12 02:49:53 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/06/12 02:06:53 | 000,000,073 | ---- | M] () -- C:\WINDOWS\data6.set
[2010/06/12 02:04:00 | 002,643,702 | -H-- | M] () -- C:\Documents and Settings\JeremyNew\Local Settings\Application Data\IconCache.db
[2010/06/12 01:54:20 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/06/12 01:53:23 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/12 01:44:07 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\NTREGOPT.lnk
[2010/06/12 01:44:07 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\ERUNT.lnk
[2010/06/12 00:23:56 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JeremyNew\Desktop\TFC.exe
[2010/06/12 00:15:02 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Local Settings\Application Data\prvlcl.dat
[2010/06/12 00:12:49 | 000,062,382 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\wk3_06_IN_THE_LOOP.pdf
[2010/06/12 00:12:23 | 000,070,774 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\wk3_10c_10_SC4P_SHIT_MY_DAD_SAYS_Henry_Revised_(A.Rose).pdf
[2010/06/12 00:12:11 | 000,114,110 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\wk3_10b_10_SC1P_SHIT_MY_DAD_SAYS_full_script.pdf
[2010/06/12 00:12:05 | 000,021,954 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\wk3_10a_10_SC1P_SHIT_MY_DAD_SAYS_bd.pdf
[2010/06/11 16:58:37 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\rkill.com
[2010/06/11 16:55:00 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\rkill.exe
[2010/06/07 15:41:32 | 000,050,882 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\Anniversary Party Scene.pdf
[2010/06/03 04:12:35 | 000,109,182 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\wk2_09a_10_SC4P_UNTITLED_PETER_KNIGHT_Full_Script.pdf
[2010/06/03 04:12:29 | 000,048,318 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\wk2_09a_10_SC4P_UNTITLED_PETER_KNIGHT_Gracie_(K.Cassidy).pdf
[2010/06/03 04:12:16 | 000,034,830 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\wk2_08b_YOU_SEND_ME.pdf
[2010/06/03 04:12:12 | 000,033,883 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\wk2_08a_SUDDENLY_SUSAN.pdf
[2010/06/03 04:10:45 | 000,260,220 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\How_to_make_a_post_on_the_submissions_blog_5.pdf
[2010/05/31 10:41:00 | 000,998,736 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\JeremyNew\Desktop\123awesome.exe
[2010/05/29 22:09:13 | 000,020,582 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\stan_lee.jpg
[2010/05/29 22:08:06 | 000,021,799 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\sc0000b304.jpg
[2010/05/29 22:02:22 | 000,135,735 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\2481043297_1f12ed170a.jpg
[2010/05/29 22:01:17 | 000,008,396 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\stan-lees-autograph-paying-200X200.jpg
[2010/05/27 23:43:34 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/05/27 15:30:49 | 000,029,809 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\policySummary.xhtml
[2010/05/26 00:44:28 | 000,029,910 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\csi_greg_nobler.pdf
[2010/05/26 00:28:36 | 000,065,417 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\Conner.pdf
[2010/05/26 00:26:28 | 000,032,933 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\Jesse_Male_Teen.pdf
[2010/05/21 14:14:28 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/05/20 18:32:46 | 000,506,843 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\High School Confidential.pdf
[2010/05/19 17:54:40 | 000,090,708 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\Attachment_Agreement.pdf
[2010/05/18 21:03:18 | 000,022,021 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\744px-Flag_of_Zaire_svg.png
[2010/05/18 19:52:39 | 041,408,878 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\Go Your Own Way.mp4
[2010/05/18 19:45:45 | 025,692,766 | ---- | M] () -- C:\Documents and Settings\JeremyNew\Desktop\Lost in Translation.mp4

