[jrdriv]

Antivirus 8 was some how downloaded onto my computer. It constantly pops up with warnings that I have trojans, and viruses. It wants me to use the program to remove them. I tried to use msconfig to quit starting up, but a pop warning about a virus always pops up.Please help with the removal of this program, and thanks in advanced.

OTL logfile created on: 11/21/2010 11:23:35 PM - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\J-ROD\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.71 Gb Total Space | 0.00 Gb Free Space | 0.01% Space Free | Partition Type: NTFS

Computer Name: RIVERA | User Name: J-ROD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/21 23:22:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\J-ROD\Desktop\OTL.exe
PRC - [2010/11/09 01:59:08 | 001,539,584 | ---- | M] () -- C:\Program Files\AV8\av8.exe
PRC - [2010/07/06 11:30:48 | 000,240,480 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
PRC - [2010/03/26 10:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/12/19 22:20:14 | 002,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2009/08/07 16:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/24 01:57:42 | 001,025,320 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\SupportSoft\bin\bcont.exe
PRC - [2008/01/25 00:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/01/09 15:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2007/11/01 18:12:38 | 000,582,992 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2007/08/29 20:12:30 | 000,344,064 | ---- | M] (Kmaestro) -- C:\Program Files\HP USB Multimedia Keyboard\Kmaestro.exe
PRC - [2007/06/25 09:56:42 | 000,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2007/06/19 07:55:24 | 000,841,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2007/06/13 04:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/18 13:08:10 | 000,304,680 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPS\mpsevh.exe
PRC - [2007/04/18 13:08:06 | 000,906,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPS\mps.exe
PRC - [2007/04/12 08:33:42 | 000,353,368 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/03/08 14:42:42 | 000,256,096 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe
PRC - [2007/02/13 11:09:12 | 000,540,776 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
PRC - [2007/01/25 18:01:58 | 000,643,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2007/01/17 17:30:34 | 000,029,264 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2007/01/17 17:30:24 | 000,152,144 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\MSK\mskagent.exe
PRC - [2007/01/16 18:03:36 | 000,362,064 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe
PRC - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/06/10 10:44:02 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/03/31 09:26:50 | 000,229,376 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ycommon.exe
PRC - [2005/03/23 00:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2004/04/07 12:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2003/12/10 04:52:40 | 000,380,928 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe
PRC - [2003/12/09 14:02:04 | 000,057,344 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ybrwicon.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe


========== Modules (SafeList) ==========

MOD - [2010/11/21 23:22:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\J-ROD\Desktop\OTL.exe
MOD - [2007/01/17 17:30:52 | 000,563,792 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\MSK\mskoeplg.dll
MOD - [2006/08/25 09:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/05/03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
MOD - [2003/10/07 04:41:56 | 000,081,920 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\SBC Self Support Tool\SmartBridge\SBHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/26 10:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/09/23 16:36:06 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/08/07 16:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/07/26 14:01:42 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/25 00:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2008/01/09 15:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007/10/05 16:33:26 | 000,341,328 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\McAfee\EmProxy\emproxy.exe -- (Emproxy)
SRV - [2007/08/30 18:01:00 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2007/06/25 09:56:42 | 000,144,960 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2007/06/19 07:55:24 | 000,841,256 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2007/04/18 13:08:06 | 000,906,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPS\mps.exe -- (MPS9)
SRV - [2007/04/12 08:33:42 | 000,353,368 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007/03/08 14:42:42 | 000,256,096 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe -- (McRedirector)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/02/13 11:09:12 | 000,540,776 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe -- (McAfee HackerWatch Service)
SRV - [2007/01/25 18:01:58 | 000,643,664 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007/01/17 17:30:34 | 000,029,264 | ---- | M] (McAfee Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2007/01/16 18:03:36 | 000,362,064 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/06/21 08:19:38 | 000,491,520 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\dlcccoms.exe -- (dlcc_device)
SRV - [2004/04/07 12:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\CDS300\cds300.dll -- (29641666-7965-406a-b216-5accf225623f)
DRV - [2009/10/16 09:42:10 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/09/30 18:46:24 | 000,011,264 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\uze4mjmx.sys -- (uze4mjmx)
DRV - [2009/09/15 11:42:48 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/09/15 11:42:46 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/15 11:42:44 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/02/22 15:33:02 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2008/02/22 15:33:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2008/02/22 15:33:00 | 000,087,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/07/27 18:32:31 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2007/06/25 13:54:44 | 000,071,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/06/25 09:57:28 | 000,037,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007/06/25 09:57:24 | 000,032,008 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/06/25 09:57:20 | 000,171,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/06/25 09:57:10 | 000,034,184 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/03/02 13:16:52 | 000,109,608 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/01/30 13:24:18 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/11/16 16:42:48 | 000,045,056 | ---- | M] (InterVideo) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iviVD.sys -- (iviVD)
DRV - [2005/08/04 04:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/07/14 18:32:28 | 000,040,576 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sdcplh.sys -- (sdcplh)
DRV - [2005/06/14 22:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2004/12/06 01:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/12/06 01:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/12/06 01:05:00 | 000,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/12/06 01:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/12/06 01:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/12/06 01:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/12/06 01:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/12/06 01:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/12/06 01:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/01 03:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 02:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/08/12 17:45:54 | 000,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/10 05:00:00 | 000,002,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\mdtdisk.sys -- (mdtdisk)
DRV - [2004/08/03 23:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 23:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/08/03 22:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/07/14 11:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 11:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/06/16 03:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 04:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 04:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 04:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/11/03 20:18:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\Firefox [2010/10/27 21:00:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/10/27 21:01:00 | 000,000,000 | ---D | M]


Hosts file not found
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo!)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll (Yahoo! Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptcl.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll (Google)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [BtcMaestro] C:\Program Files\HP USB Multimedia Keyboard\KMaestro.exe (Kmaestro)
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\mskagent.exe (McAfee Inc.)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe (Yahoo!, Inc.)
O4 - HKCU..\Run: [AV8] C:\Program Files\AV8\av8.exe ()
O4 - HKCU..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Yahoo! Pager] File not found
O4 - Startup: C:\Documents and Settings\J-ROD\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo!)
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos1.walma...martActivia.cab (Snapfish Activia)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: OSDriver - {8F8136BC-804B-444C-BC82-8DBD26880472} - C:\Documents and Settings\All Users\Microsoft Private Data\Microsoft\lan.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\J-ROD\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\J-ROD\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{d5255342-637c-11de-a945-00038a000015}\Shell\AutoRun\command - "" = explorer .
O33 - MountPoints2\{d5255342-637c-11de-a945-00038a000015}\Shell\mobile\command - "" = G:\MobileLaunch.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/21 23:22:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/11/21 23:22:00 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\J-ROD\Desktop\OTL.exe
[2010/11/11 10:41:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\%APPDATA%
[2010/11/09 20:32:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/11/09 20:32:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/10/27 21:00:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/10/27 21:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2010/10/27 21:00:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/10/27 20:59:53 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Installer
[2010/10/27 20:59:47 | 000,000,000 | ---D | C] -- C:\Program Files\Shockwave.com
[2008/01/25 11:47:00 | 000,217,088 | ---- | C] ( ) -- C:\Documents and Settings\J-ROD\Local Settings\Application Data\Interop.Microsoft.Office.Core.dll
[2007/08/09 15:50:38 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\J-ROD\Local Settings\Application Data\stdole.dll

========== Files - Modified Within 30 Days ==========

[2010/11/21 23:22:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\J-ROD\Desktop\OTL.exe
[2010/11/21 23:17:41 | 000,032,172 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/11/21 22:44:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/21 22:44:18 | 2682,408,960 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/21 10:06:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/12 22:45:32 | 000,050,432 | ---- | M] () -- C:\Documents and Settings\J-ROD\Desktop\mstsc.exe
[2010/11/11 10:41:42 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\Improve Your PC.lnk
[2010/11/09 21:32:19 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\J-ROD\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/11/09 01:59:16 | 000,000,612 | ---- | M] () -- C:\Documents and Settings\J-ROD\Desktop\Antivirus8.lnk
[2010/11/09 01:55:29 | 000,442,774 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/09 01:55:29 | 000,071,848 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/08 23:38:09 | 000,014,596 | ---- | M] () -- C:\Documents and Settings\J-ROD\Chase 2.mmw
[2010/11/07 18:25:49 | 000,204,288 | ---- | M] () -- C:\Documents and Settings\J-ROD\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/06 14:05:19 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/11/05 17:40:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/27 20:59:52 | 000,001,570 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shockwave Games.lnk
[2010/10/27 20:59:52 | 000,000,960 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dora's Big Birthday Adventure.lnk

