Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I can't get rid of TR/vundo 4.8. Please help.


  • This topic is locked This topic is locked

#1
ShaneStorm

ShaneStorm

    Member

  • Member
  • PipPip
  • 24 posts
I recently started having problems with my computer. I am using Avira antivirus and it continually picks up the trojan TR/vundo 4.8. It quarantines the file and removes it, but the virus shows up again the next time I scan.

I've run VundoFix.exe, but it found nothing. I've run VirtumundoBeGone.exe, but it found nothing. I've run MalwareBytes and SUPERAntiSpyware, but neither find the virus.

Initially, we only had one user account on the computer. The virus prevents the installation of applications and the changing of windows settings. It also gives me an error message that the recycling bin is corrupted.

I created a new user account, and it has none of the same problems. However, I would like to remove the virus.

Here is the OTL log:

OTL logfile created on: 11/16/2010 6:58:32 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Shane\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 62.22 Gb Total Space | 17.56 Gb Free Space | 28.22% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 5.95 Gb Free Space | 60.93% Space Free | Partition Type: NTFS

Computer Name: FELICIA-PC | User Name: Shane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/16 18:58:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Shane\Downloads\OTL.exe
PRC - [2010/11/02 16:09:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/02 16:09:08 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/02 16:09:08 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/09/29 09:21:53 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/09/29 09:21:52 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/01 07:32:00 | 000,421,160 | ---- | M] (Apple Inc.) -- C:\Quicktime\iTunesHelper.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/25 14:17:16 | 000,045,056 | ---- | M] (The Nielsen Company) -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
PRC - [2008/01/24 23:42:18 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/01/24 23:42:14 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/01/24 23:42:14 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/01/24 23:42:14 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/01/19 01:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/11/12 05:07:24 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/11/12 05:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/11/12 05:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/03/21 12:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 12:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/03 17:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/10/03 10:37:04 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2006/10/03 10:35:42 | 000,221,184 | ---- | M] (Macrovision Corporation) -- c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe


========== Modules (SafeList) ==========

MOD - [2010/11/16 18:58:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Shane\Downloads\OTL.exe
MOD - [2010/08/31 09:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Windows\System32\dlbkcoms.exe -- (dlbk_device)
SRV - [2010/11/04 19:26:47 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/11/02 16:09:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/11/02 16:09:08 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/24 19:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/12 05:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/12 05:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/03/21 12:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV - [2010/11/02 16:09:09 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/02 16:09:09 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/05/10 12:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 12:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/29 14:10:12 | 000,020,560 | ---- | M] (The Nielsen Company) [Kernel | System | Running] -- C:\Program Files\NetRatingsNetSight\NetSight\meter7\nnfwdk.sys -- (nnfwdk)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/10 22:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/03/15 06:09:18 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/03/15 06:09:18 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/03/15 06:09:18 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/24 23:42:14 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/12/14 21:54:26 | 000,111,104 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2007/12/14 21:53:56 | 001,674,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/12/12 00:02:00 | 001,044,984 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/11/12 05:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/10/12 01:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/10/12 00:56:00 | 001,279,000 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/09/28 23:31:54 | 000,278,528 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/09/06 10:43:26 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/09/06 10:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 10:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 10:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 20:43:30 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/02 20:42:18 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/11/02 20:42:08 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/02 03:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 03:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 03:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 03:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 03:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 03:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 03:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 03:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 03:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 03:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 03:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 03:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 03:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 03:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 03:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 03:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 03:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 03:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 03:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 03:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 03:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 03:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 03:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 03:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 03:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 03:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 03:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 03:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 02:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 02:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 02:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 02:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 02:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 02:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 01:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 01:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 01:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/02 01:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/08/04 18:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=4080315

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=4080315
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://login.live.c...cxt=mai&snsc=1"
FF - prefs.js..extensions.enabledItems: {D908A1CC-54B4-4af9-9BB4-964F5BD3CDB7}:5.2.4.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{D908A1CC-54B4-4af9-9BB4-964F5BD3CDB7}: C:\Program Files\NetRatingsNetSight\NetSight\meter7\FFAddon\ [2010/09/10 15:06:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/04 19:53:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/07 17:47:51 | 000,000,000 | ---D | M]

[2010/11/04 21:08:54 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\Mozilla\Extensions
[2010/11/15 21:34:14 | 000,000,000 | ---D | M] -- C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\5hfsk373.default\extensions
[2010/11/04 21:47:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\5hfsk373.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/06 19:47:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/06 19:47:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/06 19:47:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/04/16 11:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2010/08/27 21:59:41 | 000,002,226 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2010/02/03 23:55:00 | 000,003,803 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MyHeritage.xml

O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll File not found
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Quicktime\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: CabBuilder http://kiw.imgag.com...llerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{729e0aeb-4c60-11de-aed6-001d0948d80f}\Shell - "" = AutoRun
O33 - MountPoints2\{729e0aeb-4c60-11de-aed6-001d0948d80f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/14 18:09:49 | 000,000,000 | ---D | C] -- C:\avrescue
[2010/11/11 11:15:10 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2010/11/08 21:01:17 | 000,000,000 | ---D | C] -- C:\Users\Shane\AppData\Local\Apple
[2010/11/07 19:32:44 | 000,000,000 | ---D | C] -- C:\Users\Shane\AppData\Local\Adobe
[2010/11/07 14:58:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/11/06 20:35:53 | 000,000,000 | ---D | C] -- C:\Users\Shane\Office Genuine Advantage
[2010/11/06 15:28:21 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/11/06 15:21:32 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2010/11/06 15:20:24 | 000,000,000 | ---D | C] -- C:\Users\Shane\AppData\Local\Windows Live
[2010/11/06 02:21:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/11/05 18:33:49 | 000,000,000 | ---D | C] -- C:\Users\Shane\AppData\Roaming\SUPERAntiSpyware.com
[2010/11/05 15:03:38 | 000,000,000 | ---D | C] -- C:\Users\Shane\AppData\Roaming\Malwarebytes
[2010/11/05 09:12:25 | 000,000,000 | ---D | C] -- C:\Users\Shane\AppData\Local\SupportSoft
[2010/11/04 21:09:52 | 000,000,000 | ---D | C] -- C:\Users\Shane\AppData\Roaming\Macromedia
[2010/11/04 21:08:24 | 000,000,000 | ---D | C] -- C:\Users\Shane\AppData\Roaming\Mozilla
[2010/11/04 21:08:24 | 000,000,000 | ---D | C] -- C:\Users\Shane\AppData\Local\Mozilla
[2010/11/04 19:48:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/11/04 19:48:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/11/04 19:48:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/11/04 19:29:59 | 000,000,000 | ---D | C] -- C:\Users\Shane\AppData\Roaming\Adobe
[2010/11/04 19:28:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010/11/04 19:26:40 | 000,000,000 | ---D | C] -- C:\Users\Shane\AppData\Roaming\Avira
[2010/11/04 19:25:43 | 000,000,000 | ---D | C] -- C:\Users\Shane\AppData\Roaming\Apple Computer
[2010/11/04 19:25:31 | 000,000,000 | ---D | C] -- C:\Users\Shane\Documents\My Google Gadgets
[2010/11/04 19:25:21 | 000,000,000 | ---D | C] -- C:\Users\Shane\AppData\Local\Google
[2010/11/04 19:25:11 | 000,000,000 | R--D | C] -- C:\Users\Shane\Searches
[2010/11/04 19:24:56 | 000,000,000 | ---D | C] -- C:\Users\Shane\AppData\Roaming\Identities
[2010/11/04 19:24:52 | 000,000,000 | R--D | C] -- C:\Users\Shane\Contacts
[2010/11/04 19:24:51 | 000,000,000 | ---D | C] -- C:\Users\Shane\AppData\Local\VirtualStore
[2010/11/04 19:24:42 | 000,000,000 | -HSD | C] -- C:\Users\Shane\AppData\Local\Temporary Internet Files
[2010/11/04 19:24:42 | 000,000,000 | -HSD | C] -- C:\Users\Shane\Templates
[2010/11/04 19:24:42 | 000,000,000 | -HSD | C] -- C:\Users\Shane\Start Menu
[2010/11/04 19:24:42 | 000,000,000 | -HSD | C] -- C:\Users\Shane\SendTo
[2010/11/04 19:24:42 | 000,000,000 | -HSD | C] -- C:\Users\Shane\Recent
[2010/11/04 19:24:42 | 000,000,000 | -HSD | C] -- C:\Users\Shane\PrintHood
[2010/11/04 19:24:42 | 000,000,000 | -HSD | C] -- C:\Users\Shane\NetHood
[2010/11/04 19:24:42 | 000,000,000 | -HSD | C] -- C:\Users\Shane\Documents\My Videos
[2010/11/04 19:24:42 | 000,000,000 | -HSD | C] -- C:\Users\Shane\Documents\My Pictures
[2010/11/04 19:24:42 | 000,000,000 | -HSD | C] -- C:\Users\Shane\Documents\My Music
[2010/11/04 19:24:42 | 000,000,000 | -HSD | C] -- C:\Users\Shane\My Documents
[2010/11/04 19:24:42 | 000,000,000 | -HSD | C] -- C:\Users\Shane\Local Settings
[2010/11/04 19:24:42 | 000,000,000 | -HSD | C] -- C:\Users\Shane\AppData\Local\History
[2010/11/04 19:24:42 | 000,000,000 | -HSD | C] -- C:\Users\Shane\Cookies
[2010/11/04 19:24:42 | 000,000,000 | -HSD | C] -- C:\Users\Shane\Application Data
[2010/11/04 19:24:42 | 000,000,000 | -HSD | C] -- C:\Users\Shane\AppData\Local\Application Data
[2010/11/04 19:24:38 | 000,000,000 | --SD | C] -- C:\Users\Shane\AppData\Roaming\Microsoft
[2010/11/04 19:24:38 | 000,000,000 | R--D | C] -- C:\Users\Shane\Videos
[2010/11/04 19:24:38 | 000,000,000 | R--D | C] -- C:\Users\Shane\Saved Games
[2010/11/04 19:24:38 | 000,000,000 | R--D | C] -- C:\Users\Shane\Pictures
[2010/11/04 19:24:38 | 000,000,000 | R--D | C] -- C:\Users\Shane\Music
[2010/11/04 19:24:38 | 000,000,000 | R--D | C] -- C:\Users\Shane\Links
[2010/11/04 19:24:38 | 000,000,000 | R--D | C] -- C:\Users\Shane\Favorites
[2010/11/04 19:24:38 | 000,000,000 | R--D | C] -- C:\Users\Shane\Downloads
[2010/11/04 19:24:38 | 000,000,000 | R--D | C] -- C:\Users\Shane\Documents
[2010/11/04 19:24:38 | 000,000,000 | R--D | C] -- C:\Users\Shane\Desktop
[2010/11/04 19:24:38 | 000,000,000 | -H-D | C] -- C:\Users\Shane\AppData
[2010/11/04 19:24:38 | 000,000,000 | ---D | C] -- C:\Users\Shane\AppData\Local\Temp
[2010/11/04 19:24:38 | 000,000,000 | ---D | C] -- C:\Users\Shane\AppData\Local\Microsoft Help
[2010/11/04 19:24:38 | 000,000,000 | ---D | C] -- C:\Users\Shane\AppData\Local\Microsoft
[2010/11/02 08:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/11/01 16:41:59 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/11/01 08:21:32 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/11/01 08:21:31 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/11/01 08:21:31 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/11/01 08:21:31 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010/11/01 08:21:31 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010/11/01 08:21:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/11/01 08:21:30 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/10/26 21:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/10/26 21:25:35 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/10/26 21:15:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/10/24 21:15:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/24 21:15:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/24 21:15:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/24 21:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/21 10:03:11 | 000,000,000 | ---D | C] -- C:\Windows\Sun