========== Files Created - No Company Name ==========

[2010/06/13 17:28:21 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/06/13 17:28:18 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/13 17:24:34 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/13 17:24:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/13 17:24:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/13 17:24:34 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/13 17:24:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/13 17:21:34 | 003,707,422 | R--- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\ComboFix.exe
[2010/06/13 02:53:31 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\gmer.exe
[2010/06/12 17:31:59 | 000,243,474 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\wk3_04a_10.02.15_HOW_TO_REHEARSE.pdf
[2010/06/12 17:28:51 | 009,323,248 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\wk3_02_15_SECOND_PRINCIPLE.pdf
[2010/06/12 03:15:09 | 000,000,103 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\fix.reg
[2010/06/12 03:03:01 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/06/12 01:59:51 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/06/12 01:54:19 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/06/12 01:44:07 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\NTREGOPT.lnk
[2010/06/12 01:44:07 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\ERUNT.lnk
[2010/06/12 01:39:01 | 000,000,073 | ---- | C] () -- C:\WINDOWS\data6.set
[2010/06/12 00:26:23 | 000,021,954 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\wk3_10a_10_SC1P_SHIT_MY_DAD_SAYS_bd.pdf
[2010/06/12 00:12:49 | 000,062,382 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\wk3_06_IN_THE_LOOP.pdf
[2010/06/12 00:12:23 | 000,070,774 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\wk3_10c_10_SC4P_SHIT_MY_DAD_SAYS_Henry_Revised_(A.Rose).pdf
[2010/06/12 00:12:11 | 000,114,110 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\wk3_10b_10_SC1P_SHIT_MY_DAD_SAYS_full_script.pdf
[2010/06/11 16:58:27 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\rkill.com
[2010/06/11 16:54:48 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\rkill.exe
[2010/06/07 15:36:55 | 000,050,882 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\Anniversary Party Scene.pdf
[2010/06/03 04:12:34 | 000,109,182 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\wk2_09a_10_SC4P_UNTITLED_PETER_KNIGHT_Full_Script.pdf
[2010/06/03 04:12:29 | 000,048,318 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\wk2_09a_10_SC4P_UNTITLED_PETER_KNIGHT_Gracie_(K.Cassidy).pdf
[2010/06/03 04:12:16 | 000,034,830 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\wk2_08b_YOU_SEND_ME.pdf
[2010/06/03 04:12:12 | 000,033,883 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\wk2_08a_SUDDENLY_SUSAN.pdf
[2010/06/03 04:11:06 | 000,260,220 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\How_to_make_a_post_on_the_submissions_blog_5.pdf
[2010/05/29 22:10:13 | 000,008,396 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\stan-lees-autograph-paying-200X200.jpg
[2010/05/29 22:09:58 | 000,021,799 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\sc0000b304.jpg
[2010/05/29 22:09:40 | 000,135,735 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\2481043297_1f12ed170a.jpg
[2010/05/29 22:09:27 | 000,020,582 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\stan_lee.jpg
[2010/05/27 23:31:01 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/05/27 15:30:49 | 000,029,809 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\policySummary.xhtml
[2010/05/26 00:44:28 | 000,029,910 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\csi_greg_nobler.pdf
[2010/05/26 00:31:47 | 000,065,417 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\Conner.pdf
[2010/05/26 00:31:36 | 000,032,933 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\Jesse_Male_Teen.pdf
[2010/05/20 18:32:46 | 000,506,843 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\High School Confidential.pdf
[2010/05/18 21:03:27 | 000,022,021 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\744px-Flag_of_Zaire_svg.png
[2010/05/18 19:52:39 | 041,408,878 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\Go Your Own Way.mp4
[2010/05/18 19:45:45 | 025,692,766 | ---- | C] () -- C:\Documents and Settings\JeremyNew\Desktop\Lost in Translation.mp4
[2010/04/19 15:37:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Graffiti5.2Pin.ini