========== Files Created - No Company Name ==========

[2010/11/12 22:45:32 | 000,050,432 | ---- | C] () -- C:\Documents and Settings\J-ROD\Desktop\mstsc.exe
[2010/11/11 10:41:41 | 000,001,072 | ---- | C] () -- C:\WINDOWS\System32\Improve Your PC.lnk
[2010/11/09 01:59:16 | 000,000,612 | ---- | C] () -- C:\Documents and Settings\J-ROD\Desktop\Antivirus8.lnk
[2010/11/08 22:41:01 | 000,014,596 | ---- | C] () -- C:\Documents and Settings\J-ROD\Chase 2.mmw
[2010/10/27 20:59:52 | 000,001,570 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shockwave Games.lnk
[2010/10/27 20:59:52 | 000,000,960 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Dora's Big Birthday Adventure.lnk
[2009/09/30 18:46:24 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\uze4mjmx.sys
[2009/09/27 14:18:30 | 000,000,276 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/09/15 21:41:53 | 000,000,276 | ---- | C] () -- C:\Documents and Settings\J-ROD\Application Data\up3D3.cab
[2009/09/15 21:41:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\J-ROD\Application Data\up3F5.cab
[2008/11/21 14:13:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/11/21 14:00:05 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/08/25 19:59:40 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/07/19 16:20:35 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2007/05/18 23:10:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2006/11/27 18:58:58 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/10/01 16:18:30 | 000,040,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\sdcplh.sys
[2006/05/21 13:27:00 | 000,000,207 | ---- | C] () -- C:\Documents and Settings\J-ROD\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2006/05/03 22:09:26 | 000,204,288 | ---- | C] () -- C:\Documents and Settings\J-ROD\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/20 17:59:14 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/02/20 17:59:13 | 000,000,149 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2006/02/10 14:29:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/02/02 16:05:27 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\5B962160A4.sys
[2006/02/02 16:05:02 | 000,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/02/02 15:41:06 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\J-ROD\Local Settings\Application Data\fusioncache.dat
[2006/01/30 13:40:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/30 13:26:14 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/01/30 13:20:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/30 12:52:06 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlccserv.dll
[2006/01/30 12:52:06 | 001,134,592 | ---- | C] () -- C:\WINDOWS\System32\dlccusb1.dll
[2006/01/30 12:52:06 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcchbn3.dll
[2006/01/30 12:52:06 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcccomc.dll
[2006/01/30 12:52:06 | 000,638,976 | ---- | C] () -- C:\WINDOWS\System32\dlccpmui.dll
[2006/01/30 12:52:06 | 000,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlcclmpm.dll
[2006/01/30 12:52:06 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2006/01/30 12:52:06 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcccomm.dll
[2006/01/30 12:52:06 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2006/01/30 12:52:06 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccprox.dll
[2006/01/30 12:52:06 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2006/01/30 12:52:06 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2006/01/30 12:52:06 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlccpplc.dll
[2006/01/30 12:52:06 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2006/01/30 12:52:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2006/01/30 12:52:06 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2006/01/30 12:52:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2006/01/30 12:52:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2006/01/30 12:52:06 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2006/01/30 12:51:20 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/01/20 11:56:58 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Machinist2.dll
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 04:18:23 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\mdtdisk.sys
[2005/08/05 14:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 14:00:16 | 000,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlccplc.ini
[2005/04/09 17:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2007/08/30 18:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2005/08/16 20:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2009/07/05 19:32:38 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Memeo
[2010/11/09 21:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/09/12 23:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/08/30 17:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J-ROD\Application Data\Autodesk
[2009/04/28 12:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J-ROD\Application Data\Canon
[2006/02/19 19:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J-ROD\Application Data\Leadertech
[2010/01/08 21:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J-ROD\Application Data\PowerChallenge
[2008/11/27 00:24:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J-ROD\Application Data\Samsung
[2007/11/18 18:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J-ROD\Application Data\Smilebox
[2009/10/08 11:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J-ROD\Application Data\Snapfish
[2009/09/30 21:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J-ROD\Application Data\uTorrent
[2007/03/10 09:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J-ROD\Application Data\Viewpoint
[2010/11/06 14:05:19 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/08/01 00:07:10 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

[Advertisements]

Hi jrdriv,

Welcome to Geekstogo. My name is Salagubang and I'll be helping you with this problem.

I am still a trainee so all my posts will be checked by an Expert. It's your advantage that there are two people looking at your log but responses may be a little delayed so please be patient.

• Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
  
• English is not my first language, so please do not use slang or idioms, as this makes it difficult to understand for me.

I am currently reviewing your logs. Please be patient.

[Salagubang]

Hi jrdriv,

Welcome to Geekstogo. My name is Salagubang and I'll be helping you with this problem.

I am still a trainee so all my posts will be checked by an Expert. It's your advantage that there are two people looking at your log but responses may be a little delayed so please be patient.

• Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
  
• English is not my first language, so please do not use slang or idioms, as this makes it difficult to understand for me.

I am currently reviewing your logs. Please be patient.

[Salagubang]

Hi jrdrv,

=====================================

Some reminders:

µTorrent is a Peer-to-peer (P2P) programs. This type applications can provide medium for entry of unverified data which tend to corrupt your system - a great way to infect your computer. Those who participate in P2P file sharing both provide files for others to download by uploading them onto their computers. They also download the files of others who have uploaded music and videos onto their own computers. Many times, however, networks will make it so your own files can be uploaded by others.

You may consider that P2P downloads are:

• Not always legal. While Limewire, BitComet and P2P programs are themselves legal, downloading music, videos, and so forth (depending on the site) is often in violation of copyright laws, and many people have been prosecuted for downloading files illegal.
• Malware - P2P is one of the most common way to geting infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using P2P programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware.
  
  You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Also,

Viewpoint Manager is considered to be foistware. You can go to the link below to read about it. http://www.clickz.co...cle.php/3561546

You may uninstall the programs by going to Start > Control Panel >Add or Remove Programs (Programs and Features if you are a Vista user) and uninstall the following if they exist:

Viewpoint, Viewpoint Manager, Viewpoint Media Player.:

======================================

Step One

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
  DRV - [2009/09/30 18:46:24 | 000,011,264 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\uze4mjmx.sys -- (uze4mjmx)
  O4 - HKCU..\Run: [AV8] C:\Program Files\AV8\av8.exe ()
  O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
  O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
  O21 - SSODL: OSDriver - {8F8136BC-804B-444C-BC82-8DBD26880472} - C:\Documents and Settings\All Users\Microsoft Private Data\Microsoft\lan.dll File not found
  O33 - MountPoints2\{d5255342-637c-11de-a945-00038a000015}\Shell\AutoRun\command - "" = explorer .
  [2010/11/11 10:41:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\%APPDATA%
  [2009/09/30 18:46:24 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\uze4mjmx.sys
  @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
  
  :Services
  
  :Reg
  
  :Files
  C:\Program Files\AV8
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [EMPTYFLASH]
  [CREATERESTOREPOINT]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step Two

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Step Three

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

• Save it to your desktop.
• Reboot your computer into SafeMode.
  

  You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
  Use your up arrow key to highlight SafeMode then hit enter.

• Double click the setup file to run it.
• Click Next to continue.
• Accept the Licence agreement and click on next
• It will by default install it to your desktop folder.Click Next.
• It will then open a box There will be a tab that says Automatic scan.
• Under Automatic scan make sure these are checked.

• Hidden Startup Objects
• System Memory
• Disk Boot Sectors.
• My Computer.
• Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.

• Then click on Scan at the to right hand Corner.
• It will automatically Neutralize any objects found.
• If some objects are left un-neutralized then click the button that says Neutralize all
• If it says it cannot be Neutralized then chooose The delete option when prompted.
• After that is done click on the reports button at the bottom and save it to file name it Kas.
• Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
  
  

  Note: This tool will self uninstall when you close it so please save the log before closing it.

StepFour

Run OTL again and post a fresh OTL log.

[Essexboy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

[Salagubang]

Hi jrdriv,

Can you update me what are our current problems?

Also, since it has been a while, please run OTL and post a fresh OTL log.

Happy New Year

[jrdriv]

Happy New Year,

For a quick recap, antivirus 8 was on my computer and constantly popping up with alerts about trojans. So, my computer was not working. Now, I believe we got to the point were it has been removed, but my computer is still not completly clean. Also, now there is something called WhiteSmoke Translator that pops up. I will post a log very soon, but currently not able to do it. But, most likely doit tomorrow. Thank you very much.

[Salagubang]

No problem there. Just keep me informed of developments.

Happy New Year.

[jrdriv]

Here is the up to date log....

OTL logfile created on: 1/2/2011 2:36:35 PM - Run 6
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\J-ROD\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.71 Gb Total Space | 0.21 Gb Free Space | 0.30% Space Free | Partition Type: NTFS

Computer Name: RIVERA | User Name: J-ROD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/02 14:27:13 | 000,039,952 | ---- | M] () -- C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe
PRC - [2010/12/29 18:18:23 | 000,039,948 | ---- | M] () -- C:\Documents and Settings\J-ROD\Application Data\Microsoft\conhost.exe
PRC - [2010/12/29 18:15:35 | 000,125,440 | ---- | M] () -- C:\Documents and Settings\J-ROD\Application Data\Microsoft\conhost .exe
PRC - [2010/12/03 15:15:21 | 000,042,500 | ---- | M] () -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2010/11/21 23:22:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\J-ROD\Desktop\OTL.exe
PRC - [2010/07/07 10:58:04 | 000,671,744 | ---- | M] () -- C:\Program Files\WhiteSmoke Translator\WSTrayDictMode.exe
PRC - [2010/07/06 11:30:48 | 000,240,480 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext .exe
PRC - [2010/05/04 12:06:56 | 000,630,784 | ---- | M] (WhiteSmoke) -- C:\Program Files\WhiteSmoke Translator\WhiteSmokeDictRegistration.exe
PRC - [2010/03/26 10:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/12/19 22:20:14 | 002,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
PRC - [2009/08/07 16:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/07/01 22:13:03 | 000,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched .exe
PRC - [2009/04/24 01:57:42 | 001,025,320 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\SupportSoft\bin\bcont .exe
PRC - [2008/01/25 00:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/01/09 15:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2007/11/01 18:12:38 | 000,582,992 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2007/11/01 18:12:38 | 000,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe
PRC - [2007/08/29 20:12:30 | 000,344,064 | ---- | M] (Kmaestro) -- C:\Program Files\HP USB Multimedia Keyboard\KMaestro .exe
PRC - [2007/06/25 09:56:42 | 000,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2007/06/19 07:55:24 | 000,841,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2007/06/13 04:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/18 13:08:10 | 000,304,680 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPS\mpsevh.exe
PRC - [2007/04/18 13:08:06 | 000,906,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPS\mps.exe
PRC - [2007/04/12 08:33:42 | 000,353,368 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/03/08 14:42:42 | 000,256,096 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe
PRC - [2007/02/13 11:09:12 | 000,540,776 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
PRC - [2007/01/25 18:01:58 | 000,643,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2007/01/17 17:30:34 | 000,029,264 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2007/01/17 17:30:24 | 000,152,144 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\MSK\MskAgent .exe
PRC - [2007/01/16 18:03:36 | 000,362,064 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe
PRC - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/06/10 10:44:02 | 000,618,496 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
PRC - [2005/03/31 09:26:50 | 000,229,376 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ycommon.exe
PRC - [2005/03/23 00:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2004/04/07 12:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2003/12/10 04:52:40 | 000,380,928 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB .exe
PRC - [2003/12/09 14:02:04 | 000,057,344 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ybrwicon .exe
PRC - [2003/09/03 20:12:44 | 000,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM .exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe


========== Modules (SafeList) ==========

MOD - [2010/11/21 23:22:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\J-ROD\Desktop\OTL.exe
MOD - [2007/01/17 17:30:52 | 000,563,792 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\MSK\mskoeplg.dll
MOD - [2006/08/25 09:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/05/03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
MOD - [2003/10/07 04:41:56 | 000,081,920 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\SBC Self Support Tool\SmartBridge\SBHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/12/28 13:03:25 | 000,299,008 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Auto | Running] -- C:\WINDOWS\system32\sshnas21.dll -- (SSHNAS)
SRV - [2010/12/20 12:46:20 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\6to4v32.dll -- (6to4)
SRV - [2010/03/26 10:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/09/23 16:36:06 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/08/07 16:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/07/26 14:01:42 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/25 00:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2008/01/09 15:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007/10/05 16:33:26 | 000,341,328 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\McAfee\EmProxy\emproxy.exe -- (Emproxy)
SRV - [2007/08/30 18:01:00 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2007/06/25 09:56:42 | 000,144,960 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2007/06/19 07:55:24 | 000,841,256 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2007/04/18 13:08:06 | 000,906,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPS\mps.exe -- (MPS9)
SRV - [2007/04/12 08:33:42 | 000,353,368 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007/03/08 14:42:42 | 000,256,096 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe -- (McRedirector)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/02/13 11:09:12 | 000,540,776 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe -- (McAfee HackerWatch Service)
SRV - [2007/01/25 18:01:58 | 000,643,664 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007/01/17 17:30:34 | 000,029,264 | ---- | M] (McAfee Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2007/01/16 18:03:36 | 000,362,064 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/06/21 08:19:38 | 000,491,520 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\dlcccoms.exe -- (dlcc_device)
SRV - [2004/04/07 12:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\CDS300\cds300.dll -- (29641666-7965-406a-b216-5accf225623f)
DRV - [2009/10/16 09:42:10 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/09/15 11:42:48 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/09/15 11:42:46 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/15 11:42:44 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/02/22 15:33:02 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2008/02/22 15:33:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2008/02/22 15:33:00 | 000,087,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/07/27 18:32:31 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2007/06/25 13:54:44 | 000,071,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/06/25 09:57:28 | 000,037,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007/06/25 09:57:24 | 000,032,008 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/06/25 09:57:20 | 000,171,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/06/25 09:57:10 | 000,034,184 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/03/02 13:16:52 | 000,109,608 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/01/30 13:24:18 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/11/16 16:42:48 | 000,045,056 | ---- | M] (InterVideo) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iviVD.sys -- (iviVD)
DRV - [2005/08/04 04:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/07/14 18:32:28 | 000,040,576 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sdcplh.sys -- (sdcplh)
DRV - [2005/06/14 22:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2004/12/06 01:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/12/06 01:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/12/06 01:05:00 | 000,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/12/06 01:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/12/06 01:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/12/06 01:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/12/06 01:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/12/06 01:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/12/06 01:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/01 03:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 02:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/08/12 17:45:54 | 000,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/03 23:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 23:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/08/03 22:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/07/14 11:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 11:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/06/16 03:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 04:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 04:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 04:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55939

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/12/18 09:46:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\Firefox [2010/10/27 21:00:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/10/27 21:01:00 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/11/24 17:45:09 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo!)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\common\YIeTagBm.dll (Yahoo! Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptcl.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll (Google)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [BtcMaestro] C:\Program Files\HP USB Multimedia Keyboard\KMaestro.exe ()
O4 - HKLM..\Run: [conhost] C:\Documents and Settings\J-ROD\Application Data\Microsoft\conhost.exe ()
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe ()
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe ()
O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe ()
O4 - HKLM..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe ()
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask .exe File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe ()
O4 - HKCU..\Run: [{B4F8E569-A689-66A5-441F-034274716B09}] C:\Documents and Settings\J-ROD\Application Data\Peidx\cutoe.exe ()
O4 - HKCU..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe ()
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ()
O4 - HKCU..\Run: [Yahoo! Pager] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launch Whitesmoke Translator.lnk = C:\Program Files\WhiteSmoke Translator\WSTrayDictMode.exe ()
O4 - Startup: C:\Documents and Settings\J-ROD\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo!)
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe ()
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos1.walma...martActivia.cab (Snapfish Activia)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\J-ROD\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\J-ROD\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{d5255342-637c-11de-a945-00038a000015}\Shell\AutoRun\command - "" = explorer .
O33 - MountPoints2\{d5255342-637c-11de-a945-00038a000015}\Shell\mobile\command - "" = G:\MobileLaunch.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/28 14:19:10 | 000,000,000 | ---D | C] -- C:\Microsoft
[2010/12/28 13:03:25 | 000,299,008 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\sshnas21.dll
[2010/12/28 04:03:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\whitesmoketoolbar
[2010/12/28 04:03:35 | 000,000,000 | ---D | C] -- C:\Program Files\whitesmoketoolbar
[2010/12/28 04:02:57 | 000,000,000 | ---D | C] -- C:\Program Files\WhiteSmoke Translator
[2010/12/20 12:48:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\J-ROD\Application Data\whitesmoketoolbar
[2010/12/20 12:46:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\%APPDATA%
[2010/12/19 23:50:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/12/07 12:57:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\J-ROD\IECompatCache
[2010/12/04 20:17:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2008/01/25 11:47:00 | 000,217,088 | ---- | C] ( ) -- C:\Documents and Settings\J-ROD\Local Settings\Application Data\Interop.Microsoft.Office.Core.dll
[2007/08/09 15:50:38 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\J-ROD\Local Settings\Application Data\stdole.dll

========== Files - Modified Within 30 Days ==========

[2011/01/02 14:22:49 | 000,037,576 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2011/01/02 14:21:38 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/01/02 14:21:38 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011/01/02 14:21:38 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/01/02 14:21:19 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2011/01/02 14:21:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/02 14:21:13 | 2682,408,960 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/02 14:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2011/01/02 13:19:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2011/01/02 13:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2011/01/02 12:19:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011/01/02 12:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2011/01/02 11:19:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011/01/02 11:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2011/01/02 10:19:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2011/01/02 10:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2011/01/02 09:19:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011/01/02 09:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2011/01/02 08:19:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2011/01/02 08:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2011/01/02 07:19:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2011/01/02 07:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2011/01/02 06:19:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2011/01/02 06:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2011/01/02 05:19:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2011/01/02 05:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2011/01/02 04:19:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2011/01/02 04:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2011/01/02 03:19:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/01/02 03:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2011/01/02 02:19:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/01/02 02:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2011/01/02 01:19:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/01/02 01:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2011/01/02 00:40:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2011/01/02 00:19:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/01/01 23:19:04 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2011/01/01 23:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2011/01/01 22:19:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011/01/01 22:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2011/01/01 21:19:03 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011/01/01 21:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2011/01/01 20:19:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011/01/01 20:05:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2011/01/01 00:30:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/30 20:11:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/12/30 20:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/12/30 20:11:39 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/12/30 20:11:38 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/12/30 20:11:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/12/30 19:19:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/12/30 18:43:32 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\4iTRqm40.dat
[2010/12/30 18:19:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/12/30 17:19:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/12/30 17:11:42 | 000,003,804 | ---- | M] () -- C:\Documents and Settings\J-ROD\Application Data\8CBE.9C3
[2010/12/30 16:19:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/12/30 15:19:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/12/30 00:27:16 | 000,081,410 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Ajj1TFNx.exe
[2010/12/28 13:03:25 | 000,299,008 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\sshnas21.dll
[2010/12/28 04:03:01 | 000,001,725 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launch Whitesmoke Translator.lnk
[2010/12/28 04:02:57 | 000,001,453 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Launch WhiteSmoke Translator.lnk
[2010/12/25 15:11:58 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/12/20 13:52:10 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\J-ROD\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/12/20 12:46:20 | 000,053,248 | ---- | M] () -- C:\WINDOWS\System32\6to4v32.dll
[2010/12/19 16:06:56 | 000,206,848 | ---- | M] () -- C:\Documents and Settings\J-ROD\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/19 16:03:59 | 000,019,869 | ---- | M] () -- C:\Documents and Settings\J-ROD\Chase 2.mmw