========== Files - Modified Within 30 Days ==========

[2010/11/16 18:59:59 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AFE24D66-9793-426F-AA2D-BAA6A461DD48}.job
[2010/11/16 18:20:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/16 17:34:30 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0C7A1DA5-9B0A-40D3-868B-1E148023B205}.job
[2010/11/16 17:33:58 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/16 17:33:58 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/13 11:10:13 | 000,617,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/13 11:10:13 | 000,108,772 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/13 10:52:24 | 000,001,726 | ---- | M] () -- C:\Users\Shane\Application Data\Microsoft\Internet Explorer\Quick Launch\dark ad.lnk
[2010/11/11 12:07:37 | 000,000,316 | -HS- | M] () -- C:\Windows\tasks\SILWCK.job
[2010/11/11 12:07:03 | 2137,042,944 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/06 19:36:28 | 000,006,656 | ---- | M] () -- C:\Users\Shane\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/06 17:41:54 | 000,333,528 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/11/06 02:21:19 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/11/06 02:21:03 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/11/04 19:47:12 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/11/04 19:28:42 | 000,000,945 | ---- | M] () -- C:\Users\Shane\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/02 16:09:09 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/11/02 16:09:09 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/11/01 08:21:46 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/10/28 21:27:30 | 000,009,111 | ---- | M] () -- C:\Users\Shane\Desktop\Weight.xlsx
[2010/10/26 21:25:43 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/24 21:15:57 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/21 10:01:39 | 000,054,784 | RHS- | M] () -- C:\Windows\System32\vfwwdm32R.dll
[2010/10/18 21:22:24 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk

========== Files Created - No Company Name ==========

[2010/11/13 10:52:24 | 000,001,726 | ---- | C] () -- C:\Users\Shane\Application Data\Microsoft\Internet Explorer\Quick Launch\dark ad.lnk
[2010/11/06 19:36:18 | 000,006,656 | ---- | C] () -- C:\Users\Shane\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/06 19:28:00 | 2137,042,944 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/06 02:21:19 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/11/06 02:21:03 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/11/05 16:06:03 | 000,000,418 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{0C7A1DA5-9B0A-40D3-868B-1E148023B205}.job
[2010/11/04 19:47:12 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/11/04 19:28:41 | 000,000,945 | ---- | C] () -- C:\Users\Shane\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/04 19:24:40 | 000,000,258 | ---- | C] () -- C:\Users\Shane\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/11/04 19:24:40 | 000,000,240 | ---- | C] () -- C:\Users\Shane\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/11/01 08:21:46 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/10/26 21:25:43 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/24 21:15:57 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/21 10:01:39 | 000,054,784 | RHS- | C] () -- C:\Windows\System32\vfwwdm32R.dll
[2010/10/21 10:01:39 | 000,000,316 | -HS- | C] () -- C:\Windows\tasks\SILWCK.job
[2010/10/18 21:22:24 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010/01/30 16:57:30 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/12/04 13:34:03 | 000,000,094 | ---- | C] () -- C:\Windows\dellstat.ini
[2009/11/08 17:33:00 | 000,002,196 | ---- | C] () -- C:\ProgramData\QuickSet.xml
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/11/17 21:06:51 | 000,339,968 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/11/17 21:06:51 | 000,114,688 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2008/03/15 06:09:58 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/03/15 06:09:58 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1253.dll
[2008/03/15 06:09:57 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/03/15 06:09:56 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/03/15 06:09:55 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/03/14 22:32:51 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2007/10/12 00:11:58 | 000,059,500 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2007/02/07 22:58:00 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2006/11/07 13:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 04:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

========== LOP Check ==========

[2010/11/11 12:06:18 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/11/11 12:07:37 | 000,000,316 | -HS- | M] () -- C:\Windows\Tasks\SILWCK.job
[2010/11/16 17:34:30 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0C7A1DA5-9B0A-40D3-868B-1E148023B205}.job
[2010/11/16 18:59:59 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{AFE24D66-9793-426F-AA2D-BAA6A461DD48}.job

========== Purity Check ==========



< End of report >


Let me know if there is anything I can do next.

Shane
  • 0

Advertisements


#2
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instruction that I give you.
    Reading too lightly will cause you to miss important steps, which could have destructive effects.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :D
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 3 days) and you need an explanation. If that's the case, just send me a message to me on here. ;)
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.
____________________________________________________

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

    :Services
    :OTL
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
    O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll File not found
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll File not found
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: CabBuilder http://kiw.imgag.com...llerControl.cab (Reg Error: Key error.)
    O33 - MountPoints2\{729e0aeb-4c60-11de-aed6-001d0948d80f}\Shell - "" = AutoRun
    O33 - MountPoints2\{729e0aeb-4c60-11de-aed6-001d0948d80f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
    [2010/11/11 12:07:37 | 000,000,316 | -HS- | M] () -- C:\Windows\tasks\SILWCK.job
    [2010/10/21 10:01:39 | 000,054,784 | RHS- | M] () -- C:\Windows\System32\vfwwdm32R.dll
    [2010/10/21 10:01:39 | 000,054,784 | RHS- | C] () -- C:\Windows\System32\vfwwdm32R.dll
    [2010/10/21 10:01:39 | 000,000,316 | -HS- | C] () -- C:\Windows\tasks\SILWCK.job
    [2010/11/11 12:07:37 | 000,000,316 | -HS- | M] () -- C:\Windows\Tasks\SILWCK.job
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Rootkit UnHooker (RkU)
Please download Rootkit Unhooker ... Save it to your Desktop.
Note: The log can be very long, you may need to post it separately.
  • Right click on the .rar and Extract the files.
  • Double-click on RKUnhookerLE.exe to execute it.
    Vista - W7 users: Right click RKUnhookerLE.exe, choose "Run As Administrator" to execute it. If UAC prompts, please allow it.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth Code, Files and Code Hooks. Uncheck the rest. then Click OK. (See image below...)
    Posted Image
    The scanning will toggle through the checked items "tabs" ... it will take a while, so please be patient.
  • When the scanner is finished... click File, Save Report.
  • Save the file "Report.txt" to your Desktop... Press Close... then press Yes
  • Copy the entire contents of the Report.txt file in you're next reply.

Please Note:
You may get this warning, it is ok, just ignore it:
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"




NEXT:



Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

#3
ShaneStorm

ShaneStorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
SweetTech,

Thanks so much for the help. Feel free to let me know if I need to do something extra or if I mess something up.

Here's the OTL Log:

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PCMService deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control CabBuilder
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\CabBuilder\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\CabBuilder\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\CabBuilder\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{729e0aeb-4c60-11de-aed6-001d0948d80f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{729e0aeb-4c60-11de-aed6-001d0948d80f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{729e0aeb-4c60-11de-aed6-001d0948d80f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{729e0aeb-4c60-11de-aed6-001d0948d80f}\ not found.
File F:\LaunchU3.exe not found.
File move failed. C:\Windows\Tasks\SILWCK.job scheduled to be moved on reboot.
File move failed. C:\Windows\System32\vfwwdm32R.dll scheduled to be moved on reboot.
File move failed. C:\Windows\System32\vfwwdm32R.dll scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\SILWCK.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\SILWCK.job scheduled to be moved on reboot.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Shane\Desktop\cmd.bat deleted successfully.
C:\Users\Shane\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Felicia
->Temp folder emptied: 769362018 bytes
->Temporary Internet Files folder emptied: 253666795 bytes
->Java cache emptied: 10788725 bytes
->FireFox cache emptied: 74845781 bytes
->Flash cache emptied: 7202062 bytes

User: Public

User: Shane
->Temp folder emptied: 77577832 bytes
->Temporary Internet Files folder emptied: 3395791 bytes
->Java cache emptied: 16986 bytes
->FireFox cache emptied: 112737680 bytes
->Flash cache emptied: 12010 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 35463305 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,283.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Felicia
->Flash cache emptied: 0 bytes

User: Public

User: Shane
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11172010_192010

Files\Folders moved on Reboot...
File move failed. C:\Windows\Tasks\SILWCK.job scheduled to be moved on reboot.
File move failed. C:\Windows\System32\vfwwdm32R.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Here's the Rootkit Unhooker Report:


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8BC08000 C:\Windows\system32\DRIVERS\igdkmd32.sys 6184960 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x81C3C000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x81C3C000 PnpManager 3903488 bytes
0x81C3C000 RAW 3903488 bytes
0x81C3C000 WMIxWDM 3903488 bytes
0x94A70000 Win32k 2109440 bytes
0x94A70000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x87E06000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x8280E000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8C88C000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8C409000 C:\Windows\system32\DRIVERS\bcmwl6.sys 1056768 bytes (Broadcom Corp., Broadcom 802.11 Network Adapter wireless driver)
0x82A0B000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x804D9000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xA8EE5000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x82B10000 C:\Windows\System32\Drivers\dump_iaStor.sys 815104 bytes
0x8220E000 C:\Windows\system32\drivers\iastor.sys 815104 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x8CA00000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 737280 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xA6E05000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8C20A000 C:\Windows\System32\drivers\dxgkrnl.sys 659456 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8C30F000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x82346000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x80607000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x8040F000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xA6F0C000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8CB4A000 C:\Windows\system32\drivers\stwrt.sys 348160 bytes (IDT, Inc., NDHF)
0x8C566000 C:\Windows\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver)
0xA8E7B000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x8072F000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8CC0E000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80686000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8C39C000 C:\Windows\system32\DRIVERS\yk60x86.sys 286720 bytes (Marvell, NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller)
0x80498000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x829AE000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8C2C2000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8C84F000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x8CCBB000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x82944000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0xA8E02000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x87F16000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8C809000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x81C09000 ACPI_HAL 208896 bytes
0x81C09000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x822FB000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8C9B3000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8297F000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8CAED000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8C5CA000 C:\Windows\system32\DRIVERS\Apfiltr.sys 180224 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0x82919000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x805B9000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0xA6EC5000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0xA8FC3000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xA8E53000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x87F66000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x806DD000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8CB1A000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8CD20000 C:\Windows\system32\DRIVERS\avipbb.sys 143360 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0x823CE000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8CC93000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x87F9E000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8CACC000 C:\Windows\system32\drivers\IntcHdmi.sys 135168 bytes (Intel® Corporation, Intel® High Definition Audio HDMI)
0xA6FC4000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8CBC2000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8CDAC000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x822DD000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xA6F79000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x82AF5000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8CD69000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x8C529000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xA6F96000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x82BD7000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xA8E3B000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8CD09000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x823B7000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xA6FE5000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8CC56000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8C99D000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x8CD84000 C:\Windows\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0xA6FAF000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x807B9000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x807A5000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8C552000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x8C9E5000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8C5B7000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0xA6EF9000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8CC7A000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x87F8D000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8C83E000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8047F000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8232D000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0xA6EB5000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x80795000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8C50B000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x807CE000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x87FE9000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x8CD5A000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x87F57000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80704000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x829EF000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8C543000 C:\Windows\system32\DRIVERS\rimmptsk.sys 61440 bytes (REDC, RICOH SD Driver)
0x8C300000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x80720000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8C51B000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x94CB0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8CC6C000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8C98F000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x80780000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x80678000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x8CD43000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8CAB4000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x82800000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0xA8EC9000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8CBB6000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8C2AB000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8C3ED000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8C3E2000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8CBF3000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x82BEF000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8C1EE000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x87FD5000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8C2B7000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x80716000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8CD50000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8C200000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA6EEF000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8CCF7000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xA8FEB000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x87FBF000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8CB9F000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0xA8FF5000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8233D000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x8CAC1000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x94C90000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x87FE0000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8C400000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x806CC000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x822D5000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80490000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x806D5000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8CD01000 C:\Program Files\NetRatingsNetSight\NetSight\meter7\nnfwdk.sys 32768 bytes (The Nielsen Company, Nielsen Network Filter Driver)
0x8CBE3000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8CBEB000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x87F4F000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0xA8ED5000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8CBAF000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x80779000 C:\Windows\system32\DRIVERS\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x80408000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8CBA8000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8078E000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8C5F6000 C:\Windows\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8CCB5000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x8CC8D000 C:\Windows\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0x8C5FC000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xA8EE1000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x80713000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8C3F8000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
==============================================
>Stealth
==============================================
0x05D10000 Hidden Image-->WLTRAY.EXE [ EPROCESS 0x86F6EC18 ] PID: 1644, 3821568 bytes
0x03F60000 Hidden Image-->msvcm80.dll [ EPROCESS 0x86F6EC18 ] PID: 1644, 507904 bytes
0x046D0000 Hidden Image-->msvcm80.dll [ EPROCESS 0x8723D420 ] PID: 3876, 507904 bytes
0x01E00000 Hidden Image-->bcmwlrmt.dll [ EPROCESS 0x86F6EC18 ] PID: 1644, 77824 bytes
0x04750000 Hidden Image-->bcmwlrmt.dll [ EPROCESS 0x8723D420 ] PID: 3876, 77824 bytes
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x000A87AA, Type: Inline - RelativeJump 0x81CE47AA-->81CE47B1 [ntkrnlpa.exe]
ntkrnlpa.exe-->IoReportHalResourceUsage, Type: Inline - RelativeJump 0x81F7DA2B-->81F7D9F8 [ntkrnlpa.exe]
[2188]firefox.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [nphooks.dll]
[2188]firefox.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77C814C0-->00000000 [nphooks.dll]
[2188]firefox.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77C81500-->00000000 [nphooks.dll]
[2188]firefox.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77C816EC-->00000000 [nphooks.dll]
[2188]firefox.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [nphooks.dll]
[2188]firefox.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B6111C-->00000000 [nphooks.dll]
[2188]firefox.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77B61110-->00000000 [nphooks.dll]
[2188]firefox.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77B61174-->00000000 [nphooks.dll]
[2188]firefox.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6D64123C-->00000000 [nphooks.dll]
[2188]firefox.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x6D641248-->00000000 [nphooks.dll]
[2188]firefox.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x6D6411F8-->00000000 [nphooks.dll]
[2188]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77119390-->00000000 [firefox.exe]
[2188]firefox.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->00000000 [nphooks.dll]
[2188]firefox.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x768E14E0-->00000000 [nphooks.dll]
[2188]firefox.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x768E1284-->00000000 [nphooks.dll]
[2188]firefox.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x768E1448-->00000000 [nphooks.dll]
[2188]firefox.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [nphooks.dll]
[2188]firefox.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77D51250-->00000000 [nphooks.dll]
[2188]firefox.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [nphooks.dll]
[2188]firefox.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77D512FC-->00000000 [nphooks.dll]
[2188]firefox.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x704114B0-->00000000 [nphooks.dll]
[2188]firefox.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x704114B4-->00000000 [nphooks.dll]
[2188]firefox.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x70411450-->00000000 [nphooks.dll]
[2188]firefox.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x70411350-->00000000 [nphooks.dll]
[2188]firefox.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [nphooks.dll]
[2188]firefox.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x4B0D11EC-->00000000 [nphooks.dll]
[2188]firefox.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x4B0D11F0-->00000000 [nphooks.dll]
[2188]firefox.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x4B0D1228-->00000000 [nphooks.dll]
[2496]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [nphooks.dll]
[2496]explorer.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77C814C0-->00000000 [nphooks.dll]
[2496]explorer.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77C81500-->00000000 [nphooks.dll]
[2496]explorer.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77C816EC-->00000000 [nphooks.dll]
[2496]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [nphooks.dll]
[2496]explorer.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B6111C-->00000000 [nphooks.dll]
[2496]explorer.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77B61110-->00000000 [nphooks.dll]
[2496]explorer.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77B61174-->00000000 [nphooks.dll]
[2496]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->00000000 [nphooks.dll]
[2496]explorer.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x768E14E0-->00000000 [nphooks.dll]
[2496]explorer.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x768E1284-->00000000 [nphooks.dll]
[2496]explorer.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x768E1448-->00000000 [nphooks.dll]
[2496]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [nphooks.dll]
[2496]explorer.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77D51250-->00000000 [nphooks.dll]
[2496]explorer.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [nphooks.dll]
[2496]explorer.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77D512FC-->00000000 [nphooks.dll]
[2496]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x704114B0-->00000000 [nphooks.dll]
[2496]explorer.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x704114B4-->00000000 [nphooks.dll]
[2496]explorer.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x70411450-->00000000 [nphooks.dll]
[2496]explorer.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x70411350-->00000000 [nphooks.dll]
[2496]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [nphooks.dll]
[2496]explorer.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x4B0D11EC-->00000000 [nphooks.dll]
[2496]explorer.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x4B0D11F0-->00000000 [nphooks.dll]
[2496]explorer.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x4B0D1228-->00000000 [nphooks.dll]
[6132]plugin-container.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [nphooks.dll]
[6132]plugin-container.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77C814C0-->00000000 [nphooks.dll]
[6132]plugin-container.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77C81500-->00000000 [nphooks.dll]
[6132]plugin-container.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77C816EC-->00000000 [nphooks.dll]
[6132]plugin-container.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [nphooks.dll]
[6132]plugin-container.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B6111C-->00000000 [nphooks.dll]
[6132]plugin-container.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77B61110-->00000000 [nphooks.dll]
[6132]plugin-container.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77B61174-->00000000 [nphooks.dll]
[6132]plugin-container.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->00000000 [nphooks.dll]
[6132]plugin-container.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x768E14E0-->00000000 [nphooks.dll]
[6132]plugin-container.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x768E1284-->00000000 [nphooks.dll]
[6132]plugin-container.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x768E1448-->00000000 [nphooks.dll]
[6132]plugin-container.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [nphooks.dll]
[6132]plugin-container.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77D51250-->00000000 [nphooks.dll]
[6132]plugin-container.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [nphooks.dll]
[6132]plugin-container.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77D512FC-->00000000 [nphooks.dll]
[6132]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x758114F3-->00000000 [xul.dll]
[6132]plugin-container.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [nphooks.dll]
[6132]plugin-container.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x4B0D11EC-->00000000 [nphooks.dll]
[6132]plugin-container.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x4B0D11F0-->00000000 [nphooks.dll]
[6132]plugin-container.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x4B0D1228-->00000000 [nphooks.dll]

Here's the MBRCheck.exe Report:


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 1525
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 150):
0x81C3C000 \SystemRoot\system32\ntkrnlpa.exe
0x81C09000 \SystemRoot\system32\hal.dll
0x80408000 \SystemRoot\system32\kdcom.dll
0x8040F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047F000 \SystemRoot\system32\PSHED.dll
0x80490000 \SystemRoot\system32\BOOTVID.dll
0x80498000 \SystemRoot\system32\CLFS.SYS
0x804D9000 \SystemRoot\system32\CI.dll
0x80607000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80678000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80686000 \SystemRoot\system32\drivers\acpi.sys
0x806CC000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806D5000 \SystemRoot\system32\drivers\msisadrv.sys
0x806DD000 \SystemRoot\system32\drivers\pci.sys
0x80704000 \SystemRoot\System32\drivers\partmgr.sys
0x80713000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80716000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80720000 \SystemRoot\system32\drivers\volmgr.sys
0x8072F000 \SystemRoot\System32\drivers\volmgrx.sys
0x80779000 \SystemRoot\system32\DRIVERS\intelide.sys
0x80780000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8078E000 \SystemRoot\system32\drivers\pciide.sys
0x80795000 \SystemRoot\System32\drivers\mountmgr.sys
0x8220E000 \SystemRoot\system32\drivers\iastor.sys
0x822D5000 \SystemRoot\system32\drivers\atapi.sys
0x822DD000 \SystemRoot\system32\drivers\ataport.SYS
0x822FB000 \SystemRoot\system32\drivers\fltmgr.sys
0x8232D000 \SystemRoot\system32\drivers\fileinfo.sys
0x8233D000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82346000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8280E000 \SystemRoot\system32\drivers\ndis.sys
0x82919000 \SystemRoot\system32\drivers\msrpc.sys
0x82944000 \SystemRoot\system32\drivers\NETIO.SYS
0x82A0B000 \SystemRoot\System32\drivers\tcpip.sys
0x82AF5000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87E06000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87F16000 \SystemRoot\system32\drivers\volsnap.sys
0x87F4F000 \SystemRoot\System32\Drivers\spldr.sys
0x87F57000 \SystemRoot\System32\Drivers\mup.sys
0x87F66000 \SystemRoot\System32\drivers\ecache.sys
0x87F8D000 \SystemRoot\system32\drivers\disk.sys
0x87F9E000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x87FBF000 \SystemRoot\system32\drivers\crcdisk.sys
0x87FD5000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x87FE0000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x87FE9000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8BC08000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8C20A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C2AB000 \SystemRoot\System32\drivers\watchdog.sys
0x8C2B7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8C2C2000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8C300000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C30F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C39C000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8C409000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8C50B000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8C51B000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8C529000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8C543000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8C552000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8C566000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8C5B7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8C5CA000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x8C3E2000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8C3ED000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x82BD7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C5F6000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8C5FC000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8C400000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8297F000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x829AE000 \SystemRoot\system32\DRIVERS\storport.sys
0x8C1EE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x823B7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x82BEF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x823CE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x829EF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x807A5000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x807B9000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x807CE000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8C3F8000 \SystemRoot\system32\DRIVERS\swenum.sys
0x805B9000 \SystemRoot\system32\DRIVERS\ks.sys
0x8C200000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x82800000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8C809000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8C83E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8C84F000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8C88C000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8CA00000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8CAB4000 \SystemRoot\system32\drivers\modem.sys
0x8CACC000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x8CAED000 \SystemRoot\system32\drivers\portcls.sys
0x8CB1A000 \SystemRoot\system32\drivers\drmk.sys
0x8CB4A000 \SystemRoot\system32\drivers\stwrt.sys
0x8CB9F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8CBA8000 \SystemRoot\System32\Drivers\Null.SYS
0x8CBAF000 \SystemRoot\System32\Drivers\Beep.SYS
0x8CBB6000 \SystemRoot\System32\drivers\vga.sys
0x8CBC2000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8CBE3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8CBEB000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8CBF3000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C98F000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8CAC1000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8C99D000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C9B3000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8C9E5000 \SystemRoot\system32\DRIVERS\smb.sys
0x8CC0E000 \SystemRoot\system32\drivers\afd.sys
0x8CC56000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8CC6C000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8CC7A000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8CC8D000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8CC93000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8CCB5000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8CCBB000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8CCF7000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8CD01000 \??\C:\Program Files\NetRatingsNetSight\NetSight\meter7\nnfwdk.sys
0x8CD09000 \SystemRoot\System32\Drivers\dfsc.sys
0x8CD20000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8CD43000 \SystemRoot\System32\Drivers\crashdmp.sys
0x82B10000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x94A70000 \SystemRoot\System32\win32k.sys
0x8CD50000 \SystemRoot\System32\drivers\Dxapi.sys
0x8CD5A000 \SystemRoot\system32\DRIVERS\monitor.sys
0x94C90000 \SystemRoot\System32\TSDDD.dll
0x94CB0000 \SystemRoot\System32\cdd.dll
0x8CD69000 \SystemRoot\system32\drivers\luafv.sys
0x8CD84000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xA6E05000 \SystemRoot\system32\drivers\spsys.sys
0xA6EB5000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA6EC5000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA6EEF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA6EF9000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA6F0C000 \SystemRoot\system32\drivers\HTTP.sys
0xA6F79000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA6F96000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA6FAF000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA6FC4000 \SystemRoot\system32\drivers\mrxdav.sys
0x8CDAC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA8E02000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA8E3B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA8E53000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA8E7B000 \SystemRoot\System32\DRIVERS\srv.sys
0xA8EE1000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA8EE5000 \SystemRoot\system32\drivers\peauth.sys
0xA8FC3000 \SystemRoot\System32\Drivers\fastfat.SYS
0xA8FEB000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA8EC9000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA8ED5000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA6FE5000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x770F0000 \Windows\System32\ntdll.dll

Processes (total 78):
0 System Idle Process
4 System
420 C:\Windows\System32\smss.exe
488 csrss.exe
532 C:\Windows\System32\wininit.exe
544 csrss.exe
580 C:\Windows\System32\services.exe
596 C:\Windows\System32\lsass.exe
604 C:\Windows\System32\lsm.exe
688 C:\Windows\System32\winlogon.exe
796 C:\Windows\System32\svchost.exe
884 C:\Windows\System32\svchost.exe
932 C:\Windows\System32\svchost.exe
1040 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\svchost.exe
1216 C:\Windows\System32\audiodg.exe
1244 C:\Windows\System32\svchost.exe
1272 C:\Windows\System32\SLsvc.exe
1320 C:\Windows\System32\svchost.exe
1480 C:\Windows\System32\svchost.exe
1628 C:\Windows\System32\WLTRYSVC.EXE
1644 C:\Windows\System32\BCMWLTRY.EXE
1700 C:\Windows\System32\wlanext.exe
1760 C:\Windows\System32\spoolsv.exe
1768 C:\Windows\System32\taskeng.exe
1820 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1848 C:\Windows\System32\svchost.exe
460 C:\Windows\System32\AEstSrv.exe
496 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
548 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
700 C:\Program Files\Bonjour\mDNSResponder.exe
1052 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
1476 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
1716 C:\Windows\System32\svchost.exe
432 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
1500 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2384 C:\Windows\System32\taskeng.exe
2452 C:\Windows\System32\dwm.exe
2496 C:\Windows\explorer.exe
2624 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2712 C:\Windows\System32\stacsv.exe
2760 C:\Windows\System32\svchost.exe
2792 C:\Program Files\Viewpoint\Common\ViewpointService.exe
2820 C:\Windows\System32\svchost.exe
2848 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2888 C:\Windows\System32\SearchIndexer.exe
2928 C:\Windows\System32\drivers\XAudio.exe
3016 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3692 C:\Windows\notepad.exe
3804 C:\Program Files\Windows Defender\MSASCui.exe
3820 C:\Program Files\DellTPad\Apoint.exe
3836 C:\Windows\System32\hkcmd.exe
3848 C:\Windows\System32\igfxpers.exe
3860 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3876 C:\Windows\System32\WLTRAY.EXE
3888 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
3944 C:\Windows\System32\igfxsrvc.exe
4020 C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
4088 C:\Quicktime\iTunesHelper.exe
664 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
756 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2208 C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
2188 C:\Program Files\Mozilla Firefox\firefox.exe
2376 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2704 C:\Program Files\Windows Sidebar\sidebar.exe
3248 C:\Program Files\Digital Line Detect\DLG.exe
2956 C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
3632 C:\Program Files\DellTPad\ApMsgFwd.exe
3012 C:\Program Files\DellTPad\hidfind.exe
1920 C:\Program Files\DellTPad\ApntEx.exe
3660 C:\Program Files\iPod\bin\iPodService.exe
4344 C:\Windows\System32\wsqmcons.exe
5016 C:\Windows\System32\SearchProtocolHost.exe
4992 C:\Windows\System32\SearchFilterHost.exe
4468 dllhost.exe
5676 dllhost.exe
5620 C:\Users\Shane\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`73800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`02800000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS541680J9SA00, Rev: SB2OC7KP

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Dell Inspiron MBR code detected
SHA1: AE3E0A945D44C8EA304A19A8F50F69065C34344B


Done!
  • 0

#4
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

Please let me know how things are running, after doing the following scan:

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

  • 0

#5
ShaneStorm

ShaneStorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Again, I really appreciate all the help.

Everything is running fine on this user account. The other user account still gives me a message "Windows cannot access the specified device,path or file. You may not have appropriate permissions to access the item." when I try to access certain things like the screen saver settings. If I can get rid of the trojan, I'll just delete that user account and use this one.

I haven't tried scanning with Avira again yet. I was waiting to complete all your instructions first.

Here's the ComboFix log:

ComboFix 10-11-18.03 - Shane 11/18/2010 21:57:34.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2037.868 [GMT -6:00]
Running from: c:\users\Shane\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\spool\prtprocs\w32x86\dlbkpp5c.dll

.
((((((((((((((((((((((((( Files Created from 2010-10-19 to 2010-11-19 )))))))))))))))))))))))))))))))
.