[2010/03/02 17:00:00 | 004,555,278 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/03/02 17:00:00 | 001,449,935 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010/03/02 17:00:00 | 000,882,688 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/03/02 17:00:00 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2010/03/02 17:00:00 | 000,556,491 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/03/02 17:00:00 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010/03/02 17:00:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/03/02 17:00:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010/03/02 17:00:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010/03/02 17:00:00 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010/03/02 17:00:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010/03/02 17:00:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/03/02 17:00:00 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010/03/02 17:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010/03/02 17:00:00 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2010/03/02 17:00:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010/03/02 17:00:00 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/02/01 13:50:32 | 000,000,156 | ---- | C] () -- C:\WINDOWS\Kpcms.ini
[2010/02/01 13:50:10 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2009/11/14 11:37:08 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/11/14 11:33:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/11/14 11:11:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/11/14 11:11:42 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/11/14 11:11:42 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/11/14 11:11:40 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/11/14 11:11:40 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/11/14 11:11:38 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/11/14 11:11:32 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/11/14 11:11:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2009/07/06 02:13:24 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2009/07/06 02:13:24 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2009/06/07 09:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/02/05 08:22:29 | 000,000,026 | ---- | C] () -- C:\WINDOWS\FPKPMSV.INI
[2009/01/10 15:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008/11/06 09:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/02 19:33:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVEdit.INI
[2008/11/02 19:29:54 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SCapPro.INI
[2008/11/02 19:29:05 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\trc.dll
[2008/11/02 19:28:41 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dsp_trc.dll
[2008/11/02 19:28:41 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\IcdSptSvps.dll
[2008/10/05 01:51:46 | 000,000,040 | ---- | C] () -- C:\WINDOWS\RUNAWAY2.INI
[2008/09/19 23:59:01 | 000,000,058 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2008/09/19 23:59:01 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_1440.ini
[2008/09/19 23:59:00 | 000,000,447 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2008/09/19 23:58:59 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2008/09/19 23:58:58 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/09/18 02:45:17 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/09/17 11:34:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/09/17 11:34:22 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/10/13 02:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/01/26 02:04:12 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2007/01/26 02:04:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2004/08/19 14:03:08 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\ECioctl.sys
[2004/08/16 13:43:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CeEKey.INI
[2004/08/10 15:37:33 | 000,000,921 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/08/10 15:35:16 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/08/10 15:35:16 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/08/10 15:35:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/08/10 15:35:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/08/10 15:35:16 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/08/10 15:35:16 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/08/10 15:10:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2004/08/10 15:09:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CePMTray.INI
[2004/08/10 13:57:26 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2004/08/10 13:57:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2004/08/10 13:57:26 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2004/08/10 13:57:26 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2004/08/10 13:34:04 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/08/10 13:23:21 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2004/08/09 17:37:33 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\EMCRI.dll
[2004/08/09 17:17:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/09 17:12:23 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/09 17:04:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/09 16:32:25 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/04/21 22:58:26 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/05/14 18:06:22 | 010,023,933 | ---- | M] () -- C:\1.CAP
[2010/02/10 15:20:32 | 196,670,167 | ---- | M] () -- C:\10.CAP
[2010/02/10 15:26:16 | 098,176,462 | ---- | M] () -- C:\11.CAP
[2010/02/10 15:27:49 | 170,227,453 | ---- | M] () -- C:\12.CAP