========== Files Created - No Company Name ==========

[2010/12/29 18:15:38 | 000,003,804 | ---- | C] () -- C:\Documents and Settings\J-ROD\Application Data\8CBE.9C3
[2010/12/28 13:03:34 | 000,000,252 | -H-- | C] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010/12/28 13:03:33 | 000,000,252 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/12/28 13:03:29 | 000,000,252 | -H-- | C] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010/12/28 04:03:01 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launch Whitesmoke Translator.lnk
[2010/12/28 04:02:57 | 000,001,453 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Launch WhiteSmoke Translator.lnk
[2010/12/20 12:46:20 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\6to4v32.dll
[2010/12/03 15:18:38 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2010/12/03 15:18:37 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2010/12/03 15:18:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2010/12/03 15:18:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2010/12/03 15:18:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2010/12/03 15:18:32 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2010/12/03 15:18:31 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2010/12/03 15:18:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2010/12/03 15:18:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2010/12/03 15:18:27 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2010/12/03 15:18:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2010/12/03 15:18:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2010/12/03 15:18:24 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2010/12/03 15:18:23 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2010/12/03 15:18:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2010/12/03 15:18:21 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2010/12/03 15:18:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2010/12/03 15:18:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2010/12/03 15:18:17 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2010/12/03 15:18:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2010/12/03 15:18:15 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2010/12/03 15:18:15 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\4iTRqm40.dat
[2010/12/03 15:18:14 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2010/12/03 15:18:12 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2010/12/03 15:18:11 | 000,081,410 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ajj1TFNx.exe
[2010/12/03 15:18:11 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2010/12/03 15:15:51 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/12/03 15:15:50 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/12/03 15:15:49 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/12/03 15:15:48 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/12/03 15:15:47 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/12/03 15:15:45 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/12/03 15:15:44 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/12/03 15:15:43 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/12/03 15:15:42 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/12/03 15:15:41 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/12/03 15:15:40 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/12/03 15:15:38 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/12/03 15:15:37 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/12/03 15:15:36 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/12/03 15:15:35 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/12/03 15:15:33 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/12/03 15:15:32 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/12/03 15:15:31 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/12/03 15:15:30 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/12/03 15:15:28 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/12/03 15:15:27 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/12/03 15:15:26 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/12/03 15:15:24 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/12/03 15:15:23 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/12/03 15:15:22 | 000,039,936 | ---- | C] () -- C:\WINDOWS\Fonts\8ukvo.com
[2009/09/27 14:18:30 | 000,000,276 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/09/15 21:41:53 | 000,000,276 | ---- | C] () -- C:\Documents and Settings\J-ROD\Application Data\up3D3.cab
[2009/09/15 21:41:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\J-ROD\Application Data\up3F5.cab
[2008/11/21 14:13:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/11/21 14:00:05 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/08/25 19:59:40 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/07/19 16:20:35 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2007/05/18 23:10:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2006/11/27 18:58:58 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/10/01 16:18:30 | 000,040,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\sdcplh.sys
[2006/05/21 13:27:00 | 000,000,207 | ---- | C] () -- C:\Documents and Settings\J-ROD\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2006/05/03 22:09:26 | 000,206,848 | ---- | C] () -- C:\Documents and Settings\J-ROD\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/20 17:59:14 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/02/20 17:59:13 | 000,000,149 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2006/02/10 14:29:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/02/02 16:05:27 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\5B962160A4.sys
[2006/02/02 16:05:02 | 000,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/02/02 15:41:06 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\J-ROD\Local Settings\Application Data\fusioncache.dat
[2006/01/30 13:40:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/30 13:26:14 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/01/30 13:20:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/30 12:52:06 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlccserv.dll
[2006/01/30 12:52:06 | 001,134,592 | ---- | C] () -- C:\WINDOWS\System32\dlccusb1.dll
[2006/01/30 12:52:06 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcchbn3.dll
[2006/01/30 12:52:06 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcccomc.dll
[2006/01/30 12:52:06 | 000,638,976 | ---- | C] () -- C:\WINDOWS\System32\dlccpmui.dll
[2006/01/30 12:52:06 | 000,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlcclmpm.dll
[2006/01/30 12:52:06 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2006/01/30 12:52:06 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcccomm.dll
[2006/01/30 12:52:06 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2006/01/30 12:52:06 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccprox.dll
[2006/01/30 12:52:06 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2006/01/30 12:52:06 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2006/01/30 12:52:06 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlccpplc.dll
[2006/01/30 12:52:06 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2006/01/30 12:52:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2006/01/30 12:52:06 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2006/01/30 12:52:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2006/01/30 12:52:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2006/01/30 12:52:06 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2006/01/30 12:51:20 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/01/20 11:56:58 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Machinist2.dll
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/05 14:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 14:00:16 | 000,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlccplc.ini
[2005/04/09 17:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2007/08/30 18:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2005/08/16 20:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2009/07/05 19:32:38 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Memeo
[2010/11/09 21:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/24 18:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/08/30 17:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J-ROD\Application Data\Autodesk
[2009/04/28 12:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J-ROD\Application Data\Canon
[2010/12/03 14:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J-ROD\Application Data\Etne
[2006/02/19 19:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J-ROD\Application Data\Leadertech
[2010/12/18 19:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J-ROD\Application Data\Peidx
[2010/01/08 21:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J-ROD\Application Data\PowerChallenge
[2008/11/27 00:24:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J-ROD\Application Data\Samsung
[2007/11/18 18:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J-ROD\Application Data\Smilebox
[2009/10/08 11:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J-ROD\Application Data\Snapfish
[2010/11/24 18:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J-ROD\Application Data\uTorrent
[2007/03/10 09:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J-ROD\Application Data\Viewpoint
[2010/12/22 09:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J-ROD\Application Data\whitesmoketoolbar
[2011/01/02 00:19:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/01/02 09:19:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2011/01/02 10:19:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2011/01/02 11:19:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2011/01/02 12:19:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2011/01/02 13:19:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2011/01/02 14:21:19 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/12/30 15:19:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/12/30 16:19:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/12/30 17:19:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/12/30 18:19:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2011/01/02 01:19:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/12/30 19:19:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2011/01/01 20:19:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2011/01/01 21:19:03 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2011/01/01 22:19:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2011/01/01 23:19:04 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2011/01/02 00:40:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2011/01/02 01:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2011/01/02 02:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2011/01/02 03:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2011/01/02 04:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2011/01/02 02:19:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2011/01/02 05:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2011/01/02 06:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2011/01/02 07:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2011/01/02 08:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2011/01/02 09:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2011/01/02 10:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2011/01/02 11:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2011/01/02 12:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2011/01/02 13:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2011/01/02 14:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2011/01/02 03:19:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/12/30 20:11:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2010/12/30 20:11:38 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2010/12/30 20:11:39 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2010/12/30 20:11:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2010/12/30 20:11:41 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2011/01/01 20:05:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2011/01/01 21:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2011/01/01 22:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2011/01/01 23:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2011/01/02 04:19:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2011/01/02 05:19:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2011/01/02 06:19:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2011/01/02 07:19:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2011/01/02 08:19:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/12/25 15:11:58 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/08/01 00:07:10 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2011/01/02 14:21:38 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/01/02 14:21:38 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011/01/02 14:21:38 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

========== Purity Check ==========



< End of report >

[Salagubang]

Hi jrdriv,

Step One

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55939
  O2 - BHO: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
  O3 - HKLM\..\Toolbar: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()
  O4 - HKLM..\Run: [conhost] C:\Documents and Settings\J-ROD\Application Data\Microsoft\conhost.exe ()
  O4 - HKCU..\Run: [{B4F8E569-A689-66A5-441F-034274716B09}] C:\Documents and Settings\J-ROD\Application Data\Peidx\cutoe.exe ()
  O4 - HKCU..\Run: [Yahoo! Pager] File not found
  O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launch Whitesmoke Translator.lnk = C:\Program Files\WhiteSmoke Translator\WSTrayDictMode.exe ()
  [2010/12/28 04:03:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\whitesmoketoolbar
  [2010/12/28 04:03:35 | 000,000,000 | ---D | C] -- C:\Program Files\whitesmoketoolbar
  [2010/12/28 04:02:57 | 000,000,000 | ---D | C] -- C:\Program Files\WhiteSmoke Translator
  [2010/12/20 12:48:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\J-ROD\Application Data\whitesmoketoolbar
  [2010/12/30 18:43:32 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\4iTRqm40.dat
  [2010/12/30 17:11:42 | 000,003,804 | ---- | M] () -- C:\Documents and Settings\J-ROD\Application Data\8CBE.9C3
  [2010/12/28 04:03:01 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launch Whitesmoke Translator.lnk
  [2010/12/28 04:02:57 | 000,001,453 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Launch WhiteSmoke Translator.lnk
  [2010/12/20 12:46:20 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\6to4v32.dll
  [2010/12/03 15:18:15 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\4iTRqm40.dat
  [2010/12/03 15:18:11 | 000,081,410 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ajj1TFNx.exe
  [2010/12/22 09:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J-ROD\Application Data\whitesmoketoolbar
  
  :Services
  
  :Reg
  
  :Files
  C:\WINDOWS\Tasks\At*.job
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [EMPTYFLASH]
  [CREATERESTOREPOINT]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step Two

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
• Double click on Combofix.exe and follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

[jrdriv]

Hello Salagubang,

I have followed your directions exactly. Here are the Log posts...