2010-11-19 04:04 . 2010-11-19 04:04 -------- d-----w- c:\users\Felicia\AppData\Local\temp
2010-11-19 04:04 . 2010-11-19 04:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-18 01:29 . 2010-11-18 01:29 -------- d-----w- c:\program files\Free RAR Extract Frog
2010-11-18 01:20 . 2010-11-18 01:20 -------- d-----w- C:\_OTL
2010-11-16 23:46 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{217B8767-5A97-4364-A862-CDB35B9026A2}\mpengine.dll
2010-11-11 17:15 . 2010-11-11 17:15 -------- d-----w- C:\VundoFix Backups
2010-11-10 00:37 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-11-07 20:58 . 2010-11-07 20:58 -------- d-----w- c:\programdata\McAfee
2010-11-07 01:47 . 2010-11-07 01:47 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-11-07 01:47 . 2010-11-07 01:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-06 21:28 . 2010-11-06 21:28 -------- d-----w- c:\windows\en
2010-11-06 21:21 . 2010-11-06 21:22 -------- d-----w- c:\program files\Bing Bar Installer
2010-11-06 21:21 . 2009-09-04 22:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-11-06 21:21 . 2009-09-04 22:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-11-06 21:21 . 2009-09-04 22:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-11-06 21:21 . 2010-11-06 21:21 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\8dc5e8301cb7df80a\InstallManager_WLE_WLE.exe
2010-11-06 21:21 . 2010-11-06 21:21 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\859d96d01cb7df809\DSETUP.dll
2010-11-06 21:21 . 2010-11-06 21:21 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\859d96d01cb7df809\DXSETUP.exe
2010-11-06 21:21 . 2010-11-06 21:21 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\859d96d01cb7df809\dsetup32.dll
2010-11-06 21:21 . 2010-11-06 21:21 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\83ca84801cb7df808\DSETUP.dll
2010-11-06 21:21 . 2010-11-06 21:21 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\83ca84801cb7df808\DXSETUP.exe
2010-11-06 21:21 . 2010-11-06 21:21 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\83ca84801cb7df808\dsetup32.dll
2010-11-06 21:19 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2010-11-06 08:21 . 2010-11-06 08:21 -------- d-----w- c:\program files\Windows Portable Devices
2010-11-06 08:05 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-11-06 08:05 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-11-06 08:05 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-11-06 08:03 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-11-06 08:02 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-11-06 08:02 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-11-06 08:02 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-11-05 01:48 . 2010-11-05 01:50 -------- d-----w- c:\windows\system32\ca-ES
2010-11-05 01:48 . 2010-11-05 01:49 -------- d-----w- c:\windows\system32\eu-ES
2010-11-05 01:48 . 2010-11-05 01:49 -------- d-----w- c:\windows\system32\vi-VN
2010-11-05 01:28 . 2010-11-05 01:28 -------- d-----w- c:\windows\system32\EventProviders
2010-11-05 01:27 . 2010-11-05 01:26 119808 ----a-w- c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
2010-11-05 01:24 . 2010-11-07 02:35 -------- d-----w- c:\users\Shane
2010-11-01 22:41 . 2010-11-01 22:41 -------- d-----w- c:\programdata\WindowsSearch
2010-11-01 14:30 . 2010-11-01 14:30 -------- d-----w- c:\users\Felicia\AppData\Roaming\Avira
2010-11-01 14:21 . 2010-11-02 22:09 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-01 14:21 . 2010-11-02 22:09 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-01 14:21 . 2009-05-11 17:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-11-01 14:21 . 2009-05-11 17:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-11-01 14:21 . 2010-11-01 14:21 -------- d-----w- c:\programdata\Avira
2010-11-01 14:21 . 2010-11-01 14:21 -------- d-----w- c:\program files\Avira
2010-10-29 03:25 . 2010-10-29 03:25 -------- d-----w- c:\users\Felicia\Office Genuine Advantage
2010-10-27 03:25 . 2010-10-27 03:25 -------- d-----w- c:\users\Felicia\AppData\Roaming\SUPERAntiSpyware.com
2010-10-27 03:25 . 2010-10-27 03:25 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-10-27 03:25 . 2010-10-27 03:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-27 03:15 . 2010-10-27 03:15 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-10-27 00:35 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 00:35 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 00:35 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-25 03:16 . 2010-10-25 03:16 -------- d-----w- c:\users\Felicia\AppData\Roaming\Malwarebytes
2010-10-25 03:15 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-25 03:15 . 2010-10-25 03:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-25 03:15 . 2010-10-25 03:15 -------- d-----w- c:\programdata\Malwarebytes
2010-10-25 03:15 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-21 16:03 . 2010-10-21 16:03 -------- d-----w- c:\windows\Sun
2010-10-21 16:01 . 2010-10-21 16:01 54784 --sha-r- c:\windows\system32\vfwwdm32R.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 16:41 . 2009-12-02 22:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-23 05:47 . 2010-09-23 05:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-23 05:32 . 2010-09-23 05:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-13 13:56 . 2010-10-15 08:04 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 06:01 . 2010-10-15 08:02 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57 . 2010-10-15 08:02 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57 . 2010-10-15 08:02 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56 . 2010-10-15 08:02 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:56 . 2010-10-15 08:02 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:04 . 2010-10-15 08:02 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26 . 2010-10-15 08:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25 . 2010-10-15 08:02 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:20 . 2010-10-15 08:03 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19 . 2010-10-15 08:03 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-06 13:45 . 2010-10-15 08:03 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-09-06 13:45 . 2010-10-15 08:03 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-06 13:45 . 2010-10-15 08:03 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-31 15:46 . 2010-10-15 08:02 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46 . 2010-10-15 08:02 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44 . 2010-10-15 08:02 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27 . 2010-10-15 08:02 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-28 03:53 . 2000-03-29 21:18 94208 ----a-w- c:\windows\system32\Mpeg2Parser.ax
2010-08-28 03:53 . 2000-03-29 21:18 139264 ----a-w- c:\windows\system32\Mpeg2Decoder.ax
2010-08-26 16:37 . 2010-10-15 08:02 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 16:33 . 2010-10-27 00:35 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 00:35 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-10-27 00:35 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-27 00:35 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-11-05 01:26 . 2010-11-05 01:27 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-01-25 167936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-15 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-15 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-15 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-12 3444736]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-11-05 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"NielsenOnline"="c:\program files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2009-02-25 45056]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\quicktime\iTunesHelper.exe" [2010-09-01 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-14 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 dlbk_device;dlbk_device;c:\windows\system32\dlbkcoms.exe [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-11-05 30192]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 nnfwdk;Nielsen WFP Driver;c:\program files\NetRatingsNetSight\NetSight\meter7\nnfwdk.sys [2009-12-29 20560]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-02 135336]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2007-12-15 111104]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - NORMANDY
*Deregistered* - Normandy

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-11-19 c:\windows\Tasks\User_Feed_Synchronization-{0C7A1DA5-9B0A-40D3-868B-1E148023B205}.job
- c:\windows\system32\msfeedssync.exe [2010-10-15 04:25]

2010-11-19 c:\windows\Tasks\User_Feed_Synchronization-{AFE24D66-9793-426F-AA2D-BAA6A461DD48}.job
- c:\windows\system32\msfeedssync.exe [2010-10-15 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\5hfsk373.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1288991078&rver=6.1.6206.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us&cbcxt=mai&snsc=1
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\NetRatingsNetSight\NetSight\meter7\FFAddon\components\nsgkff36_meter7.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\quicktime\Mozilla Plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
AddRemove-Broadcom 802.11b Network Adapter - c:\program files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-18 22:04
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-11-18 22:07:26
ComboFix-quarantined-files.txt 2010-11-19 04:07

Pre-Run: 20,046,503,936 bytes free
Post-Run: 19,977,412,608 bytes free

- - End Of File - - 4810817D150441303AA2E144E92A32AB
  • 0

#6
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

What types of issues are you currently experiencing with the other user account? The one in which you first experienced the issues with.


ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
Driver::
dlbk_device

File::
c:\windows\system32\dlbkcoms.exe


Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#7
ShaneStorm

ShaneStorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
As for the problems on the other user account:

1)it was telling me that the recycling bin was corrupted, but that message no longer pops up. However, there is no recycling bin on the desktop anymore.

2) when I try to change any kind of desktop or screen saver settings it gives me an error message: "Windows cannot access the specified device,path or file. You may not have appropriate permissions to access the item." The top of the error message shows "C:WINDOWS\system32\rundll32.exe"

Those are the only problems that I know of.

Here's the logs:


ComboFix 10-11-20.03 - Shane 11/20/2010 16:57:34.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2037.751 [GMT -6:00]
Running from: c:\users\Shane\Desktop\ComboFix.exe
Command switches used :: c:\users\Shane\Desktop\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point

FILE ::
"c:\windows\system32\dlbkcoms.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_dlbk_device


((((((((((((((((((((((((( Files Created from 2010-10-20 to 2010-11-20 )))))))))))))))))))))))))))))))
.