[2010/05/14 01:31:49 | 010,023,933 | ---- | M] () -- C:\13.CAP
[2010/05/14 01:32:58 | 099,026,483 | ---- | M] () -- C:\14.CAP
[2010/05/14 01:34:37 | 074,839,324 | ---- | M] () -- C:\15.CAP
[2010/05/14 01:35:37 | 021,648,792 | ---- | M] () -- C:\16.CAP
[2010/05/14 01:36:54 | 100,833,828 | ---- | M] () -- C:\17.CAP
[2010/05/14 01:42:32 | 092,798,895 | ---- | M] () -- C:\18.CAP
[2010/05/12 19:56:39 | 139,348,838 | ---- | M] () -- C:\19.CAP
[2010/05/14 18:06:51 | 099,026,483 | ---- | M] () -- C:\2.CAP
[2010/05/12 19:11:38 | 099,239,089 | ---- | M] () -- C:\20.CAP
[2010/05/12 19:55:21 | 040,684,980 | ---- | M] () -- C:\21.CAP
[2010/05/12 19:21:21 | 261,799,901 | ---- | M] () -- C:\22.CAP
[2010/05/12 19:19:42 | 162,119,826 | ---- | M] () -- C:\23.CAP
[2010/05/12 19:17:38 | 063,087,002 | ---- | M] () -- C:\24.CAP
[2010/05/12 19:15:50 | 045,265,554 | ---- | M] () -- C:\25.CAP
[2010/05/12 19:14:10 | 242,848,345 | ---- | M] () -- C:\26.CAP
[2010/05/12 19:12:37 | 143,768,448 | ---- | M] () -- C:\27.CAP
[2010/02/08 16:48:08 | 097,755,755 | ---- | M] () -- C:\28.CAP
[2010/02/08 16:50:58 | 098,191,220 | ---- | M] () -- C:\29.CAP
[2010/05/14 18:07:35 | 173,865,783 | ---- | M] () -- C:\3.CAP
[2010/02/08 16:52:00 | 098,254,376 | ---- | M] () -- C:\30.CAP
[2010/02/08 16:54:16 | 098,214,040 | ---- | M] () -- C:\31.CAP
[2010/02/09 02:04:10 | 098,564,322 | ---- | M] () -- C:\32.CAP
[2010/02/09 02:05:32 | 183,741,523 | ---- | M] () -- C:\33.CAP
[2010/02/10 15:15:30 | 098,139,361 | ---- | M] () -- C:\34.CAP
[2010/02/10 15:16:49 | 116,770,602 | ---- | M] () -- C:\35.CAP
[2010/02/10 15:18:14 | 098,339,057 | ---- | M] () -- C:\36.CAP
[2010/05/12 19:57:43 | 238,532,363 | ---- | M] () -- C:\37.CAP
[2010/05/12 19:59:01 | 090,398,965 | ---- | M] () -- C:\38.CAP
[2010/05/14 18:07:59 | 021,648,792 | ---- | M] () -- C:\4.CAP
[2010/05/14 18:08:25 | 100,833,828 | ---- | M] () -- C:\5.CAP
[2010/05/14 18:08:41 | 100,833,828 | ---- | M] () -- C:\6.CAP
[2010/05/14 18:09:02 | 100,833,828 | ---- | M] () -- C:\7.CAP
[2010/05/14 18:09:12 | 021,641,631 | ---- | M] () -- C:\8.CAP
[2010/05/14 18:10:00 | 010,898,208 | ---- | M] () -- C:\9.CAP
[2010/02/09 02:38:34 | 001,754,724 | ---- | M] () -- C:\aircrack-ng.exe
[2004/08/09 17:08:24 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/06/12 02:49:53 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/06/13 17:28:21 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/06/13 18:28:42 | 000,016,232 | ---- | M] () -- C:\ComboFix.txt
[2004/08/09 17:08:24 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/03/25 10:38:00 | 001,100,288 | ---- | M] () -- C:\cygcrypto-0.9.8.dll
[2008/06/12 10:35:00 | 001,872,884 | ---- | M] (Red Hat) -- C:\cygwin1.dll
[2009/03/01 18:42:00 | 000,066,048 | ---- | M] () -- C:\cygz.dll
[2004/08/09 17:08:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2004/08/10 14:43:33 | 000,000,835 | -H-- | M] () -- C:\IPH.PH
[2010/06/10 06:44:50 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2004/08/09 17:08:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2005/11/12 14:00:00 | 000,344,064 | ---- | M] (Microsoft Corporation) -- C:\msvcr70.dll
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/18 06:17:14 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2008/04/23 17:54:02 | 059,473,816 | ---- | M] () -- C:\OurFunVacation.mpg
[2008/04/23 17:54:06 | 000,000,619 | ---- | M] () -- C:\OurFunVacation.mpg.scn
[2010/06/13 18:20:39 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/06/11 20:38:25 | 000,000,377 | ---- | M] () -- C:\rkill.log
[2010/06/12 03:27:34 | 000,038,192 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_12.06.2010_03.27.19_log.txt
[2010/06/12 15:36:41 | 000,037,256 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_12.06.2010_15.36.28_log.txt
[2010/06/12 15:44:40 | 000,037,278 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_12.06.2010_15.44.26_log.txt
[2010/06/12 15:56:09 | 000,037,256 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_12.06.2010_15.55.56_log.txt
[2010/06/12 16:17:49 | 000,037,256 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_12.06.2010_16.17.37_log.txt
[2007/10/01 22:02:00 | 000,053,248 | ---- | M] () -- C:\wzcook.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/09 09:58:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/09 09:58:00 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/09 09:58:00 | 000,880,640 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /180 >
[2010/06/12 03:28:41 | 000,138,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\afd.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 06:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2009/12/31 09:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
[2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2001/12/13 00:01:00 | 000,027,836 | ---- | M] (Brother Industries ,Ltd ) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\BRPP2KA.DLL
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\aircrack-ng.exe:SummaryInformation
@Alternate Data Stream - 12 bytes -> C:\WINDOWS\system32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}
< End of report >