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52794457-af6c-4c50-9def-f2e24f4c8889}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889}\ deleted successfully.
C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{52794457-af6c-4c50-9def-f2e24f4c8889} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889}\ not found.
File C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\conhost deleted successfully.
C:\Documents and Settings\J-ROD\Application Data\Microsoft\conhost.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{B4F8E569-A689-66A5-441F-034274716B09} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4F8E569-A689-66A5-441F-034274716B09}\ not found.
C:\Documents and Settings\J-ROD\Application Data\Peidx\cutoe.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Yahoo! Pager deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launch Whitesmoke Translator.lnk moved successfully.
C:\Program Files\WhiteSmoke Translator\WSTrayDictMode.exe moved successfully.
C:\Documents and Settings\NetworkService\Application Data\whitesmoketoolbar folder moved successfully.
C:\Program Files\whitesmoketoolbar\components folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\searchbar folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\options folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\uwa folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\radio\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\radio\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\radio folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\default folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib\panels folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\lib folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\DTXWizard\skin\icon_library\Basics folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\DTXWizard\skin\icon_library folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\DTXWizard\skin folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin\DTXWizard folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\skin folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\data\weather folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\data\search folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\data\rss folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\data\dynamicElements folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\data folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\scripts folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\js folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\scripts folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\js folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\scripts folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\css folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\widgets folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\newtab\images folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\newtab folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\modules folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content\lib folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome\content folder moved successfully.
C:\Program Files\whitesmoketoolbar\chrome folder moved successfully.
C:\Program Files\whitesmoketoolbar folder moved successfully.
C:\Program Files\WhiteSmoke Translator\html\english\dictClientWelcome\style folder moved successfully.
C:\Program Files\WhiteSmoke Translator\html\english\dictClientWelcome\js folder moved successfully.
C:\Program Files\WhiteSmoke Translator\html\english\dictClientWelcome\content\style folder moved successfully.
C:\Program Files\WhiteSmoke Translator\html\english\dictClientWelcome\content\js folder moved successfully.
C:\Program Files\WhiteSmoke Translator\html\english\dictClientWelcome\content\img\captionbar folder moved successfully.
C:\Program Files\WhiteSmoke Translator\html\english\dictClientWelcome\content\img\Background\attic folder moved successfully.
C:\Program Files\WhiteSmoke Translator\html\english\dictClientWelcome\content\img\Background folder moved successfully.
C:\Program Files\WhiteSmoke Translator\html\english\dictClientWelcome\content\img folder moved successfully.
C:\Program Files\WhiteSmoke Translator\html\english\dictClientWelcome\content folder moved successfully.
C:\Program Files\WhiteSmoke Translator\html\english\dictClientWelcome folder moved successfully.
C:\Program Files\WhiteSmoke Translator\html\english\dictClientRegistration\style folder moved successfully.
C:\Program Files\WhiteSmoke Translator\html\english\dictClientRegistration\js folder moved successfully.
C:\Program Files\WhiteSmoke Translator\html\english\dictClientRegistration\img\captionbar folder moved successfully.
C:\Program Files\WhiteSmoke Translator\html\english\dictClientRegistration\img folder moved successfully.
C:\Program Files\WhiteSmoke Translator\html\english\dictClientRegistration folder moved successfully.
C:\Program Files\WhiteSmoke Translator\html\english\dictClientDic\style folder moved successfully.
C:\Program Files\WhiteSmoke Translator\html\english\dictClientDic\js folder moved successfully.
C:\Program Files\WhiteSmoke Translator\html\english\dictClientDic\img\popup folder moved successfully.
C:\Program Files\WhiteSmoke Translator\html\english\dictClientDic\img\captionbar folder moved successfully.
C:\Program Files\WhiteSmoke Translator\html\english\dictClientDic\img\Buttons folder moved successfully.
C:\Program Files\WhiteSmoke Translator\html\english\dictClientDic\img\Background folder moved successfully.
C:\Program Files\WhiteSmoke Translator\html\english\dictClientDic\img folder moved successfully.
C:\Program Files\WhiteSmoke Translator\html\english\dictClientDic folder moved successfully.
C:\Program Files\WhiteSmoke Translator\html\english\common\js folder moved successfully.
C:\Program Files\WhiteSmoke Translator\html\english\common\iepngfix folder moved successfully.
C:\Program Files\WhiteSmoke Translator\html\english\common folder moved successfully.
C:\Program Files\WhiteSmoke Translator\html\english folder moved successfully.
C:\Program Files\WhiteSmoke Translator\html folder moved successfully.
C:\Program Files\WhiteSmoke Translator folder moved successfully.
C:\Documents and Settings\J-ROD\Application Data\whitesmoketoolbar\weather folder moved successfully.
C:\Documents and Settings\J-ROD\Application Data\whitesmoketoolbar folder moved successfully.
C:\Documents and Settings\All Users\Application Data\4iTRqm40.dat moved successfully.
C:\Documents and Settings\J-ROD\Application Data\8CBE.9C3 moved successfully.
File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launch Whitesmoke Translator.lnk not found.
C:\Documents and Settings\All Users\Desktop\Launch WhiteSmoke Translator.lnk moved successfully.
C:\WINDOWS\system32\6to4v32.dll moved successfully.
File C:\Documents and Settings\All Users\Application Data\4iTRqm40.dat not found.
C:\Documents and Settings\All Users\Application Data\Ajj1TFNx.exe moved successfully.
Folder C:\Documents and Settings\J-ROD\Application Data\whitesmoketoolbar\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\WINDOWS\Tasks\At1.job moved successfully.
C:\WINDOWS\Tasks\At10.job moved successfully.
C:\WINDOWS\Tasks\At11.job moved successfully.
C:\WINDOWS\Tasks\At12.job moved successfully.
C:\WINDOWS\Tasks\At13.job moved successfully.
C:\WINDOWS\Tasks\At14.job moved successfully.
C:\WINDOWS\Tasks\At15.job moved successfully.
C:\WINDOWS\Tasks\At16.job moved successfully.
C:\WINDOWS\Tasks\At17.job moved successfully.
C:\WINDOWS\Tasks\At18.job moved successfully.
C:\WINDOWS\Tasks\At19.job moved successfully.
C:\WINDOWS\Tasks\At2.job moved successfully.
C:\WINDOWS\Tasks\At20.job moved successfully.
C:\WINDOWS\Tasks\At21.job moved successfully.
C:\WINDOWS\Tasks\At22.job moved successfully.
C:\WINDOWS\Tasks\At23.job moved successfully.
C:\WINDOWS\Tasks\At24.job moved successfully.
C:\WINDOWS\Tasks\At25.job moved successfully.
C:\WINDOWS\Tasks\At26.job moved successfully.
C:\WINDOWS\Tasks\At27.job moved successfully.
C:\WINDOWS\Tasks\At28.job moved successfully.
C:\WINDOWS\Tasks\At29.job moved successfully.
C:\WINDOWS\Tasks\At3.job moved successfully.
C:\WINDOWS\Tasks\At30.job moved successfully.
C:\WINDOWS\Tasks\At31.job moved successfully.
C:\WINDOWS\Tasks\At32.job moved successfully.
C:\WINDOWS\Tasks\At33.job moved successfully.
C:\WINDOWS\Tasks\At34.job moved successfully.
C:\WINDOWS\Tasks\At35.job moved successfully.
C:\WINDOWS\Tasks\At36.job moved successfully.
C:\WINDOWS\Tasks\At37.job moved successfully.
C:\WINDOWS\Tasks\At38.job moved successfully.
C:\WINDOWS\Tasks\At39.job moved successfully.
C:\WINDOWS\Tasks\At4.job moved successfully.
C:\WINDOWS\Tasks\At40.job moved successfully.
C:\WINDOWS\Tasks\At41.job moved successfully.
C:\WINDOWS\Tasks\At42.job moved successfully.
C:\WINDOWS\Tasks\At43.job moved successfully.
C:\WINDOWS\Tasks\At44.job moved successfully.
C:\WINDOWS\Tasks\At45.job moved successfully.
C:\WINDOWS\Tasks\At46.job moved successfully.
C:\WINDOWS\Tasks\At47.job moved successfully.
C:\WINDOWS\Tasks\At48.job moved successfully.
C:\WINDOWS\Tasks\At5.job moved successfully.
C:\WINDOWS\Tasks\At6.job moved successfully.
C:\WINDOWS\Tasks\At7.job moved successfully.
C:\WINDOWS\Tasks\At8.job moved successfully.
C:\WINDOWS\Tasks\At9.job moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: J-ROD
->Temp folder emptied: 423918799 bytes
->Temporary Internet Files folder emptied: 4961625 bytes
->Java cache emptied: 7140 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 241359689 bytes
->Flash cache emptied: 64423 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4522654 bytes
->Flash cache emptied: 74689 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 92321746 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 79878 bytes

Total Files Cleaned = 732.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: J-ROD
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.17.3 log created on 01042011_211727

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\mcafee_ZmRYenbLMggbq4j not found!
File\Folder C:\WINDOWS\temp\mcmsc_fWXMRneThXA8Z64 not found!
File\Folder C:\WINDOWS\temp\mcmsc_JeV240gW7M3LOYc not found!
File\Folder C:\WINDOWS\temp\mcmsc_KbidXRz23x0tWhV not found!
File\Folder C:\WINDOWS\temp\sqlite_ltBFQf2eL0Q2PPD not found!

Registry entries deleted on Reboot...















Here is combofix log...


ComboFix 11-01-04.02 - J-ROD 01/04/2011 22:06:42.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2558.2110 [GMT -6:00]
Running from: c:\documents and settings\J-ROD\Desktop\ComboFix.exe
AV: McAfee VirusScan *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\J-ROD\Application Data\Microsoft\conhost .exe
C:\Microsoft
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\Common Files\SupportSoft\bin\bcont.exe
c:\program files\Messenger\msmsgs.exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
c:\windows\Fonts\8ukvo.com
c:\windows\system32\certstore.dat
c:\windows\system32\sshnas21.dll

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_MDTDISK
-------\Legacy_SSHNAS
-------\Service_6to4
-------\Service_SSHNAS


((((((((((((((((((((((((( Files Created from 2010-12-05 to 2011-01-05 )))))))))))))))))))))))))))))))
.

2010-12-28 20:19 . 2010-12-28 20:19 138752 ----a-w- c:\program files\Windows NT\dwm.exe
2010-12-28 20:19 . 2010-12-28 20:49 39944 ----a-w- c:\program files\Internet Explorer\conhost.exe
2010-12-28 20:19 . 2010-12-28 20:19 125440 ----a-w- c:\program files\Internet Explorer\conhost .exe
2010-12-20 18:46 . 2010-12-20 18:46 -------- d-----w- c:\windows\system32\%APPDATA%
2010-12-07 18:57 . 2010-12-07 18:57 -------- d-sh--w- c:\documents and settings\J-ROD\IECompatCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

<pre>
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\ATI Technologies\ATI Control Panel\atiptaxx .exe
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm                        .exe
c:\program files\Common Files\Microsoft Shared\DW\dwtrig20 .exe
c:\program files\Common Files\SupportSoft\bin\bcont .exe
c:\program files\HP USB Multimedia Keyboard\KMaestro .exe
c:\program files\Intel\Modem Event Monitor\IntelMEM .exe
c:\program files\Internet Explorer\conhost .exe
c:\program files\Java\jre6\bin\jusched .exe
c:\program files\McAfee\MSK\MskAgent .exe
c:\program files\Messenger\msmsgs .exe
c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr .exe
c:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext .exe
c:\program files\QuickTime\qttask                                                                                                                                                                                      .exe
c:\program files\SBC Self Support Tool\SmartBridge\MotiveSB .exe
c:\program files\SUPERAntiSpyware\SUPERAntiSpyware .exe
c:\program files\Yahoo!\browser\ybrwicon .exe
c:\windows\ehome\ehtray .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [N/A]
"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [N/A]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe -startup" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2010-12-03 42500]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2010-12-03 42500]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2010-12-03 42500]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2010-12-03 42500]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2010-12-03 42500]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2010-12-03 42500]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"MskAgentexe"="c:\program files\McAfee\MSK\MskAgent.exe" [2010-12-03 42500]
"BtcMaestro"="c:\program files\HP USB Multimedia Keyboard\KMaestro.exe" [2010-12-03 42500]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-12-03 42500]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-12-03 42500]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" [2010-12-03 42500]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-12-03 42500]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-03 42500]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 53760]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10b.exe" [2009-02-03 240544]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
vuapaw.exe [2010-12-3 162384]

c:\documents and settings\J-ROD\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
zesy.exe [2010-12-3 162384]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]
backup=c:\windows\pss\SBC Self Support Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^J-ROD^Start Menu^Programs^Startup^Memeo AutoBackup Launcher.lnk]
path=c:\documents and settings\J-ROD\Start Menu\Programs\Startup\Memeo AutoBackup Launcher.lnk
backup=c:\windows\pss\Memeo AutoBackup Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2007-03-01 05:06 2321600 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced Virus Remover]
c:\program files\AdvancedVirusRemover\PAVRM.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2005-08-31 17:06 106496 ----a-w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 16:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlccmon.exe]
2005-07-22 13:03 425984 ----a-w- c:\program files\Dell Photo AIO Printer 924\dlccmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 22:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-03-30 15:36 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\personalguard]
c:\program files\Personal Guard 2009\personalguard.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-01-30 19:24 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
c:\program files\uTorrent\uTorrent.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Best Buy Rhapsody\\rhapsody.exe"=
"c:\\Documents and Settings\\J-ROD\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25273:TCP"= 25273:TCP:BitComet 25273 TCP
"25273:UDP"= 25273:UDP:BitComet 25273 UDP

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 11:42 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 74480]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/29/2008 11:43 AM 93320]
S3 29641666-7965-406a-b216-5accf225623f;29641666-7965-406a-b216-5accf225623f;\??\d:\cds300\cds300.dll --> d:\cds300\cds300.dll [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]

2010-12-25 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-20 18:32]

2010-08-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-20 18:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -

AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-04 22:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,22,3d,18,af,2c,c2,8d,4b,9f,f9,26,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,22,3d,18,af,2c,c2,8d,4b,9f,f9,26,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1140)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(796)
c:\windows\system32\WININET.dll
c:\progra~1\SBCSEL~1\SMARTB~1\SBHook.dll
c:\program files\McAfee\MSK\mskoeplg.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\McAfee\HackerWatch\HWAPI.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\progra~1\McAfee\VIRUSS~1\mcods.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MPFSrv.exe
c:\progra~1\McAfee\MPS\mps.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\ehome\mcrdsvc.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\McAfee\MPS\mpsevh.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\program files\SpywareGuard\sgbhp.exe
c:\windows\ehome\ehtray .exe
c:\program files\Intel\Modem Event Monitor\IntelMEM .exe
c:\windows\eHome\ehmsas.exe
c:\progra~1\Yahoo!\browser\ybrwicon .exe
c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB .exe
c:\program files\McAfee\MSK\MskAgent .exe
c:\program files\HP USB Multimedia Keyboard\KMaestro .exe
c:\progra~1\Yahoo!\browser\ycommon.exe
c:\program files\Java\jre6\bin\jusched .exe
c:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext .exe
c:\progra~1\mcafee\msc\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2011-01-04 22:24:35 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-05 04:24

Pre-Run: 31,870,976 bytes free
Post-Run: 655,486,976 bytes free

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 2A6CC2141E14248A3E7210A752DE0FB4

[Salagubang]

Hi jrdriv,


Step One

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Killall::

File::
c:\documents and settings\Administrator\Start Menu\Programs\Startup\vuapaw.exe
c:\documents and settings\Default User\Start Menu\Programs\Startup\zesy.exe
c:\program files\Personal Guard 2009\personalguard.exe
c:\program files\AdvancedVirusRemover\PAVRM.exe

Folder::

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced Virus Remover]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\personalguard]

Driver::

RenV::
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\ATI Technologies\ATI Control Panel\atiptaxx .exe
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\Common Files\Microsoft Shared\DW\dwtrig20 .exe
c:\program files\Common Files\SupportSoft\bin\bcont .exe
c:\program files\HP USB Multimedia Keyboard\KMaestro .exe
c:\program files\Intel\Modem Event Monitor\IntelMEM .exe
c:\program files\Internet Explorer\conhost .exe
c:\program files\Java\jre6\bin\jusched .exe
c:\program files\McAfee\MSK\MskAgent .exe
c:\program files\Messenger\msmsgs .exe
c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr .exe
c:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext .exe
c:\program files\QuickTime\qttask .exe
c:\program files\SBC Self Support Tool\SmartBridge\MotiveSB .exe
c:\program files\SUPERAntiSpyware\SUPERAntiSpyware .exe
c:\program files\Yahoo!\browser\ybrwicon .exe
c:\windows\ehome\ehtray .exe

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Step Two

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If a Malicious file is detected, the default action will be Cure, click on Continue
• If a Suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step Three

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Step Four

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

• Save it to your desktop.
• Reboot your computer into SafeMode.
  

  You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
  Use your up arrow key to highlight SafeMode then hit enter.

• Double click the setup file to run it.
• Click Next to continue.
• Accept the Licence agreement and click on next
• It will by default install it to your desktop folder.Click Next.
• It will then open a box There will be a tab that says Automatic scan.
• Under Automatic scan make sure these are checked.

• Hidden Startup Objects
• System Memory
• Disk Boot Sectors.
• My Computer.
• Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.

• Then click on Scan at the to right hand Corner.
• It will automatically Neutralize any objects found.
• If some objects are left un-neutralized then click the button that says Neutralize all
• If it says it cannot be Neutralized then chooose The delete option when prompted.
• After that is done click on the reports button at the bottom and save it to file name it Kas.
• Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
  
  

  Note: This tool will self uninstall when you close it so please save the log before closing it.

[jrdriv]

Hello,

I followed instructions and here are the logs in order...



ComboFix 11-01-04.02 - J-ROD 01/05/2011 20:54:22.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2558.2151 [GMT -6:00]
Running from: c:\documents and settings\J-ROD\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\J-ROD\Desktop\CFScript.txt
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

FILE ::
"c:\documents and settings\Administrator\Start Menu\Programs\Startup\vuapaw.exe"
"c:\documents and settings\Default User\Start Menu\Programs\Startup\zesy.exe"
"c:\program files\AdvancedVirusRemover\PAVRM.exe"
"c:\program files\Personal Guard 2009\personalguard.exe"
.

((((((((((((((((((((((((( Files Created from 2010-12-06 to 2011-01-06 )))))))))))))))))))))))))))))))
.

2011-01-06 02:37 . 2011-01-06 02:37 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2011-01-05 06:41 . 2011-01-05 06:41 -------- d--h--w- c:\windows\PIF
2011-01-05 06:02 . 2011-01-05 06:02 -------- d-----w- C:\$AVG
2011-01-05 05:58 . 2011-01-05 05:58 -------- d-----w- c:\documents and settings\J-ROD\Application Data\AVG10
2011-01-05 05:57 . 2011-01-05 05:57 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-01-05 05:28 . 2011-01-05 05:54 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-12-20 18:46 . 2010-12-20 18:46 -------- d-----w- c:\windows\system32\%APPDATA%
2010-12-07 18:57 . 2010-12-07 18:57 -------- d-sh--w- c:\documents and settings\J-ROD\IECompatCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

<pre>
c:\program files\Common Files\InstallShield\UpdateService\isuspm                        .exe
c:\program files\QuickTime\qttask                                                                                                                                                                                      .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 53760]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10b.exe" [2009-02-03 240544]

c:\documents and settings\J-ROD\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]
backup=c:\windows\pss\SBC Self Support Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^J-ROD^Start Menu^Programs^Startup^Memeo AutoBackup Launcher.lnk]
path=c:\documents and settings\J-ROD\Start Menu\Programs\Startup\Memeo AutoBackup Launcher.lnk
backup=c:\windows\pss\Memeo AutoBackup Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2007-03-01 05:06 2321600 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2005-08-31 17:06 106496 ----a-w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 16:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlccmon.exe]
2005-07-22 13:03 425984 ----a-w- c:\program files\Dell Photo AIO Printer 924\dlccmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 22:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-03-30 15:36 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-01-30 19:24 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
c:\program files\uTorrent\uTorrent.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Best Buy Rhapsody\\rhapsody.exe"=
"c:\\Documents and Settings\\J-ROD\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25273:TCP"= 25273:TCP:BitComet 25273 TCP
"25273:UDP"= 25273:UDP:BitComet 25273 UDP

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 11:42 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 74480]
S3 29641666-7965-406a-b216-5accf225623f;29641666-7965-406a-b216-5accf225623f;\??\d:\cds300\cds300.dll --> d:\cds300\cds300.dll [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

AddRemove-6194C28A8F62DD817EA1B918E6E46E806A21B452 - c:\progra~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe
AddRemove-65B6FE5418CE28F4D72543FB2D964C3CEC83F161 - c:\progra~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-05 21:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,22,3d,18,af,2c,c2,8d,4b,9f,f9,26,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,22,3d,18,af,2c,c2,8d,4b,9f,f9,26,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2932)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\ehome\mcrdsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\dllhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\stsystra.exe
c:\program files\SpywareGuard\sgbhp.exe
.
**************************************************************************
.
Completion time: 2011-01-05 21:08:58 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-06 03:08
ComboFix2.txt 2011-01-05 04:24

Pre-Run: 43,614,048,256 bytes free
Post-Run: 43,792,101,376 bytes free

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - F4EE38FDDC45F458ED69A5D8FCB2E434
____________________________________________________________________________________________________