2010-11-20 23:03 . 2010-11-20 23:03 -------- d-----w- c:\users\Felicia\AppData\Local\temp
2010-11-20 23:03 . 2010-11-20 23:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-19 22:13 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9FE49AD3-315E-4C85-A6EE-612E8B6296DC}\mpengine.dll
2010-11-18 01:29 . 2010-11-18 01:29 -------- d-----w- c:\program files\Free RAR Extract Frog
2010-11-18 01:20 . 2010-11-18 01:20 -------- d-----w- C:\_OTL
2010-11-11 17:15 . 2010-11-11 17:15 -------- d-----w- C:\VundoFix Backups
2010-11-10 00:37 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-11-07 20:58 . 2010-11-07 20:58 -------- d-----w- c:\programdata\McAfee
2010-11-07 01:47 . 2010-11-07 01:47 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-11-07 01:47 . 2010-11-07 01:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-06 21:28 . 2010-11-06 21:28 -------- d-----w- c:\windows\en
2010-11-06 21:21 . 2010-11-06 21:22 -------- d-----w- c:\program files\Bing Bar Installer
2010-11-06 21:21 . 2009-09-04 22:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-11-06 21:21 . 2009-09-04 22:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-11-06 21:21 . 2009-09-04 22:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-11-06 21:21 . 2010-11-06 21:21 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\8dc5e8301cb7df80a\InstallManager_WLE_WLE.exe
2010-11-06 21:21 . 2010-11-06 21:21 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\859d96d01cb7df809\DSETUP.dll
2010-11-06 21:21 . 2010-11-06 21:21 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\859d96d01cb7df809\DXSETUP.exe
2010-11-06 21:21 . 2010-11-06 21:21 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\859d96d01cb7df809\dsetup32.dll
2010-11-06 21:21 . 2010-11-06 21:21 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\83ca84801cb7df808\DSETUP.dll
2010-11-06 21:21 . 2010-11-06 21:21 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\83ca84801cb7df808\DXSETUP.exe
2010-11-06 21:21 . 2010-11-06 21:21 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\83ca84801cb7df808\dsetup32.dll
2010-11-06 21:19 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2010-11-06 08:21 . 2010-11-06 08:21 -------- d-----w- c:\program files\Windows Portable Devices
2010-11-06 08:05 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-11-06 08:05 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-11-06 08:05 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-11-06 08:03 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-11-06 08:02 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-11-06 08:02 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-11-06 08:02 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-11-05 01:48 . 2010-11-05 01:50 -------- d-----w- c:\windows\system32\ca-ES
2010-11-05 01:48 . 2010-11-05 01:49 -------- d-----w- c:\windows\system32\eu-ES
2010-11-05 01:48 . 2010-11-05 01:49 -------- d-----w- c:\windows\system32\vi-VN
2010-11-05 01:28 . 2010-11-05 01:28 -------- d-----w- c:\windows\system32\EventProviders
2010-11-05 01:27 . 2010-11-05 01:26 119808 ----a-w- c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
2010-11-05 01:24 . 2010-11-07 02:35 -------- d-----w- c:\users\Shane
2010-11-01 22:41 . 2010-11-01 22:41 -------- d-----w- c:\programdata\WindowsSearch
2010-11-01 14:30 . 2010-11-01 14:30 -------- d-----w- c:\users\Felicia\AppData\Roaming\Avira
2010-11-01 14:21 . 2010-11-02 22:09 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-01 14:21 . 2010-11-02 22:09 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-01 14:21 . 2009-05-11 17:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-11-01 14:21 . 2009-05-11 17:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-11-01 14:21 . 2010-11-01 14:21 -------- d-----w- c:\programdata\Avira
2010-11-01 14:21 . 2010-11-01 14:21 -------- d-----w- c:\program files\Avira
2010-10-29 03:25 . 2010-10-29 03:25 -------- d-----w- c:\users\Felicia\Office Genuine Advantage
2010-10-27 03:25 . 2010-10-27 03:25 -------- d-----w- c:\users\Felicia\AppData\Roaming\SUPERAntiSpyware.com
2010-10-27 03:25 . 2010-10-27 03:25 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-10-27 03:25 . 2010-10-27 03:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-27 03:15 . 2010-10-27 03:15 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-10-27 00:35 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 00:35 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 00:35 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-25 03:16 . 2010-10-25 03:16 -------- d-----w- c:\users\Felicia\AppData\Roaming\Malwarebytes
2010-10-25 03:15 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-25 03:15 . 2010-10-25 03:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-25 03:15 . 2010-10-25 03:15 -------- d-----w- c:\programdata\Malwarebytes
2010-10-25 03:15 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 16:41 . 2009-12-02 22:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-23 05:47 . 2010-09-23 05:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-23 05:32 . 2010-09-23 05:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-13 13:56 . 2010-10-15 08:04 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 06:01 . 2010-10-15 08:02 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57 . 2010-10-15 08:02 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57 . 2010-10-15 08:02 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56 . 2010-10-15 08:02 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:56 . 2010-10-15 08:02 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:04 . 2010-10-15 08:02 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26 . 2010-10-15 08:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25 . 2010-10-15 08:02 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:20 . 2010-10-15 08:03 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19 . 2010-10-15 08:03 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-06 13:45 . 2010-10-15 08:03 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-09-06 13:45 . 2010-10-15 08:03 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-06 13:45 . 2010-10-15 08:03 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-31 15:46 . 2010-10-15 08:02 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46 . 2010-10-15 08:02 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44 . 2010-10-15 08:02 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27 . 2010-10-15 08:02 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-28 03:53 . 2000-03-29 21:18 94208 ----a-w- c:\windows\system32\Mpeg2Parser.ax
2010-08-28 03:53 . 2000-03-29 21:18 139264 ----a-w- c:\windows\system32\Mpeg2Decoder.ax
2010-08-26 16:37 . 2010-10-15 08:02 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 16:33 . 2010-10-27 00:35 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 00:35 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-10-27 00:35 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-27 00:35 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-11-05 01:26 . 2010-11-05 01:27 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-01-25 167936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-15 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-15 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-15 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-12 3444736]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-11-05 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"NielsenOnline"="c:\program files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2009-02-25 45056]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\quicktime\iTunesHelper.exe" [2010-09-01 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-14 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-11-05 30192]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 nnfwdk;Nielsen WFP Driver;c:\program files\NetRatingsNetSight\NetSight\meter7\nnfwdk.sys [2009-12-29 20560]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-02 135336]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2007-12-15 111104]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-11-20 c:\windows\Tasks\User_Feed_Synchronization-{0C7A1DA5-9B0A-40D3-868B-1E148023B205}.job
- c:\windows\system32\msfeedssync.exe [2010-10-15 04:25]

2010-11-20 c:\windows\Tasks\User_Feed_Synchronization-{AFE24D66-9793-426F-AA2D-BAA6A461DD48}.job
- c:\windows\system32\msfeedssync.exe [2010-10-15 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\5hfsk373.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1288991078&rver=6.1.6206.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us&cbcxt=mai&snsc=1
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\NetRatingsNetSight\NetSight\meter7\FFAddon\components\nsgkff36_meter7.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\quicktime\Mozilla Plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-20 17:08
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\system32\WLANExt.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\STacSV.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\bcmwltry.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-11-20 17:14:37 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-20 23:14
ComboFix2.txt 2010-11-19 04:07

Pre-Run: 19,976,822,784 bytes free
Post-Run: 19,740,467,200 bytes free

- - End Of File - - 196117661CFA4C01E188E5BFE451AB79


Malwarebytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5158

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

11/20/2010 5:24:18 PM
mbam-log-2010-11-20 (17-24-18).txt

Scan type: Quick scan
Objects scanned: 155112
Time elapsed: 8 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#8
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

Run an OTL scan from that user account.


OTL Custom Scan

  • Download OTL and save it to your desktop.
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Standard output is selected.
  • Under the Extra Registry section, check Use SafeList
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#9
ShaneStorm

ShaneStorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Here they are:

OTL logfile created on: 11/22/2010 10:18:03 AM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Felicia\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 62.22 Gb Total Space | 18.34 Gb Free Space | 29.48% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 5.95 Gb Free Space | 60.93% Space Free | Partition Type: NTFS

Computer Name: FELICIA-PC | User Name: Felicia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/22 10:16:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Felicia\Desktop\OTL.exe
PRC - [2010/11/02 16:09:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/02 16:09:08 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/02 16:09:08 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/09/29 09:21:53 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/09/29 09:21:52 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/01 07:32:00 | 000,421,160 | ---- | M] (Apple Inc.) -- C:\Quicktime\iTunesHelper.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/25 14:17:16 | 000,045,056 | ---- | M] (The Nielsen Company) -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
PRC - [2008/01/24 23:42:14 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/11/12 05:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/11/12 05:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/03/21 12:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 12:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/03 17:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/10/03 10:39:58 | 000,512,000 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
PRC - [2006/10/03 10:37:04 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2006/10/03 10:35:42 | 000,221,184 | ---- | M] (Macrovision Corporation) -- c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe


========== Modules (SafeList) ==========

MOD - [2010/11/22 10:16:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Felicia\Desktop\OTL.exe
MOD - [2010/08/31 09:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009/09/24 20:10:10 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2009/04/11 00:28:23 | 002,226,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
MOD - [2009/04/11 00:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
MOD - [2009/04/11 00:28:22 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
MOD - [2009/04/11 00:28:19 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
MOD - [2009/04/11 00:28:18 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2009/04/11 00:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2008/01/19 01:36:40 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll
MOD - [2008/01/19 01:34:07 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
MOD - [2008/01/19 01:33:42 | 000,326,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/04 19:26:47 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/11/02 16:09:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/11/02 16:09:08 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/24 19:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/12 05:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/12 05:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/03/21 12:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV - [2010/11/02 16:09:09 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/02 16:09:09 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/05/10 12:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 12:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/29 14:10:12 | 000,020,560 | ---- | M] (The Nielsen Company) [Kernel | System | Running] -- C:\Program Files\NetRatingsNetSight\NetSight\meter7\nnfwdk.sys -- (nnfwdk)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/10 22:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/03/15 06:09:18 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/03/15 06:09:18 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/03/15 06:09:18 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/24 23:42:14 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/12/14 21:54:26 | 000,111,104 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2007/12/14 21:53:56 | 001,674,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/12/12 00:02:00 | 001,044,984 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/11/12 05:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/10/12 01:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/10/12 00:56:00 | 001,279,000 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/09/28 23:31:54 | 000,278,528 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/09/06 10:43:26 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/09/06 10:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 10:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 10:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 20:43:30 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/02 20:42:18 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/11/02 20:42:08 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/02 03:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 03:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 03:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 03:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 03:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 03:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 03:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 03:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 03:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 03:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 03:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 03:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 03:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 03:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 03:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 03:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 03:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 03:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 03:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 03:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 03:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 03:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 03:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 03:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 03:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 03:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 03:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 03:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 02:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 02:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 02:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 02:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 02:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 02:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 01:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 01:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 01:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/02 01:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/08/04 18:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=4080315
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {ce18769b-c7fa-42d2-860d-17c4662c70ad} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylo...earch&AF=14542"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://login.live.co...4855&mkt=en-us"
FF - prefs.js..extensions.enabledItems: {ce18769b-c7fa-42d2-860d-17c4662c70ad}:2.7.2.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {D908A1CC-54B4-4af9-9BB4-964F5BD3CDB7}:5.2.4.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://us.yhs.search...2-tb-web_us&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{D908A1CC-54B4-4af9-9BB4-964F5BD3CDB7}: C:\Program Files\NetRatingsNetSight\NetSight\meter7\FFAddon\ [2010/09/10 15:06:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/04 19:53:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/07 17:47:51 | 000,000,000 | ---D | M]