(6) Everything seems to be running fine, as far as I can tell. And that is absolutely and 100% totally thanks to you and your genius, SweetTech! :-) Obviously there are still a few trojans that ESET found.

#6 SweetTech

  • Group: Moderator
  • Posts: 7,649
  • Joined: 28-April 09

Posted 14 June 2010 - 08:42 AM

Hello,

The ESET Online Scanner did find a few things. The majority of them being in the System Restore. We will address those items later. Your logs also indiciate that you have an infected e-mail in your Deleted Items folder of Outlook Express so we are going to empty your deleted items folder to get rid of it.


Please right click on the Deleted Items folder and click Empty 'Deleted Items' Folder.



NEXT:


Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

#7 NeoLux

  • Group: Member
  • Posts: 5
  • Joined: 13-June 10

Posted 14 June 2010 - 03:27 PM

Hi, SweetTech!

I deleted the Outlook items. Here's the Security Check log for you:

Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
Microsoft Security Essentials
Microsoft Security Essentialy successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ 6 Update 20
Java™ 6 Update 3
Java™ 6 Update 7
Java 2 Runtime Environment, SE v1.4.2_05
Out of date Java installed!
Adobe Flash Player 10.0.45.2
Adobe Reader 9.3.2
Mozilla Firefox (3.6.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
````````````````````````````````
DNS Vulnerability Check:
Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

``````````End of Log````````````

Thank you so enormously, my friend,

NeoLux

#8 SweetTech

  • Group: Moderator
  • Posts: 7,649
  • Joined: 28-April 09

Posted 14 June 2010 - 03:35 PM

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

#9 NeoLux

  • Group: Member
  • Posts: 5
  • Joined: 13-June 10

Posted 15 June 2010 - 09:37 AM

You got it, my brother! Thank you so immensely for your help!


JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Jun 15 08:29:57 2010

Found and removed: C:\Program Files\Java\j2re1.4.2_05

Found and removed: C:\Program Files\Java\jre1.6.0_03

Found and removed: C:\Program Files\Java\jre1.6.0_07

Found and removed: C:\Documents and Settings\JeremyNew\Application Data\Sun\Java\jre1.6.0_03

Found and removed: C:\Documents and Settings\JeremyNew\Application Data\Sun\Java\jre1.6.0_11

Found and removed: C:\Documents and Settings\JeremyNew\Application Data\Sun\Java\jre1.6.0_13

Found and removed: C:\Documents and Settings\JeremyNew\Application Data\Sun\Java\jre1.6.0_15

Found and removed: C:\Windows\Installer\{7148F0A8-6813-11D6-A77B-00B0D0142050}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Jun 15 08:33:39 2010

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7148F0A8-6813-11D6-A77B-00B0D0142050}

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F841731866D117AB7000B0D410205

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F841731866D117AB7000B0D410205

Found and removed: SOFTWARE\Classes\JavaPlugin.142_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.2_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4.2_05

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.4.2_05

Found and removed: Software\Classes\JavaPlugin.142_05

Found and removed: Software\Classes\JavaPlugin.160_03

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

Found and removed: Software\JavaSoft\Java2D\1.6.0_03

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACB9B14518A96D117A58000B0D410205

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070}

------------------------------------

Finished reporting.



JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Jun 15 08:35:46 2010

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

------------------------------------

Finished reporting.

#10 SweetTech

  • Group: Moderator
  • Posts: 7,649
  • Joined: 28-April 09

Posted 15 June 2010 - 10:03 AM

Hello,

If you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.



NEXT:



Time for some housekeeping
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall



NEXT:



OTL Clean-Up
Clean up with OTL:
  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.



NEXT:



All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===
Below I have included a number of recommendations for how to protect your computer against malware infections.
  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them     then consider a password keeper, to keep all your passwords safe.

  • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE
  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from Here
      If you choose to use Firefox, I highly recommend this add-on to keep your PC even more secure.
      • NoScript - for blocking ads and other potential website attacks

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.

#11 SweetTech

  • Group: Moderator
  • Posts: 7,649
  • Joined: 28-April 09

Posted 18 June 2010 - 12:35 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Share this topic:


Page 1 of 1