2011/01/05 23:43:13.0578 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2011/01/05 23:43:13.0578 ================================================================================
2011/01/05 23:43:13.0578 SystemInfo:
2011/01/05 23:43:13.0578
2011/01/05 23:43:13.0578 OS Version: 5.1.2600 ServicePack: 2.0
2011/01/05 23:43:13.0578 Product type: Workstation
2011/01/05 23:43:13.0578 ComputerName: RIVERA
2011/01/05 23:43:13.0578 UserName: J-ROD
2011/01/05 23:43:13.0578 Windows directory: C:\WINDOWS
2011/01/05 23:43:13.0578 System windows directory: C:\WINDOWS
2011/01/05 23:43:13.0578 Processor architecture: Intel x86
2011/01/05 23:43:13.0578 Number of processors: 2
2011/01/05 23:43:13.0578 Page size: 0x1000
2011/01/05 23:43:13.0578 Boot type: Normal boot
2011/01/05 23:43:13.0578 ================================================================================
2011/01/05 23:43:14.0203 Initialize success
2011/01/05 23:43:21.0843 ================================================================================
2011/01/05 23:43:21.0843 Scan started
2011/01/05 23:43:21.0843 Mode: Manual;
2011/01/05 23:43:21.0843 ================================================================================
2011/01/05 23:43:22.0218 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/01/05 23:43:22.0265 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/05 23:43:22.0296 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/01/05 23:43:22.0328 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/01/05 23:43:22.0375 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/01/05 23:43:22.0484 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/01/05 23:43:22.0531 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/01/05 23:43:22.0546 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/01/05 23:43:22.0562 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/01/05 23:43:22.0593 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/01/05 23:43:22.0687 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/01/05 23:43:22.0718 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/01/05 23:43:22.0734 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/01/05 23:43:22.0765 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/01/05 23:43:22.0781 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/01/05 23:43:22.0812 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/01/05 23:43:22.0875 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/01/05 23:43:22.0953 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/01/05 23:43:22.0984 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2011/01/05 23:43:23.0062 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/05 23:43:23.0093 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/05 23:43:23.0156 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/01/05 23:43:23.0281 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/05 23:43:23.0328 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/05 23:43:23.0343 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/05 23:43:23.0406 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/01/05 23:43:23.0421 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/05 23:43:23.0453 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/01/05 23:43:23.0468 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/05 23:43:23.0500 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/05 23:43:23.0515 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/05 23:43:23.0656 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/01/05 23:43:23.0687 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/01/05 23:43:23.0718 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/01/05 23:43:23.0750 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/01/05 23:43:23.0781 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/05 23:43:23.0859 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/05 23:43:23.0937 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/05 23:43:23.0953 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/05 23:43:23.0984 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/05 23:43:24.0031 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/01/05 23:43:24.0062 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/05 23:43:24.0093 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/01/05 23:43:24.0109 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/01/05 23:43:24.0203 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/01/05 23:43:24.0296 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/01/05 23:43:24.0359 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/01/05 23:43:24.0437 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/05 23:43:24.0468 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/01/05 23:43:24.0500 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/05 23:43:24.0546 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/01/05 23:43:24.0625 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/01/05 23:43:24.0687 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/05 23:43:24.0734 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/05 23:43:24.0765 GEARAspiWDM (5dc17164f66380cbfefd895c18467773) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/01/05 23:43:24.0781 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/05 23:43:24.0828 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/01/05 23:43:24.0953 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/05 23:43:25.0000 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/01/05 23:43:25.0046 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/05 23:43:25.0109 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/01/05 23:43:25.0140 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/01/05 23:43:25.0156 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/05 23:43:25.0234 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/01/05 23:43:25.0328 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/05 23:43:25.0390 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/01/05 23:43:25.0453 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
2011/01/05 23:43:25.0484 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
2011/01/05 23:43:25.0515 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
2011/01/05 23:43:25.0625 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/01/05 23:43:25.0703 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/01/05 23:43:25.0734 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/01/05 23:43:25.0765 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/05 23:43:25.0796 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/05 23:43:25.0843 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/05 23:43:25.0906 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/05 23:43:25.0984 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/05 23:43:26.0015 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/05 23:43:26.0031 iviVD (7bd8ff29fecc1f4ef5b26ce3ffa80ae8) C:\WINDOWS\system32\DRIVERS\iviVD.sys
2011/01/05 23:43:26.0062 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/05 23:43:26.0125 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/01/05 23:43:26.0156 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/05 23:43:26.0265 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/05 23:43:26.0328 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys
2011/01/05 23:43:26.0375 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/01/05 23:43:26.0421 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/05 23:43:26.0453 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/05 23:43:26.0468 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/01/05 23:43:26.0546 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
2011/01/05 23:43:26.0562 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/05 23:43:26.0625 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/05 23:43:26.0687 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/05 23:43:26.0734 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/01/05 23:43:26.0765 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/05 23:43:26.0796 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/05 23:43:26.0906 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/05 23:43:26.0921 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/05 23:43:27.0000 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/05 23:43:27.0000 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/05 23:43:27.0046 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/05 23:43:27.0046 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/05 23:43:27.0062 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/05 23:43:27.0078 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/05 23:43:27.0093 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/05 23:43:27.0109 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/05 23:43:27.0125 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/05 23:43:27.0140 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/05 23:43:27.0156 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/05 23:43:27.0296 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/05 23:43:27.0359 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/05 23:43:27.0390 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/05 23:43:27.0484 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/01/05 23:43:27.0593 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/05 23:43:27.0609 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/05 23:43:27.0640 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/01/05 23:43:27.0687 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/05 23:43:27.0750 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/05 23:43:27.0765 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/05 23:43:27.0796 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/05 23:43:27.0812 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/01/05 23:43:27.0968 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/01/05 23:43:27.0984 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/01/05 23:43:28.0031 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/05 23:43:28.0046 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/05 23:43:28.0062 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/05 23:43:28.0078 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/01/05 23:43:28.0125 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/01/05 23:43:28.0140 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/01/05 23:43:28.0234 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/01/05 23:43:28.0234 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/01/05 23:43:28.0265 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/01/05 23:43:28.0296 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/05 23:43:28.0375 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/05 23:43:28.0390 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/05 23:43:28.0406 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/05 23:43:28.0453 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/05 23:43:28.0531 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/05 23:43:28.0546 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/01/05 23:43:28.0593 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/05 23:43:28.0640 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/05 23:43:28.0734 RimVSerPort (32d6ab810537ce38cbffe04ed9f6709a) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/01/05 23:43:28.0765 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/01/05 23:43:28.0843 SASDIFSV (5bf35c4ea3f00fa8d3f1e5bf03d24584) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/01/05 23:43:28.0875 SASENUM (a22f08c98ac2f44587bf3a1fb52bf8cd) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2011/01/05 23:43:28.0890 SASKUTIL (c7d81c10d3befeee41f3408714637438) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2011/01/05 23:43:28.0984 sdcplh (b7ea2f12416693d2d9bffaaa5eff7037) C:\WINDOWS\system32\drivers\sdcplh.sys
2011/01/05 23:43:29.0078 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/05 23:43:29.0093 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/01/05 23:43:29.0109 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/01/05 23:43:29.0156 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/05 23:43:29.0218 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/01/05 23:43:29.0234 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/01/05 23:43:29.0312 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/05 23:43:29.0390 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/05 23:43:29.0421 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/05 23:43:29.0437 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/01/05 23:43:29.0484 sscdbus (92b69020fc480219683d429dca068d71) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
2011/01/05 23:43:29.0531 sscdmdfl (77a2869d40cc84af711c321f9b0c7a78) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
2011/01/05 23:43:29.0609 sscdmdm (b4255635195a8413fcde7af5b7c4e382) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
2011/01/05 23:43:29.0656 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/01/05 23:43:29.0718 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
2011/01/05 23:43:29.0781 STHDA (352b663a81402be7cd7bd4ea27c9998c) C:\WINDOWS\system32\drivers\sthda.sys
2011/01/05 23:43:29.0796 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/05 23:43:29.0828 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/05 23:43:29.0875 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/01/05 23:43:29.0953 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/01/05 23:43:29.0984 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/01/05 23:43:29.0984 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/01/05 23:43:30.0031 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/05 23:43:30.0078 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/05 23:43:30.0125 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/05 23:43:30.0171 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/05 23:43:30.0203 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/05 23:43:30.0265 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/01/05 23:43:30.0281 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/01/05 23:43:30.0281 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/01/05 23:43:30.0296 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
2011/01/05 23:43:30.0312 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/01/05 23:43:30.0328 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/01/05 23:43:30.0343 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/01/05 23:43:30.0359 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/01/05 23:43:30.0375 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/01/05 23:43:30.0421 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/01/05 23:43:30.0453 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/05 23:43:30.0484 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/01/05 23:43:30.0562 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/05 23:43:30.0671 USBAAPL (f340199e8cb097e1acd58a967c665919) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/01/05 23:43:30.0734 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/01/05 23:43:30.0765 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/05 23:43:30.0828 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/05 23:43:30.0890 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/05 23:43:30.0953 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/01/05 23:43:30.0984 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/01/05 23:43:31.0062 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/05 23:43:31.0093 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/01/05 23:43:31.0109 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/01/05 23:43:31.0171 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/01/05 23:43:31.0187 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/01/05 23:43:31.0234 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/05 23:43:31.0265 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/05 23:43:31.0312 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/01/05 23:43:31.0359 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/05 23:43:31.0484 WpdUsb (bbaeaca1ffa3c86361cf0998474f6c3a) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/01/05 23:43:31.0515 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/01/05 23:43:31.0578 ================================================================================
2011/01/05 23:43:31.0578 Scan finished
2011/01/05 23:43:31.0578 ================================================================================
2011/01/05 23:47:10.0343 Deinitialize success


_________________________________________________________________________________________________-















Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5184

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

1/5/2011 11:58:35 PM
mbam-log-2011-01-05 (23-58-35).txt

Scan type: Quick scan
Objects scanned: 157105
Time elapsed: 5 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)









__________________________________________________________________________________-














Autoscan: completed 18 hours ago (events: 436, objects: 209625, time: 23:08:28)
1/6/2011 12:14:05 AM Task started
1/6/2011 12:24:49 AM Detected: HEUR:Exploit.Script.Generic C:\Documents and Settings\J-ROD\.housecall6.6\Quarantine\xandrop[1].htm.bac_a03448/CryptFF.b
1/6/2011 12:24:49 AM Detected: HEUR:Exploit.Script.Generic C:\Documents and Settings\J-ROD\.housecall6.6\Quarantine\xandrop[1].bac_a03448/CryptFF.b/CryptFF
1/6/2011 12:56:23 AM Detected: Trojan-Downloader.WMA.Wimad.x C:\Documents and Settings\J-ROD\Shared\dios puede salvar.wma
1/6/2011 6:40:53 PM Detected: Trojan-Downloader.WMA.Wimad.x C:\Documents and Settings\J-ROD\Shared\mighty to save-spanish.wma
1/6/2011 6:40:56 PM Deleted: Trojan-Downloader.WMA.Wimad.x C:\Documents and Settings\J-ROD\Shared\dios puede salvar.wma
1/6/2011 6:41:00 PM Detected: Trojan-Downloader.WMA.GetCodec.ah C:\Documents and Settings\J-ROD\Shared\neyo take it back.mpg
1/6/2011 6:41:03 PM Detected: Trojan-Downloader.WMA.Wimad.x C:\Documents and Settings\J-ROD\Shared\paramore careful.wma
1/6/2011 6:41:06 PM Disinfected: Trojan-Downloader.WMA.GetCodec.ah C:\Documents and Settings\J-ROD\Shared\neyo take it back.mpg
1/6/2011 6:41:06 PM Disinfected: Trojan-Downloader.WMA.GetCodec.ah C:\Documents and Settings\J-ROD\Shared\neyo take it back.mpg
1/6/2011 6:41:16 PM Detected: Trojan-Downloader.WMA.Wimad.x C:\Documents and Settings\J-ROD\Shared\yo quisera amarla.wma
1/6/2011 6:41:22 PM Deleted: Trojan-Downloader.WMA.Wimad.x C:\Documents and Settings\J-ROD\Shared\mighty to save-spanish.wma
1/6/2011 6:42:02 PM Deleted: Trojan-Downloader.WMA.Wimad.x C:\Documents and Settings\J-ROD\Shared\paramore careful.wma
1/6/2011 6:43:23 PM Deleted: Trojan-Downloader.WMA.Wimad.x C:\Documents and Settings\J-ROD\Shared\yo quisera amarla.wma
1/6/2011 7:24:24 PM Detected: Rootkit.Win32.TDSS.mbr C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
1/6/2011 7:24:24 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 7:24:24 PM Detected: Trojan-Downloader.Win32.FraudLoad.yclc C:\Qoobox\Quarantine\C\Documents and Settings\J-ROD\Application Data\Microsoft\conhost .exe.vir
1/6/2011 10:48:43 PM Untreated: Rootkit.Win32.TDSS.mbr C:\Qoobox\Quarantine\MBR_HardDisk0.mbr Cannot be disinfected
1/6/2011 10:48:47 PM Deleted: Rootkit.Win32.TDSS.mbr C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
1/6/2011 10:48:48 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:48:49 PM Deleted: Trojan-Downloader.Win32.FraudLoad.yclc C:\Qoobox\Quarantine\C\Documents and Settings\J-ROD\Application Data\Microsoft\conhost .exe.vir
1/6/2011 10:48:50 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:48:51 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:48:52 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:48:55 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:48:55 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:48:55 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:48:55 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:48:55 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:48:56 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:49:03 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:49:03 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:49:03 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:49:03 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:49:07 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:49:07 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:49:07 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:49:08 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:49:12 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:49:12 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:49:12 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:49:12 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:49:15 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:49:15 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:49:15 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:49:15 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:49:21 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:49:21 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:49:21 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:49:21 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:49:24 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:49:24 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:49:24 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:49:24 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:49:31 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:49:31 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:49:31 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:49:31 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:49:31 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:49:31 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:49:36 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:49:36 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:49:36 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:49:36 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\SupportSoft\bin\bcont.exe.vir
1/6/2011 10:49:38 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:49:39 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Messenger\msmsgs.exe.vir
1/6/2011 10:49:39 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe.vir
1/6/2011 10:49:39 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:49:39 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Common Files\SupportSoft\bin\bcont.exe.vir
1/6/2011 10:49:39 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:49:44 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:49:44 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:49:44 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\Messenger\msmsgs.exe.vir
1/6/2011 10:49:45 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:49:45 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:49:45 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:49:48 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:49:48 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:49:48 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:49:48 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:49:48 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:49:48 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:49:54 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:49:54 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:49:54 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:49:54 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:49:54 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:49:54 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:49:57 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:49:58 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:49:58 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:49:58 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:49:58 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:49:58 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:50:00 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:50:02 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:54:34 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:54:34 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:54:38 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:54:38 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:54:38 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:54:38 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:54:38 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:54:38 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:54:45 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:54:46 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:54:46 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:54:47 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:54:47 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:54:47 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:54:51 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:54:51 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:54:51 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:54:51 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:54:51 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:54:51 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:54:55 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:54:55 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:54:56 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:54:56 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:54:56 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:54:56 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:54:58 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:54:59 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:02 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:02 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:02 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:02 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:02 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:02 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:06 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:07 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:07 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:07 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:09 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:09 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:09 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:09 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:17 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:17 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:17 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:18 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:18 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:18 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:21 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:21 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:21 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:21 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:22 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:22 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:23 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:24 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:25 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:26 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:27 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:27 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:32 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:32 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:32 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:32 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:32 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:32 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:32 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:32 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:33 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:33 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:33 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:33 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:33 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:33 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:33 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:33 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:33 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:34 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:34 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:34 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:34 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:34 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:35 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:35 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:35 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:36 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:37 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:37 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:37 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:37 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:37 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:37 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:37 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:38 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:38 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:38 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:38 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:38 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:42 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:43 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:44 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:44 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:44 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:45 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:45 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:46 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:46 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:47 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:47 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:48 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:48 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:49 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:49 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:49 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:49 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:49 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:50 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:50 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:50 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:50 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:50 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:50 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:50 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:50 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:50 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:50 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:50 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:51 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:51 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:51 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:51 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:51 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:51 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:51 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:51 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:52 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:52 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:52 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:52 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:54 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:54 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:54 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:54 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:54 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:54 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:54 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:54 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:54 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:54 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:54 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:55 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:55 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:55 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:55 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:55 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:55 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:55 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:55 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:56 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:56 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:56 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:56 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:57 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:58 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:58 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:59 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:55:59 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:00 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:00 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:00 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:00 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:00 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:00 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:00 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:00 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:00 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:01 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:01 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:01 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:01 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:01 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:01 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:01 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:01 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:01 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:02 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:02 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:02 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:02 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:03 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:03 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:04 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:04 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:04 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:04 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:04 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:04 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:04 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:05 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:05 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:05 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:05 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:05 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:05 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:05 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:05 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:05 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:06 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:06 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:06 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:06 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:06 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:07 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:07 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:07 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:08 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:09 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:09 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:09 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:10 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:10 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:11 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:11 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:11 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:11 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:12 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:12 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:12 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:12 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:12 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:12 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:12 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:12 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:12 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:12 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:12 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:12 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:13 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:13 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:13 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:13 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:13 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:13 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:13 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:14 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:14 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:14 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:14 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:15 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:16 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:16 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:16 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:16 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:16 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:17 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:17 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:17 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:17 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:17 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:17 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:17 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:17 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:17 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:17 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:17 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:18 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:18 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:18 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:18 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:18 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:18 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:18 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:18 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:19 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:19 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:19 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:20 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:20 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:20 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:21 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:21 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:21 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:21 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:21 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:21 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:21 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:21 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:21 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:21 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:21 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:22 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:22 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:22 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:22 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:22 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:22 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:22 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:23 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:23 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:23 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:23 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:24 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:25 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:25 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:25 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:25 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:25 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:25 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:25 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:25 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:25 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:25 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:25 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:26 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:26 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:26 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:26 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:26 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:26 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:26 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:27 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:27 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:27 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:27 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:28 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:28 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:28 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:29 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:30 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:30 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:31 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:31 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:31 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe.vir
1/6/2011 10:56:32 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir
1/6/2011 10:56:32 PM Detected: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\WINDOWS\Fonts\8ukvo.com.vir
1/6/2011 10:56:32 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe.vir
1/6/2011 10:56:33 PM Detected: Trojan-Downloader.Win32.CodecPack.acfg C:\Qoobox\Quarantine\C\WINDOWS\system32\sshnas21.dll.vir
1/6/2011 10:56:33 PM Deleted: Trojan.Win32.Powp.gen C:\Qoobox\Quarantine\C\WINDOWS\Fonts\8ukvo.com.vir
1/6/2011 10:56:35 PM Deleted: Trojan-Downloader.Win32.CodecPack.acfg C:\Qoobox\Quarantine\C\WINDOWS\system32\sshnas21.dll.vir
1/6/2011 11:22:33 PM Task completed

[Salagubang]

Hi jrdriv,

Bad weather here, sorry for the delay. How is the computer running?

=====================================

Some reminders:

I see that you use torrent stuff into your computer.

Malware - P2P is one of the most common way to geting infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using P2P programs to download warez/cracks. These are not only illegal, but will always contain some form of malware.


======================================


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::RenV::c:\program files\Common Files\InstallShield\UpdateService\isuspm                        .exec:\program files\QuickTime\qttask                                                                                                                                                                                      .exeFile::Folder::Registry::Driver::

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

[jrdriv]

Hello Salagubang,

My computer is running great! I have now uninstalled the P2P programs, and will no longer use.
Thanks for all your help. Here is the log...



ComboFix 11-01-10.04 - J-ROD 01/10/2011 19:26:08.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2558.2090 [GMT -6:00]
Running from: c:\documents and settings\J-ROD\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\J-ROD\Desktop\CFScript.txt
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((( Files Created from 2010-12-11 to 2011-01-11 )))))))))))))))))))))))))))))))
.

2011-01-06 02:37 . 2011-01-06 02:37 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2011-01-05 06:41 . 2011-01-05 06:41 -------- d--h--w- c:\windows\PIF
2011-01-05 06:02 . 2011-01-05 06:02 -------- d-----w- C:\$AVG
2011-01-05 05:58 . 2011-01-05 05:58 -------- d-----w- c:\documents and settings\J-ROD\Application Data\AVG10
2011-01-05 05:57 . 2011-01-05 05:57 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-01-05 05:28 . 2011-01-05 05:54 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-12-20 18:46 . 2010-12-20 18:46 -------- d-----w- c:\windows\system32\%APPDATA%

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 53760]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10b.exe" [2009-02-03 240544]

c:\documents and settings\J-ROD\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]
backup=c:\windows\pss\SBC Self Support Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^J-ROD^Start Menu^Programs^Startup^Memeo AutoBackup Launcher.lnk]
path=c:\documents and settings\J-ROD\Start Menu\Programs\Startup\Memeo AutoBackup Launcher.lnk
backup=c:\windows\pss\Memeo AutoBackup Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2007-03-01 05:06 2321600 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2005-08-31 17:06 106496 ----a-w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 16:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlccmon.exe]
2005-07-22 13:03 425984 ----a-w- c:\program files\Dell Photo AIO Printer 924\dlccmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 22:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-03-30 15:36 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-01-30 19:24 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Best Buy Rhapsody\\rhapsody.exe"=
"c:\\Documents and Settings\\J-ROD\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25273:TCP"= 25273:TCP:BitComet 25273 TCP
"25273:UDP"= 25273:UDP:BitComet 25273 UDP

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 11:42 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 74480]
S3 29641666-7965-406a-b216-5accf225623f;29641666-7965-406a-b216-5accf225623f;\??\d:\cds300\cds300.dll --> d:\cds300\cds300.dll [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2011-01-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-uTorrent - c:\program files\uTorrent\uTorrent.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-10 19:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,22,3d,18,af,2c,c2,8d,4b,9f,f9,26,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,22,3d,18,af,2c,c2,8d,4b,9f,f9,26,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(672)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1084)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\stsystra.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\SpywareGuard\sgbhp.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2011-01-10 19:39:08 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-11 01:39
ComboFix2.txt 2011-01-06 03:08
ComboFix3.txt 2011-01-05 04:24

Pre-Run: 43,751,354,368 bytes free
Post-Run: 43,733,417,984 bytes free

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 9DC86D8C95DC66CE8A56AD7C6FA2880C

[Salagubang]

Hi jrdriv,

Lets sweep for leftovers.


Step One

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Step Two

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

• Save it to your desktop.
• Reboot your computer into SafeMode.
  

  You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
  Use your up arrow key to highlight SafeMode then hit enter.

• Double click the setup file to run it.
• Click Next to continue.
• Accept the Licence agreement and click on next
• It will by default install it to your desktop folder.Click Next.
• It will then open a box There will be a tab that says Automatic scan.
• Under Automatic scan make sure these are checked.

• Hidden Startup Objects
• System Memory
• Disk Boot Sectors.
• My Computer.
• Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.

• Then click on Scan at the to right hand Corner.
• It will automatically Neutralize any objects found.
• If some objects are left un-neutralized then click the button that says Neutralize all
• If it says it cannot be Neutralized then chooose The delete option when prompted.
• After that is done click on the reports button at the bottom and save it to file name it Kas.
• Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
  
  

  Note: This tool will self uninstall when you close it so please save the log before closing it.