[2008/11/18 10:07:28 | 000,000,000 | ---D | M] -- C:\Users\Felicia\AppData\Roaming\Mozilla\Extensions
[2010/11/16 18:36:02 | 000,000,000 | ---D | M] -- C:\Users\Felicia\AppData\Roaming\Mozilla\Firefox\Profiles\g0cmngoq.default\extensions
[2009/09/01 17:18:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Felicia\AppData\Roaming\Mozilla\Firefox\Profiles\g0cmngoq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/27 21:59:44 | 000,000,000 | ---D | M] (Babylon-English Toolbar) -- C:\Users\Felicia\AppData\Roaming\Mozilla\Firefox\Profiles\g0cmngoq.default\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}
[2009/06/11 18:16:32 | 000,000,000 | ---D | M] -- C:\Users\Felicia\AppData\Roaming\Mozilla\Firefox\Profiles\g0cmngoq.default\extensions\[email protected]
[2009/09/22 20:17:12 | 000,000,000 | ---D | M] -- C:\Users\Felicia\AppData\Roaming\Mozilla\Firefox\Profiles\g0cmngoq.default\extensions\[email protected]
[2009/07/15 14:30:13 | 000,001,498 | ---- | M] () -- C:\Users\Felicia\AppData\Roaming\Mozilla\Firefox\Profiles\g0cmngoq.default\searchplugins\givoogle.xml
[2010/11/06 19:47:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/06 19:47:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/06 19:47:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/04/16 11:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2010/08/27 21:59:41 | 000,002,226 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2010/02/03 23:55:00 | 000,003,803 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MyHeritage.xml

O1 HOSTS File: ([2010/11/20 17:07:46 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Quicktime\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: GD ([http] in Computer)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Felicia\Desktop\Wedding\5E1U0116.JPG
O24 - Desktop BackupWallPaper: C:\Users\Felicia\Desktop\Wedding\5E1U0116.JPG
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{729e0aeb-4c60-11de-aed6-001d0948d80f}\Shell - "" = AutoRun
O33 - MountPoints2\{729e0aeb-4c60-11de-aed6-001d0948d80f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d8ef5716-feba-11dc-a447-001d0948d80f}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)


SafeBootMin: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

========== Files/Folders - Created Within 30 Days ==========

[2010/11/22 10:16:30 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Felicia\Desktop\OTL.exe
[2010/11/20 17:14:39 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/11/20 17:14:39 | 000,000,000 | ---D | C] -- C:\Users\Felicia\AppData\Local\temp
[2010/11/20 17:13:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/11/20 16:55:12 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/11/20 16:54:55 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/11/18 21:55:24 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/11/18 21:55:24 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/11/18 21:55:24 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/11/18 21:55:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/11/18 21:54:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/17 19:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\Free RAR Extract Frog
[2010/11/17 19:20:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/11 11:15:10 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2010/11/07 14:58:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/11/06 19:47:32 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/11/06 19:47:32 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/11/06 19:47:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/11/06 19:47:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/11/06 19:40:00 | 000,000,000 | R--D | C] -- C:\Users\Felicia\Favorites
[2010/11/06 15:28:21 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/11/06 15:21:32 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2010/11/06 15:21:27 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2010/11/06 15:21:27 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2010/11/06 15:21:27 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2010/11/06 15:19:46 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
[2010/11/06 02:21:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/11/06 02:05:02 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2010/11/06 02:05:01 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2010/11/06 02:05:01 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2010/11/06 02:04:29 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2010/11/06 02:04:28 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2010/11/06 02:04:28 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010/11/06 02:04:28 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010/11/06 02:04:27 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2010/11/06 02:04:27 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2010/11/06 02:04:27 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2010/11/06 02:04:27 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010/11/06 02:04:27 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2010/11/06 02:04:27 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2010/11/06 02:04:27 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2010/11/06 02:04:27 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2010/11/06 02:04:27 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2010/11/06 02:04:27 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010/11/06 02:04:27 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2010/11/06 02:04:26 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2010/11/06 02:04:26 | 001,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2010/11/06 02:04:26 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2010/11/06 02:04:26 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2010/11/06 02:04:26 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2010/11/06 02:04:26 | 000,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2010/11/06 02:04:26 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2010/11/06 02:04:26 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2010/11/06 02:04:26 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2010/11/06 02:04:26 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2010/11/06 02:03:57 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2010/11/06 02:03:57 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2010/11/06 02:03:49 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2010/11/06 02:03:48 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2010/11/06 02:03:47 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2010/11/06 02:03:47 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2010/11/06 02:03:47 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2010/11/06 02:03:47 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2010/11/06 02:03:46 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2010/11/06 02:03:46 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010/11/06 02:03:46 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2010/11/06 02:03:46 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2010/11/06 02:02:43 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2010/11/06 02:02:43 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2010/11/04 19:48:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/11/04 19:48:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/11/04 19:48:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/11/04 19:28:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010/11/02 08:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/11/01 16:41:59 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/11/01 08:30:56 | 000,000,000 | ---D | C] -- C:\Users\Felicia\AppData\Roaming\Avira
[2010/11/01 08:21:32 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/11/01 08:21:31 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/11/01 08:21:31 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/11/01 08:21:31 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010/11/01 08:21:31 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010/11/01 08:21:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/11/01 08:21:30 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/10/28 21:25:04 | 000,000,000 | ---D | C] -- C:\Users\Felicia\Office Genuine Advantage
[2010/10/26 21:25:47 | 000,000,000 | ---D | C] -- C:\Users\Felicia\AppData\Roaming\SUPERAntiSpyware.com
[2010/10/26 21:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/10/26 21:25:35 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/10/26 21:15:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/10/26 18:35:40 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/10/26 18:35:40 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/10/26 18:35:39 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/10/24 21:16:03 | 000,000,000 | ---D | C] -- C:\Users\Felicia\AppData\Roaming\Malwarebytes
[2010/10/24 21:15:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/24 21:15:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/24 21:15:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/24 21:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

========== Files - Modified Within 30 Days ==========

[2010/11/22 10:20:58 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AFE24D66-9793-426F-AA2D-BAA6A461DD48}.job
[2010/11/22 10:16:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Felicia\Desktop\OTL.exe
[2010/11/22 10:09:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/22 06:57:39 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/22 06:57:39 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/21 12:01:05 | 000,617,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/21 12:01:05 | 000,108,772 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/21 11:16:30 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0C7A1DA5-9B0A-40D3-868B-1E148023B205}.job
[2010/11/20 17:07:46 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/11/20 17:04:30 | 2137,042,944 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\Windows\MBR.exe
[2010/11/07 14:21:06 | 000,014,912 | ---- | M] () -- C:\Users\Felicia\AppData\Roaming\wklnhst.dat
[2010/11/06 19:47:15 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/11/06 19:47:15 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/11/06 19:47:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/11/06 19:47:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/11/06 17:41:54 | 000,333,528 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/11/06 02:21:19 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/11/06 02:21:03 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/11/04 19:47:12 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/11/02 16:09:09 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/11/02 16:09:09 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/11/01 10:52:08 | 000,001,356 | ---- | M] () -- C:\Users\Felicia\AppData\Local\d3d9caps.dat
[2010/11/01 08:21:46 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/10/26 21:25:43 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/24 21:15:57 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/24 19:40:00 | 000,008,641 | ---- | M] () -- C:\Users\Felicia\Documents\Allowance.xlsx

========== Files Created - No Company Name ==========

[2010/11/18 21:55:24 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/11/18 21:55:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/11/18 21:55:24 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/11/18 21:55:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/11/18 21:55:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/11/06 19:28:00 | 2137,042,944 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/06 02:21:19 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/11/06 02:21:03 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/11/05 16:06:03 | 000,000,418 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{0C7A1DA5-9B0A-40D3-868B-1E148023B205}.job
[2010/11/04 19:47:12 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/11/01 08:21:46 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/10/26 21:25:43 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/24 21:15:57 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/21 10:01:39 | 000,054,784 | RHS- | C] () -- C:\Windows\System32\vfwwdm32R.dll
[2010/01/30 16:57:30 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/12/04 13:34:03 | 000,000,094 | ---- | C] () -- C:\Windows\dellstat.ini
[2009/11/08 17:33:00 | 000,002,196 | ---- | C] () -- C:\ProgramData\QuickSet.xml
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/12/15 22:11:55 | 000,001,356 | ---- | C] () -- C:\Users\Felicia\AppData\Local\d3d9caps.dat
[2008/11/17 21:06:51 | 000,339,968 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/11/17 21:06:51 | 000,114,688 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2008/03/30 20:11:06 | 000,014,912 | ---- | C] () -- C:\Users\Felicia\AppData\Roaming\wklnhst.dat
[2008/03/30 19:06:16 | 000,025,600 | ---- | C] () -- C:\Users\Felicia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/15 06:09:58 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/03/15 06:09:58 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1253.dll
[2008/03/15 06:09:57 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/03/15 06:09:56 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/03/15 06:09:55 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/03/14 22:32:51 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2007/10/12 00:11:58 | 000,059,500 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2007/02/07 22:58:00 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2006/11/07 13:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 04:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

< End of report >

And Extras:

OTL Extras logfile created on: 11/22/2010 10:18:04 AM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Felicia\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 62.22 Gb Total Space | 18.34 Gb Free Space | 29.48% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 5.95 Gb Free Space | 60.93% Space Free | Partition Type: NTFS

Computer Name: FELICIA-PC | User Name: Felicia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{195F608E-7127-4477-8A59-5E5EBD8E38E0}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{807E74BC-325B-4B5A-AAB2-137ADACE7862}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AD3B01AE-E6F9-4791-B398-70FE680DCDA1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B3EBFFBC-6E16-4229-AB2B-C28E471FCA88}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{BEB6B1F5-6EF5-47F3-B56C-6F406333B0CB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C435DFD1-8D1B-4EC1-AFE7-A7CE7A2CAA04}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A11F567-1A35-49E9-841E-4980C29A5DD2}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{273D55FB-6767-4AAA-9D60-6561A600175B}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{2E01538B-3F31-4E24-B193-90624842E14C}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{3757A237-E9E1-44F0-9F7F-8EA0C139E0CC}" = protocol=17 | dir=in | app=c:\quicktime\itunes.exe |
"{3B4475FF-248D-4CF6-B9C2-4599C48A63CB}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{3F3F6985-8C25-4D20-A15E-CAC7DA01CD6E}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{6F283AF2-C130-41B1-8BEE-8D464B432254}" = protocol=6 | dir=in | app=c:\windows\system32\dlbkcoms.exe |
"{7DB52D63-43CD-4C12-A8F8-9306F3598473}" = protocol=6 | dir=in | app=c:\users\felicia\downloads\mediaplayer_setup.exe |
"{8BFEA3BC-5A26-43E8-BE3F-DE87D6CF0A3B}" = protocol=6 | dir=in | app=c:\quicktime\itunes.exe |
"{916401E6-9390-47D7-8115-B0DF25BC8C0A}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{986B6092-A080-4759-A17C-51006FDC2DD1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A6F82D7E-7A39-4ECF-980A-744737783C5F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{B1241BB4-2F34-4565-BBB3-78AB7A3D9B15}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{C0805039-BB5E-4716-BE4A-73E20F308E3E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C42A55F0-12A4-49BC-B107-CB859A7E7E24}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D0BF6880-096A-479C-8D41-36A4B1E5A635}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{D8126BB0-2EA6-40E2-B9E9-FC711690D24E}" = protocol=17 | dir=in | app=c:\users\felicia\downloads\mediaplayer_setup.exe |
"{E1A49B13-55A8-4289-A7B1-6EA65B7FA10D}" = protocol=17 | dir=in | app=c:\windows\system32\dlbkcoms.exe |
"{E6A39E29-74BA-4C22-BB6A-6DFC910488ED}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{FC336701-B43E-4F58-A7CB-20E5B48C499F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FCC7D13D-6D67-427B-9612-F53EB9DE74C4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95FC661A-A0C5-4B18-92CE-90347DA79CC9}" = Smart Menus (Windows Live Toolbar)
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1E502E2-C006-49DB-9C0C-F2196E51826F}_is1" = Rootkit Unhooker LE 3.8 SR 2
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{ECDA9BD9-A54E-462A-8191-A2B569D9AB34}" = Map Button (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5AF5CDA-76FC-4794-9F28-09B6D54E7431}" = Form Fill (Windows Live Toolbar)
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"acaddr" = Address Book Database for MS Access(Remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free RAR Extract Frog" = Free RAR Extract Frog
"Google Desktop" = Google Desktop
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"NetSight" = Nielsen//NetRatings
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wheel of Fortune Deluxe" = Wheel of Fortune Deluxe (remove only)
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Acrobat Connect Add-in" = Adobe Acrobat Connect Add-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/13/2010 1:39:23 PM | Computer Name = Felicia-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3947

Error - 11/13/2010 1:39:24 PM | Computer Name = Felicia-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/13/2010 1:39:24 PM | Computer Name = Felicia-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5491

Error - 11/13/2010 1:39:24 PM | Computer Name = Felicia-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5491

Error - 11/13/2010 1:39:25 PM | Computer Name = Felicia-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/13/2010 1:39:25 PM | Computer Name = Felicia-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6537

Error - 11/13/2010 1:39:25 PM | Computer Name = Felicia-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6537

Error - 11/13/2010 10:45:45 PM | Computer Name = Felicia-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/13/2010 10:45:45 PM | Computer Name = Felicia-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1529

Error - 11/13/2010 10:45:45 PM | Computer Name = Felicia-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1529

[ Broadcom Wireless LAN Events ]
Error - 11/20/2010 7:06:55 PM | Computer Name = Felicia-PC | Source = WLAN-Tray | ID = 0
Description = 17:06:53, Sat, Nov 20, 10 Error - Unable to gain access to user store


[ OSession Events ]
Error - 4/27/2008 11:48:04 PM | Computer Name = Felicia-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3193
seconds with 2580 seconds of active time. This session ended with a crash.

Error - 10/14/2008 12:55:00 AM | Computer Name = Felicia-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6494
seconds with 3900 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/22/2010 12:09:50 PM | Computer Name = Felicia-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/22/2010 12:09:51 PM | Computer Name = Felicia-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/22/2010 12:09:52 PM | Computer Name = Felicia-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/22/2010 12:09:54 PM | Computer Name = Felicia-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/22/2010 12:09:54 PM | Computer Name = Felicia-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/22/2010 12:11:55 PM | Computer Name = Felicia-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/22/2010 12:11:55 PM | Computer Name = Felicia-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/22/2010 12:11:57 PM | Computer Name = Felicia-PC | Source = DCOM | ID = 10010
Description =

Error - 11/22/2010 12:12:24 PM | Computer Name = Felicia-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/22/2010 12:12:25 PM | Computer Name = Felicia-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >
  • 0

#10
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

    :Services
    :OTL
    DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
    IE - HKCU\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - Reg Error: Key error. File not found
    IE - HKCU\..\URLSearchHook: {ce18769b-c7fa-42d2-860d-17c4662c70ad} - Reg Error: Key error. File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O33 - MountPoints2\{729e0aeb-4c60-11de-aed6-001d0948d80f}\Shell - "" = AutoRun
    O33 - MountPoints2\{729e0aeb-4c60-11de-aed6-001d0948d80f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{d8ef5716-feba-11dc-a447-001d0948d80f}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
    [2010/10/21 10:01:39 | 000,054,784 | RHS- | C] () -- C:\Windows\System32\vfwwdm32R.dll
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



We need to remove a program. To do this please do the following:
For Vista Users:
  • Click on Start > Control Panel and double click on Programs and Features.
  • Locate Java™ SE Runtime Environment 6 and click on the Uninstall button to uninstall it.
  • Repeat for Rootkit Unhooker LE 3.8 SR 2.
  • Close Control Panel when done.


NEXT:



Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy
  • Go to Start > Control Panel > Add/Remove Programs
  • Remove ALL instances of Adobe Reader
  • Re-boot your computer as required.
  • Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader
Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.



NEXT:



How are things running? Are you still experiencing issues with trying to set certain settings?
  • 0

Advertisements


#11
ShaneStorm

ShaneStorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I did everything you suggested, but I had a couple of problems:

1) I can't seem to uninstall the Java SE Runtime Environment. When I click uninstall, a window pops up that says "The feature you are trying to use is on a CD-ROM or other removable disk that is not available. Insert the 'Java SE Runtime Environment 6' disk and click OK."

Is this something I should have?

2) I downloaded the Foxit Reader, but when I tried to install it I got a popup that said this "C:\Users\Felicia\AppData\Local\Temp\fox7DID.tmp\Foxit Reader Setup.exe: Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."


I am also still getting the same pop-up when I try to access the windows settings such as the screen saver.

Here's the OTL log:

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\ComboFix\catchme.sys not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ce18769b-c7fa-42d2-860d-17c4662c70ad} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce18769b-c7fa-42d2-860d-17c4662c70ad}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{729e0aeb-4c60-11de-aed6-001d0948d80f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{729e0aeb-4c60-11de-aed6-001d0948d80f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{729e0aeb-4c60-11de-aed6-001d0948d80f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{729e0aeb-4c60-11de-aed6-001d0948d80f}\ not found.
File F:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8ef5716-feba-11dc-a447-001d0948d80f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8ef5716-feba-11dc-a447-001d0948d80f}\ not found.
File F:\setupSNK.exe not found.
File move failed. C:\Windows\System32\vfwwdm32R.dll scheduled to be moved on reboot.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Felicia\Desktop\cmd.bat deleted successfully.
C:\Users\Felicia\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Felicia
->Temp folder emptied: 176881 bytes
->Temporary Internet Files folder emptied: 259480 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 44452142 bytes
->Flash cache emptied: 1536 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Shane
->Temp folder emptied: 36998 bytes
->Temporary Internet Files folder emptied: 1134802 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 101756591 bytes
->Flash cache emptied: 10249 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2556 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 141.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Felicia
->Flash cache emptied: 0 bytes

User: Public

User: Shane
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11222010_133632

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\vfwwdm32R.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...
  • 0

#12
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

Try this program to remove the outdated Java:

I have given the updating Java issue some further thought and it is possible not all of the installations were uninstalled in full. It happens upon occasion, so please carry out the following.

Note: Do not try to install Java just yet and the current installer you have please delete that if still present also in-case that itself is damaged.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.


NEXT:



Could you provide me with the exact error message you are receiving when trying to change the screensaver?
  • 0

#13
ShaneStorm

ShaneStorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I ran the JavaRa; it seemed to work just fine.

Still no luck on installing Foxit reader, same error message.

Here's the error I get with windows settings: "C:\Windows\system32\rundll32.exe: Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."


Here's the JavaRa log:

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Mon Nov 22 21:50:47 2010

Found and removed: C:\Program Files\Java\jre1.6.0

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610000

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610000

Found and removed: SOFTWARE\Classes\JavaPlugin.160

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160000}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0\bin\

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0

Found and removed: Software\JavaSoft\Java2D\1.6.0

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610000

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

------------------------------------

Finished reporting.
  • 0

#14
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

Lets try this:


SFC ScanNow

We need to run SFC Scan Now.

We will need to open up an elevated command prompt. This can be down by clicking on Start > All Programs > Accessories, right click on Command Prompt, and then click on Run as Administrator.

You will need to click Allow.

Type the following command below, and then press ENTER:

sfc /scannow

The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions.


Let me know if that solves the issue with the error message.
  • 0

#15
ShaneStorm

ShaneStorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I ran the SFC Scan and the result was "Windows Resource Protection did not find any integrity violations."

I still get the same error messages when accessing the screensaver menu and trying to install Foxit Reader.

Let me know if there is anything else we can try.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP