[realapp]

I have ran superantispyware and spybot on it and it got rid of a bunch of stuff, but not sure if there is still more on there.

This is the kid's computer. I'm not sure if I need to install realtime dectection or not because they seem to keep getting infected with something, not sure what.

Would just like someone else's opinion


Here is the OTL

OTL logfile created on: 1/19/2011 4:07:08 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Matt M\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 289.00 Mb Available Physical Memory | 28.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.94 Gb Total Space | 47.76 Gb Free Space | 67.32% Space Free | Partition Type: NTFS
Drive D: | 447.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive Z: | 37.24 Gb Total Space | 12.29 Gb Free Space | 33.01% Space Free | Partition Type: NTFS

Computer Name: MATT | User Name: Matt M | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/19 16:04:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt M\Desktop\OTL.exe
PRC - [2010/08/02 13:13:02 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2009/11/22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
PRC - [2009/11/22 15:42:50 | 001,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/10/14 07:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2009/10/14 07:30:06 | 000,730,480 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/06/16 13:36:22 | 003,272,704 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
PRC - [2009/06/04 14:49:18 | 000,278,528 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
PRC - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/06/12 14:32:26 | 000,700,416 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
PRC - [2006/01/19 10:06:18 | 000,102,400 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
PRC - [2006/01/19 10:06:16 | 000,416,768 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
PRC - [2005/04/11 08:17:00 | 000,622,592 | ---- | M] (a la mode, inc.) -- C:\WIN2000\Guru.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
PRC - [2003/07/23 07:21:22 | 002,695,168 | ---- | M] (D-Link) -- C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
PRC - [2002/03/19 11:15:46 | 000,036,864 | ---- | M] (D-Link) -- C:\Program Files\WZCBDL Service\WZCBDLS.exe
PRC - [2001/08/09 02:01:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
PRC - [2000/12/10 12:37:56 | 000,212,992 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\EBRR.exe
PRC - [2000/05/16 01:00:00 | 000,060,416 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\SYSTEM32\E_S00RP2.EXE
PRC - [2000/03/13 22:29:28 | 000,213,504 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgentNT.exe


========== Modules (SafeList) ==========

MOD - [2011/01/19 16:04:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt M\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/10/14 07:30:36 | 000,628,080 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/12 01:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2009/11/22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/10/14 07:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/04 14:49:18 | 000,278,528 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/12/01 10:59:52 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2003/03/03 12:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2002/03/19 11:15:46 | 000,036,864 | ---- | M] (D-Link) [Auto | Running] -- C:\Program Files\WZCBDL Service\WZCBDLS.exe -- (WZCBDLService)
SRV - [2001/08/09 02:01:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)
SRV - [2000/05/16 01:00:00 | 000,060,416 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\WINDOWS\SYSTEM32\E_S00RP2.EXE -- (EPSON_PM_RPCV2_02) EPSON V3 Service2(02)
SRV - [2000/03/13 22:29:28 | 000,213,504 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgentNT.exe -- (StatusAgent)


========== Driver Services (SafeList) ==========

DRV - [2010/08/02 13:13:02 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/08/02 13:13:02 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/08/02 13:13:02 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/03/10 21:02:38 | 000,056,352 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\Free Ride Games\X4HSEx.sys -- (X4HSEx)
DRV - [2009/12/07 21:37:25 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys -- (avgntflt)
DRV - [2009/11/22 15:42:54 | 000,486,280 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\vsdatant.sys -- (vsdatant)
DRV - [2009/10/14 07:30:02 | 000,025,208 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2009/05/11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys -- (ssmdrv)
DRV - [2009/05/05 11:00:44 | 000,632,576 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcmwlhigh5.sys -- (BCMH43XX)
DRV - [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys -- (avipbb)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/04/13 12:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/11/07 03:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\npf.sys -- (NPF)
DRV - [2007/02/08 07:45:00 | 000,029,184 | R--- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ActionReplayDS.sys -- (ActionReplayDS)
DRV - [2005/10/17 18:50:06 | 000,245,376 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\rt2500usb.sys -- (WUSB54GPV4SRV)
DRV - [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/06/15 21:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 21:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 21:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 21:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/04/10 04:44:00 | 000,636,502 | R--- | M] (Intersil Americas Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PRISMUSB.sys -- (PRISM_USB)
DRV - [2002/11/08 12:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/09/27 17:21:26 | 000,022,912 | ---- | M] (D-Link Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\NIOC.sys -- (NIOC)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/09 20:03:00 | 000,070,084 | ---- | M] (MK Systems CO., LTD.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\EPLPDX02.SYS -- (Eplpdx02)
DRV - [2001/05/07 04:56:02 | 000,019,805 | R--- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbio.sys -- (USBIO) USBIO Driver (usbio.sys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/01/10 16:10:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin

[2009/06/16 20:48:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matt M\Application Data\Mozilla\Extensions
[2009/06/16 20:48:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matt M\Application Data\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2009/12/01 19:21:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - No CLSID value found.
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (RadioBar Toolbar) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
O2 - BHO: (Simppull Toolbar) - {627af46b-2076-42ae-a2fd-8428734d3e74} - C:\Program Files\simppulltoolbar\simppulldx.dll ()
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Updater For Simppull Toolbar) - {C4B8BAB4-1667-11DF-A242-BA9455D89593} - C:\Program Files\simppulltoolbar\auxi\simppulltoolbAu.dll (Visicom Media)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - File not found
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (RadioBar Toolbar) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
O3 - HKLM\..\Toolbar: (Simppull Toolbar) - {627af46b-2076-42ae-a2fd-8428734d3e74} - C:\Program Files\simppulltoolbar\simppulldx.dll ()
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (RadioBar Toolbar) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [D-Link Air USB Utility] C:\Program Files\D-Link\Air USB Utility\AirCFG.exe (D-Link)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MimBoot] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [RealTray] File not found
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKCU..\Run: [MSE] File not found
O4 - HKCU..\Run: [Search Protection] File not found
O4 - HKCU..\Run: [Singlesnet] File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WinTOTAL Scheduler] C:\WIN2000\Guru.exe (a la mode, inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk = File not found
O4 - Startup: C:\Documents and Settings\Matt M\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://etrade.webex...nbr/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\toolbarchrome {718733BC-AD64-4e5f-AC18-A85FBD75D54D} - C:\Program Files\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\datamngr.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/02/06 10:04:52 | 000,000,051 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2003/08/18 05:29:46 | 000,270,336 | R--- | M] () - D:\autorun.exe -- [ CDFS ]
O32 - Unable to obtain root file information for disk Z:\
O33 - MountPoints2\{77df75e7-b1f3-11de-8dac-0018390db3e1}\Shell - "" = AutoRun
O33 - MountPoints2\{77df75e7-b1f3-11de-8dac-0018390db3e1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{77df75e7-b1f3-11de-8dac-0018390db3e1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{caf79603-9fb6-11de-8da6-0018390db3e1}\Shell - "" = AutoRun
O33 - MountPoints2\{caf79603-9fb6-11de-8da6-0018390db3e1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{caf79603-9fb6-11de-8da6-0018390db3e1}\Shell\AutoRun\command - "" = E:\MI.exe
O33 - MountPoints2\{d5d347d2-1447-11df-8dee-0018390db3e1}\Shell\AutoRun\command - "" = E:\rcaeasyrip_setup.exe
O33 - MountPoints2\{d5d347d2-1447-11df-8dee-0018390db3e1}\Shell\install\command - "" = E:\rcaeasyrip_setup.exe
O33 - MountPoints2\{d5d347d2-1447-11df-8dee-0018390db3e1}\Shell\usermanualEnglish\command - "" = E:\rcaeasyrip_setup.exe /pdf_English
O33 - MountPoints2\{d5d347d2-1447-11df-8dee-0018390db3e1}\Shell\usermanualFrench\command - "" = E:\rcaeasyrip_setup.exe /pdf_French
O33 - MountPoints2\{d5d347d2-1447-11df-8dee-0018390db3e1}\Shell\usermanualSpanish\command - "" = E:\rcaeasyrip_setup.exe /pdf_Spanish
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/19 16:04:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matt M\Desktop\OTL.exe
[2011/01/11 18:06:11 | 000,000,000 | ---D | C] -- C:\.yanillescapeclientv3_file_store_32
[2004/12/16 09:33:00 | 000,040,960 | ---- | C] ( ) -- C:\WINDOWS\System32\alaLIB.dll
[2004/07/28 11:46:06 | 000,098,304 | ---- | C] ( ) -- C:\WINDOWS\System32\AutoLicense.dll
[2002/07/16 17:12:58 | 000,045,056 | ---- | C] ( ) -- C:\WINDOWS\System32\AutoPAX.dll
[2002/04/29 11:04:40 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Matt M\My Documents\*.tmp files -> C:\Documents and Settings\Matt M\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/19 16:04:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt M\Desktop\OTL.exe
[2011/01/19 16:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/01/19 14:31:50 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Matt M\jagex_runescape_preferences.dat
[2011/01/19 11:08:20 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/01/19 08:06:19 | 000,003,614 | ---- | M] () -- C:\WINDOWS\ALAMODE.INI
[2011/01/19 08:03:53 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-749379181-2625633795-2857781431-1006.job
[2011/01/19 07:45:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/01/19 07:45:29 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/18 19:00:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2011/01/18 17:04:51 | 000,000,558 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for isaac.job
[2011/01/18 16:59:52 | 000,000,117 | ---- | M] () -- C:\Documents and Settings\Matt M\jagex_runescape_preferences2.dat
[2011/01/17 21:01:49 | 000,004,785 | ---- | M] () -- C:\Documents and Settings\Matt M\Application Data\Cabos.plist
[2011/01/16 11:59:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-749379181-2625633795-2857781431-1006.job
[2011/01/13 11:21:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/04 17:41:51 | 000,000,185 | ---- | M] () -- C:\Documents and Settings\Matt M\Desktop\Shortcut to Kindle (E).lnk
[2010/12/30 11:12:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Matt M\My Documents\*.tmp files -> C:\Documents and Settings\Matt M\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/04 17:41:51 | 000,000,185 | ---- | C] () -- C:\Documents and Settings\Matt M\Desktop\Shortcut to Kindle (E).lnk
[2010/12/12 22:25:19 | 000,004,785 | ---- | C] () -- C:\Documents and Settings\Matt M\Application Data\Cabos.plist
[2010/08/01 19:44:59 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/09/21 16:07:40 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Matt M\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/25 19:55:15 | 000,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/03/13 14:19:07 | 000,000,162 | ---- | C] () -- C:\WINDOWS\VeggieMysteryIsland.ini
[2009/03/13 10:38:28 | 000,000,112 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2009/03/12 07:52:27 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2009/03/07 18:02:22 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/01/01 11:35:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2008/05/04 08:51:00 | 000,000,880 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/03/03 17:59:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005/05/11 14:25:32 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\alaMapi.dll
[2004/12/02 18:05:53 | 000,000,115 | ---- | C] () -- C:\WINDOWS\DDETEST.ini
[2004/12/01 16:06:00 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Matt M\Application Data\PFP120JPR.{PB
[2004/12/01 16:06:00 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Matt M\Application Data\PFP120JCM.{PB
[2004/11/09 17:03:44 | 000,003,614 | ---- | C] () -- C:\WINDOWS\ALAMODE.INI
[2004/10/31 11:56:55 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/10/31 11:29:53 | 000,000,023 | ---- | C] () -- C:\WINDOWS\EPSC80.ini
[2004/10/27 16:16:54 | 000,000,035 | ---- | C] () -- C:\WINDOWS\mercury.ini
[2004/10/12 23:49:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/12 23:41:34 | 000,000,859 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/10/12 23:19:28 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/13 16:03:12 | 001,159,168 | ---- | C] () -- C:\WINDOWS\System32\alaMFC2.dll
[2004/08/11 08:07:00 | 000,003,522 | ---- | C] () -- C:\WINDOWS\TECHHELP.INI
[2004/08/10 12:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 12:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/04 04:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/06/17 10:43:12 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\ala32.dll
[2003/12/11 17:05:40 | 000,401,408 | ---- | C] () -- C:\WINDOWS\System32\AXF_AXS.dll
[2002/07/16 17:15:02 | 000,577,536 | ---- | C] () -- C:\WINDOWS\System32\PAXMeta.dll
[2002/06/09 12:07:30 | 000,053,315 | ---- | C] () -- C:\WINDOWS\System32\DevCtrl.dll
[2002/04/29 11:05:00 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\Postiex.dll
[2002/04/29 11:04:58 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P2kDesk.dll
[2002/04/29 11:04:41 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFfpx7.dll
[2002/04/29 11:04:41 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKodak.dll
[2002/04/29 11:04:28 | 000,204,864 | ---- | C] () -- C:\WINDOWS\System32\AtxWrap.dll
[2002/04/29 11:04:27 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\alaIE.dll
[2002/01/30 08:03:00 | 000,495,616 | ---- | C] () -- C:\WINDOWS\System32\TX32.dll
[2001/06/27 01:24:00 | 000,000,260 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini
[1999/09/15 14:03:48 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DP2kFrms.dll
[1999/08/17 08:50:30 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\DeskSkt.dll
[1979/12/31 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >

Edited by realapp, 19 January 2011 - 05:50 PM.

[Advertisements]

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

• Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
• Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
• If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
• These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
• Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
• Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
• I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together
  Because of this, you must reply within three days failure to reply will result in the topic being closed!
• Please do not PM me directly for help. If you have any questions, post them in this topic.
• Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
  Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

From what I can see, you have a ton of toolbars installed on your computer. I'm going to suggest you remove them, and then will script out any leftover files from them in a fix that you will run a little later in this post.

Remove Program
We need to remove a program. To do this please do the following:

• Click Start
• Go to Control Panel
• Go to Add/Remove Programs
• Find and click Remove for the following (if present):
  
• PriceGong Toolbar
• RadioBar Toolbar
• Simppull Toolbar
• MyWebSearch
• Ask Toolbar

NEXT:



OTL Fix

We need to run an OTL Fix

• Please reopen on your desktop.
• Copy and Paste the following code into the textbox.
  
  

  :Services
  :OTL
  O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
  O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
  O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - No CLSID value found.
  O2 - BHO: (RadioBar Toolbar) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
  O2 - BHO: (Simppull Toolbar) - {627af46b-2076-42ae-a2fd-8428734d3e74} - C:\Program Files\simppulltoolbar\simppulldx.dll ()
  O2 - BHO: (Updater For Simppull Toolbar) - {C4B8BAB4-1667-11DF-A242-BA9455D89593} - C:\Program Files\simppulltoolbar\auxi\simppulltoolbAu.dll (Visicom Media)
  O3 - HKLM\..\Toolbar: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - File not found
  O3 - HKLM\..\Toolbar: (RadioBar Toolbar) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
  O3 - HKLM\..\Toolbar: (Simppull Toolbar) - {627af46b-2076-42ae-a2fd-8428734d3e74} - C:\Program Files\simppulltoolbar\simppulldx.dll ()
  O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
  O3 - HKCU\..\Toolbar\WebBrowser: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - File not found
  O3 - HKCU\..\Toolbar\WebBrowser: (RadioBar Toolbar) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
  O4 - HKLM..\Run: [RealTray] File not found
  O4 - HKCU..\Run: [MSE] File not found
  O4 - HKCU..\Run: [Search Protection] File not found
  O4 - HKCU..\Run: [Singlesnet] File not found
  O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk = File not found
  O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
  O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
  O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
  O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
  O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\datamngr.dll) - File not found
  O33 - MountPoints2\{77df75e7-b1f3-11de-8dac-0018390db3e1}\Shell - "" = AutoRun
  O33 - MountPoints2\{77df75e7-b1f3-11de-8dac-0018390db3e1}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{77df75e7-b1f3-11de-8dac-0018390db3e1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
  O33 - MountPoints2\{caf79603-9fb6-11de-8da6-0018390db3e1}\Shell - "" = AutoRun
  O33 - MountPoints2\{caf79603-9fb6-11de-8da6-0018390db3e1}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{caf79603-9fb6-11de-8da6-0018390db3e1}\Shell\AutoRun\command - "" = E:\MI.exe
  O33 - MountPoints2\{d5d347d2-1447-11df-8dee-0018390db3e1}\Shell\AutoRun\command - "" = E:\rcaeasyrip_setup.exe
  O33 - MountPoints2\{d5d347d2-1447-11df-8dee-0018390db3e1}\Shell\install\command - "" = E:\rcaeasyrip_setup.exe
  O33 - MountPoints2\{d5d347d2-1447-11df-8dee-0018390db3e1}\Shell\usermanualEnglish\command - "" = E:\rcaeasyrip_setup.exe /pdf_English
  O33 - MountPoints2\{d5d347d2-1447-11df-8dee-0018390db3e1}\Shell\usermanualFrench\command - "" = E:\rcaeasyrip_setup.exe /pdf_French
  O33 - MountPoints2\{d5d347d2-1447-11df-8dee-0018390db3e1}\Shell\usermanualSpanish\command - "" = E:\rcaeasyrip_setup.exe /pdf_Spanish
  [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
  [1 C:\Documents and Settings\Matt M\My Documents\*.tmp files -> C:\Documents and Settings\Matt M\My Documents\*.tmp -> ]
  [2011/01/19 16:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
  [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
  [1 C:\Documents and Settings\Matt M\My Documents\*.tmp files -> C:\Documents and Settings\Matt M\My Documents\*.tmp -> ]
  
  :Reg
  
  :Files
  ipconfig /flushdns /c
  :Commands
  [purity]
  [resethosts]
  [CreateRestorePoint]
  [emptytemp]
  [EMPTYFLASH]
  

• Push
• OTL may ask to reboot the machine. Please do so if asked.
• Click .
• A report will open. Copy and Paste that report in your next reply.
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:



Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

• Double-click on RKUnhookerLE.exe to start the program.
  Vista/Windows 7 users right-click and select Run As Administrator.
• Click the Report tab, then click Scan.
• Check Drivers, Stealth, and uncheck the rest.
• Click OK.
• Wait until it's finished and then go to File > Save Report.
• Save the report to your Desktop.
• Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:



OTL Custom Scan

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Under Extra Registry select Use Safe List
• Under Custom Scan paste this in
  

  
  netsvcs
  drivers32
  %appdata%\Local\Temp\DDM\*.* /s
  %PROGRAMFILES%\*.*
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %ALLUSERSPROFILE%\Start Menu\*.lnk /x
  %systemroot%\system32\config\systemprofile\*.dat /x
  %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
  %USERPROFILE%\Desktop\*.exe
  %PROGRAMFILES%\Common Files\*.*
  %PROGRAMFILES%\Internet Explorer\*.tmp
  %PROGRAMFILES%\Internet Explorer\*.dat
  %USERPROFILE%\My Documents\*.exe
  %USERPROFILE%\*.exe
  %ProgramFiles%\Microsoft Common\*.*
  %USERPROFILE%\Favorites\*.url /x
  dir /b "%systemroot%\system32\*.exe" | find /i " " /c
  dir /b "%systemroot%\*.exe" | find /i " " /c
  %USERPROFILE%\Cookies\*.txt /x
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
• You may need two posts to fit them both in.

NEXT:



How are things running?

[SweetTech]

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

• Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
• Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
• If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
• These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
• Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
• Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
• I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together
  Because of this, you must reply within three days failure to reply will result in the topic being closed!
• Please do not PM me directly for help. If you have any questions, post them in this topic.
• Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
  Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

From what I can see, you have a ton of toolbars installed on your computer. I'm going to suggest you remove them, and then will script out any leftover files from them in a fix that you will run a little later in this post.

Remove Program
We need to remove a program. To do this please do the following:

• Click Start
• Go to Control Panel
• Go to Add/Remove Programs
• Find and click Remove for the following (if present):
  
• PriceGong Toolbar
• RadioBar Toolbar
• Simppull Toolbar
• MyWebSearch
• Ask Toolbar

NEXT:



OTL Fix

We need to run an OTL Fix

• Please reopen on your desktop.
• Copy and Paste the following code into the textbox.
  
  

  :Services
  :OTL
  O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
  O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
  O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - No CLSID value found.
  O2 - BHO: (RadioBar Toolbar) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
  O2 - BHO: (Simppull Toolbar) - {627af46b-2076-42ae-a2fd-8428734d3e74} - C:\Program Files\simppulltoolbar\simppulldx.dll ()
  O2 - BHO: (Updater For Simppull Toolbar) - {C4B8BAB4-1667-11DF-A242-BA9455D89593} - C:\Program Files\simppulltoolbar\auxi\simppulltoolbAu.dll (Visicom Media)
  O3 - HKLM\..\Toolbar: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - File not found
  O3 - HKLM\..\Toolbar: (RadioBar Toolbar) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
  O3 - HKLM\..\Toolbar: (Simppull Toolbar) - {627af46b-2076-42ae-a2fd-8428734d3e74} - C:\Program Files\simppulltoolbar\simppulldx.dll ()
  O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
  O3 - HKCU\..\Toolbar\WebBrowser: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - File not found
  O3 - HKCU\..\Toolbar\WebBrowser: (RadioBar Toolbar) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
  O4 - HKLM..\Run: [RealTray] File not found
  O4 - HKCU..\Run: [MSE] File not found
  O4 - HKCU..\Run: [Search Protection] File not found
  O4 - HKCU..\Run: [Singlesnet] File not found
  O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk = File not found
  O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
  O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
  O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
  O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
  O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\datamngr.dll) - File not found
  O33 - MountPoints2\{77df75e7-b1f3-11de-8dac-0018390db3e1}\Shell - "" = AutoRun
  O33 - MountPoints2\{77df75e7-b1f3-11de-8dac-0018390db3e1}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{77df75e7-b1f3-11de-8dac-0018390db3e1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
  O33 - MountPoints2\{caf79603-9fb6-11de-8da6-0018390db3e1}\Shell - "" = AutoRun
  O33 - MountPoints2\{caf79603-9fb6-11de-8da6-0018390db3e1}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{caf79603-9fb6-11de-8da6-0018390db3e1}\Shell\AutoRun\command - "" = E:\MI.exe
  O33 - MountPoints2\{d5d347d2-1447-11df-8dee-0018390db3e1}\Shell\AutoRun\command - "" = E:\rcaeasyrip_setup.exe
  O33 - MountPoints2\{d5d347d2-1447-11df-8dee-0018390db3e1}\Shell\install\command - "" = E:\rcaeasyrip_setup.exe
  O33 - MountPoints2\{d5d347d2-1447-11df-8dee-0018390db3e1}\Shell\usermanualEnglish\command - "" = E:\rcaeasyrip_setup.exe /pdf_English
  O33 - MountPoints2\{d5d347d2-1447-11df-8dee-0018390db3e1}\Shell\usermanualFrench\command - "" = E:\rcaeasyrip_setup.exe /pdf_French
  O33 - MountPoints2\{d5d347d2-1447-11df-8dee-0018390db3e1}\Shell\usermanualSpanish\command - "" = E:\rcaeasyrip_setup.exe /pdf_Spanish
  [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
  [1 C:\Documents and Settings\Matt M\My Documents\*.tmp files -> C:\Documents and Settings\Matt M\My Documents\*.tmp -> ]
  [2011/01/19 16:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
  [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
  [1 C:\Documents and Settings\Matt M\My Documents\*.tmp files -> C:\Documents and Settings\Matt M\My Documents\*.tmp -> ]
  
  :Reg
  
  :Files
  ipconfig /flushdns /c
  :Commands
  [purity]
  [resethosts]
  [CreateRestorePoint]
  [emptytemp]
  [EMPTYFLASH]
  

• Push
• OTL may ask to reboot the machine. Please do so if asked.
• Click .
• A report will open. Copy and Paste that report in your next reply.
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:



Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

• Double-click on RKUnhookerLE.exe to start the program.
  Vista/Windows 7 users right-click and select Run As Administrator.
• Click the Report tab, then click Scan.
• Check Drivers, Stealth, and uncheck the rest.
• Click OK.
• Wait until it's finished and then go to File > Save Report.
• Save the report to your Desktop.
• Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:



OTL Custom Scan

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Under Extra Registry select Use Safe List
• Under Custom Scan paste this in
  

  
  netsvcs
  drivers32
  %appdata%\Local\Temp\DDM\*.* /s
  %PROGRAMFILES%\*.*
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %ALLUSERSPROFILE%\Start Menu\*.lnk /x
  %systemroot%\system32\config\systemprofile\*.dat /x
  %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
  %USERPROFILE%\Desktop\*.exe
  %PROGRAMFILES%\Common Files\*.*
  %PROGRAMFILES%\Internet Explorer\*.tmp
  %PROGRAMFILES%\Internet Explorer\*.dat
  %USERPROFILE%\My Documents\*.exe
  %USERPROFILE%\*.exe
  %ProgramFiles%\Microsoft Common\*.*
  %USERPROFILE%\Favorites\*.url /x
  dir /b "%systemroot%\system32\*.exe" | find /i " " /c
  dir /b "%systemroot%\*.exe" | find /i " " /c
  %USERPROFILE%\Cookies\*.txt /x
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
• You may need two posts to fit them both in.

NEXT:



How are things running?

[realapp]

Here is the report.


All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}\ not found.
File C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4A368E80-174F-4872-96B5-0B27DDD11DB2}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5B291E6C-9A74-4034-971B-A4B007A0B315}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5B291E6C-9A74-4034-971B-A4B007A0B315}\ deleted successfully.
File C:\Program Files\RadioBar\toolbar.ni.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{627af46b-2076-42ae-a2fd-8428734d3e74}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{627af46b-2076-42ae-a2fd-8428734d3e74}\ deleted successfully.
File C:\Program Files\simppulltoolbar\simppulldx.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4B8BAB4-1667-11DF-A242-BA9455D89593}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4B8BAB4-1667-11DF-A242-BA9455D89593}\ deleted successfully.
File C:\Program Files\simppulltoolbar\auxi\simppulltoolbAu.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1BB22D38-A411-4B13-A746-C2A4F4EC7344} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5B291E6C-9A74-4034-971B-A4B007A0B315} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5B291E6C-9A74-4034-971B-A4B007A0B315}\ not found.
File C:\Program Files\RadioBar\toolbar.ni.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{627af46b-2076-42ae-a2fd-8428734d3e74} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{627af46b-2076-42ae-a2fd-8428734d3e74}\ not found.
File C:\Program Files\simppulltoolbar\simppulldx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1BB22D38-A411-4B13-A746-C2A4F4EC7344} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5B291E6C-9A74-4034-971B-A4B007A0B315} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5B291E6C-9A74-4034-971B-A4B007A0B315}\ not found.
File C:\Program Files\RadioBar\toolbar.ni.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RealTray deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MSE deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Search Protection deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Singlesnet deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d81ca86b-ef63-42af-bee3-4502d9a03c2d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d81ca86b-ef63-42af-bee3-4502d9a03c2d}\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\datamngr.dll deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77df75e7-b1f3-11de-8dac-0018390db3e1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77df75e7-b1f3-11de-8dac-0018390db3e1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77df75e7-b1f3-11de-8dac-0018390db3e1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77df75e7-b1f3-11de-8dac-0018390db3e1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77df75e7-b1f3-11de-8dac-0018390db3e1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77df75e7-b1f3-11de-8dac-0018390db3e1}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{caf79603-9fb6-11de-8da6-0018390db3e1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{caf79603-9fb6-11de-8da6-0018390db3e1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{caf79603-9fb6-11de-8da6-0018390db3e1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{caf79603-9fb6-11de-8da6-0018390db3e1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{caf79603-9fb6-11de-8da6-0018390db3e1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{caf79603-9fb6-11de-8da6-0018390db3e1}\ not found.
File E:\MI.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5d347d2-1447-11df-8dee-0018390db3e1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d5d347d2-1447-11df-8dee-0018390db3e1}\ not found.
File E:\rcaeasyrip_setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5d347d2-1447-11df-8dee-0018390db3e1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d5d347d2-1447-11df-8dee-0018390db3e1}\ not found.
File E:\rcaeasyrip_setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5d347d2-1447-11df-8dee-0018390db3e1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d5d347d2-1447-11df-8dee-0018390db3e1}\ not found.
File E:\rcaeasyrip_setup.exe /pdf_English not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5d347d2-1447-11df-8dee-0018390db3e1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d5d347d2-1447-11df-8dee-0018390db3e1}\ not found.
File E:\rcaeasyrip_setup.exe /pdf_French not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5d347d2-1447-11df-8dee-0018390db3e1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d5d347d2-1447-11df-8dee-0018390db3e1}\ not found.
File E:\rcaeasyrip_setup.exe /pdf_Spanish not found.
C:\WINDOWS\System32\SET32E.tmp deleted successfully.
C:\WINDOWS\System32\SET33A.tmp deleted successfully.
C:\WINDOWS\System32\SET343.tmp deleted successfully.
C:\WINDOWS\System32\SET344.tmp deleted successfully.
C:\WINDOWS\System32\SET345.tmp deleted successfully.
C:\WINDOWS\System32\SET348.tmp deleted successfully.
C:\Documents and Settings\Matt M\My Documents\~WRL1358.tmp deleted successfully.
File C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job not found.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Matt M\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Matt M\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: isaac
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 11278646 bytes
->Flash cache emptied: 79928 bytes

User: LocalService
->Temp folder emptied: 2012587 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Matt M
->Temp folder emptied: 4155567 bytes
->Temporary Internet Files folder emptied: 28981778 bytes
->Java cache emptied: 34155127 bytes
->Flash cache emptied: 2543782 bytes

User: NetworkService
->Temp folder emptied: 1981932 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4955994 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 13735032 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 99.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: isaac
->Flash cache emptied: 0 bytes

User: LocalService

User: Matt M
->Flash cache emptied: 0 bytes

User: NetworkService

User: Owner

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.20.2 log created on 01212011_120548

Files\Folders moved on Reboot...
C:\Documents and Settings\LocalService\Local Settings\Temp\IswTmp\Logs\ISWSHEX.swl moved successfully.
C:\Documents and Settings\Matt M\Local Settings\Temp\IswTmp\Logs\ISWSHEX.swl moved successfully.
C:\Documents and Settings\Matt M\Local Settings\Temp\~DF8A80.tmp moved successfully.
File\Folder C:\Documents and Settings\Matt M\Local Settings\Temp\~DFE30E.tmp not found!
File\Folder C:\Documents and Settings\Matt M\Local Settings\Temp\~DFE35E.tmp not found!
File\Folder C:\Documents and Settings\Matt M\Local Settings\Temp\~DFE419.tmp not found!
File\Folder C:\Documents and Settings\Matt M\Local Settings\Temp\~DFE45F.tmp not found!
File\Folder C:\Documents and Settings\Matt M\Local Settings\Temp\~DFE58A.tmp not found!
File\Folder C:\Documents and Settings\Matt M\Local Settings\Temp\~DFE5B5.tmp not found!
C:\Documents and Settings\Matt M\Local Settings\Temporary Internet Files\Content.IE5\IB99NH1H\page__p__1958054__fromsearch__1[1].htm moved successfully.
C:\Documents and Settings\Matt M\Local Settings\Temporary Internet Files\Content.IE5\D9V81HQU\xd_proxy[1].htm moved successfully.
C:\Documents and Settings\Matt M\Local Settings\Temporary Internet Files\Content.IE5\4S9EAAI2\like[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\IswTmp\Logs\ISWSHEX.swl moved successfully.
C:\WINDOWS\temp\IswTmp\Logs\ISWSHEX.swl moved successfully.
File\Folder C:\WINDOWS\temp\ZLT003c3.TMP not found!

Registry entries deleted on Reboot...

[SweetTech]

Please post the logs from the other 2 tools as well as an update on how things are running when you get a chance.

[realapp]

Rootkit scan:



RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2260992 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2260992 bytes
0x804D7000 RAW 2260992 bytes
0x804D7000 WMIxWDM 2260992 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF7324000 C:\WINDOWS\system32\DRIVERS\IntelC51.sys 1208320 bytes (Intel Corporation, Modem DSP Driver)
0xBF05E000 C:\WINDOWS\System32\ialmdd5.DLL 765952 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xF74A6000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 684032 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xEED32000 C:\WINDOWS\system32\DRIVERS\bcmwlhigh5.sys 634880 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0xF728F000 C:\WINDOWS\system32\DRIVERS\IntelC52.sys 610304 bytes (Intel Corporation, Modem CP Driver)
0xEEDCD000 C:\WINDOWS\System32\vsdatant.sys 589824 bytes (Check Point Software Technologies LTD, TrueVector Device Driver)
0xF71C9000 C:\WINDOWS\system32\drivers\smwdm.sys 581632 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xF768D000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xEEBB3000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF7057000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xEEEAB000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xEE1FA000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xEDD4C000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF7808000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xEE77E000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7660000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF7763000 dac2w2k.sys 180224 bytes (Mylex Corporation, Mylex Disk Array Controller Driver)
0xEEC23000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xEEE83000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xEEE5D000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF726B000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 147456 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)
0xEDD8D000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF717D000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF746E000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF744B000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xEED10000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xEEC4E000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806FF000 ACPI_HAL 134400 bytes
0x806FF000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7743000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF77D8000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xBF03F000 C:\WINDOWS\System32\ialmdev5.DLL 126976 bytes (Intel Corporation, Component GHAL Driver)
0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 126976 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xEEB97000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 114688 bytes (Avira GmbH, Avira Driver for RootKit Detection)
0xF7646000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF778F000 adpu160m.sys 102400 bytes (Microsoft Corporation, Adaptec Ultra160 SCSI miniport)
0xF77A8000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xEEB57000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF77C0000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF771A000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF70C6000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xEE6A1000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xEEA03000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 81920 bytes (Avira GmbH, Avira Minifilter Driver)
0xF7257000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF7492000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xEEF04000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7731000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xEDEC9000 C:\WINDOWS\system32\Drivers\EPLPDX02.SYS 69632 bytes (MK Systems CO., LTD., LPT I/O driver for EPSON PRINTER)
0xF77F7000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF70B5000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xEE31A000 C:\Program Files\Free Ride Games\X4HSEx.Sys 69632 bytes (Exent Technologies Ltd., X4HSEx Kernel Mode Driver)
0xF759E000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF79F7000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF79D7000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF7A27000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF79B7000 C:\WINDOWS\system32\DRIVERS\IntelC53.sys 61440 bytes (Intel Corporation, Modem AFE Driver)
0xF7A07000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xEE91B000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7AA7000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF78B7000 aic78u2.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra2 SCSI miniport)
0xF7887000 aic78xx.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra SCSI miniport)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF7917000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF79C7000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7A37000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7877000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF78F7000 ql12160.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF78E7000 ql1280.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF7A57000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7957000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF7987000 agpCPQ.sys 45056 bytes (Microsoft Corporation, CompatNT AGP Filter)
0xF7967000 alim1541.sys 45056 bytes (Microsoft Corporation, ALi M1541 NT AGP Filter)
0xF7977000 amdagp.sys 45056 bytes (Advanced Micro Devices, Inc., AMD Win2000 AGP Filter)
0xF75CE000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF79E7000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7867000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7A47000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7947000 viaagp.sys 45056 bytes (Microsoft Corporation, VIA NT AGP Filter)
0xF7A17000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 40960 bytes (GEAR Software Inc., CD DVD Filter)
0xF7857000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF7A87000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7927000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF78D7000 ql1080.sys 40960 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF78A7000 ql1240.sys 40960 bytes (Microsoft Corporation, QLogic ISP PCI Adapters)
0xF7937000 sisagp.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS NT AGP Filter)
0xF7A77000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7907000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF75AE000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF79A7000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7A67000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF75DE000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xED384000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7897000 ql10wnt.sys 36864 bytes (Microsoft Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF78C7000 ultra.sys 36864 bytes (Promise Technology, Inc., Promise Ultra66 Miniport Driver)
0xF75EE000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7C57000 C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys 32768 bytes (Check Point Software Technologies, ZoneAlarm ForceField)
0xF7BDF000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF7BF7000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7B07000 symc8xx.sys 32768 bytes (LSI Logic, Symbios 8XX SCSI Miniport Driver)
0xF7B17000 sym_u3.sys 32768 bytes (LSI Logic, Symbios Ultra3 SCSI Miniport Driver)
0xF7BAF000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7AEF000 asc.sys 28672 bytes (Advanced System Products, Inc., AdvanSys SCSI Controller Driver)
0xF7C0F000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF7B57000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7B3F000 hpn.sys 28672 bytes (Microsoft Corporation, NetRAID-4M Miniport Driver)
0xF7AD7000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7B37000 perc2.sys 28672 bytes (Microsoft Corporation, PERC 2 Miniport Driver)
0xF7B0F000 sym_hi.sys 28672 bytes (LSI Logic, Symbios Hi-Perf SCSI Miniport Driver)
0xF7B1F000 ABP480N5.SYS 24576 bytes (Microsoft Corporation, AdvanSys SCSI Controller Driver)
0xF7B27000 asc3350p.sys 24576 bytes (Microsoft Corporation, AdvanSys SCSI Card Driver)
0xF7C1F000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7BCF000 C:\WINDOWS\system32\DRIVERS\mohfilt.sys 24576 bytes (Intel Corporation, Filter Driver to Support Modem-on-Hold)
0xF7B77000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xEEF17000 C:\WINDOWS\system32\NIOC.SYS 24576 bytes (D-Link Corporation, NIOC (NT5) Driver )
0xF7C37000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF7C2F000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xF7BA7000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7BC7000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7B2F000 dpti2o.sys 20480 bytes (Microsoft Corporation, DPT SmartRAID miniport)
0xF7B9F000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF7AFF000 i2omp.sys 20480 bytes (Microsoft Corporation, I2O Miniport Driver)
0xF7AF7000 mraid35x.sys 20480 bytes (American Megatrends Inc., MegaRAID RAID Controller Driver for Windows Whistler 32)
0xF7BE7000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7B8F000 C:\WINDOWS\system32\DRIVERS\omci.sys 20480 bytes (Dell Computer Corporation, OMCI Device Driver)
0xF7ADF000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7B5F000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7B6F000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7AE7000 sparrow.sys 20480 bytes (Adaptec, Inc., Adaptec AIC-6x60 series SCSI miniport)
0xF7C5F000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7BB7000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7C6F000 aha154x.sys 16384 bytes (Microsoft Corporation, Adaptec AHA-154x series SCSI miniport)
0xF7C7F000 asc3550.sys 16384 bytes (Advanced System Products, Inc., AdvanSys Ultra-Wide PCI SCSI Driver)
0xF7C87000 cbidf2k.sys 16384 bytes (Microsoft Corporation, CardBus/PCMCIA IDE Miniport Driver)
0xF7C6B000 cpqarray.sys 16384 bytes (Microsoft Corporation, Compaq Drive Array Controllers SCSI Miniport Driver)
0xF7C77000 dac960nt.sys 16384 bytes (Microsoft Corporation, Mylex Disk Array Controller Driver)
0xF7C83000 ini910u.sys 16384 bytes (Microsoft Corporation, INITIO ini910u SCSI miniport)
0xF75FE000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xF7D3B000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xEEA2B000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7D0F000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7C73000 symc810.sys 16384 bytes (Symbios Logic Inc., Symbios Logic Inc. SCSI Miniport Driver)
0xF7C7B000 amsint.sys 12288 bytes (Microsoft Corporation, AMD SCSI/NET Controller)
0xF7C67000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xEEF8B000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7037000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF7D17000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xF7D47000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7D27000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF71C1000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7D6D000 C:\WINDOWS\system32\drivers\aeaudio.sys 8192 bytes (Andrea Electronics Corporation, Andrea Audio Stub Driver)
0xF7D5B000 aliide.sys 8192 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
0xF7D91000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xF7D81000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7D65000 cd20xrnt.sys 8192 bytes (Microsoft Corporation, IBM Portable CD-ROM Drive Miniport)
0xF7D5D000 cmdide.sys 8192 bytes (CMD Technology, Inc., CMD PCI IDE Bus Driver)
0xF7DAB000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7D7D000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7D63000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7D57000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7D85000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7D67000 perc2hib.sys 8192 bytes (Microsoft Corporation, PERC 2 Hibernate Driver)
0xF7D89000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7D73000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7D5F000 toside.sys 8192 bytes (Microsoft Corporation, Toshiba PCI IDE Controller)
0xF7D77000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7D61000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7D59000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7EF3000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7F92000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7F82000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7E1F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
WARNING: Virus alike driver modification [ACPIEC.SYS]
WARNING: Virus alike driver modification [CPQDAP01.SYS]
WARNING: Virus alike driver modification [NIKEDRV.SYS]
WARNING: Virus alike driver modification [RIO8DRV.SYS]
WARNING: Virus alike driver modification [RIODRV.SYS]
WARNING: Virus alike driver modification [WS2IFSL.SYS]
WARNING: Virus alike driver modification [FSVGA.SYS]
WARNING: Virus alike driver modification [NWLNKFLT.SYS]
WARNING: Virus alike driver modification [e100b325.sys]
WARNING: Virus alike driver modification [SMCLIB.SYS]
WARNING: Virus alike driver modification [NV4_MINI.SYS]
WARNING: Virus alike driver modification [iqvw32.sys]
WARNING: Virus alike driver modification [TSBVCAP.SYS]
WARNING: Virus alike driver modification [CINEMST2.SYS]
WARNING: Virus alike driver modification [ATMEPVC.SYS]
WARNING: Virus alike driver modification [NWLNKFWD.SYS]
WARNING: Virus alike driver modification [IPFLTDRV.SYS]
WARNING: Virus alike driver modification [RAWWAN.SYS]
WARNING: Virus alike driver modification [ATMUNI.SYS]
WARNING: Virus alike driver modification [TOSDVD.SYS]
WARNING: Virus alike driver modification [NWLNKSPX.SYS]
WARNING: Virus alike driver modification [VDMINDVD.SYS]
WARNING: Virus alike driver modification [DMLOAD.SYS]
WARNING: Virus alike driver modification [ROOTMDM.SYS]
WARNING: Virus alike driver modification [NWLNKNB.SYS]
WARNING: Virus alike driver modification [PARVDM.SYS]
WARNING: Virus alike driver modification [MCD.SYS]

[realapp]

otl scan


OTL logfile created on: 1/21/2011 7:26:09 PM - Run 2
OTL by OldTimer - Version 3.2.20.3 Folder = C:\Documents and Settings\Matt M\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 489.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.94 Gb Total Space | 46.99 Gb Free Space | 66.24% Space Free | Partition Type: NTFS
Drive D: | 447.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MATT | User Name: Matt M | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Matt M\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
PRC - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
PRC - C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
PRC - C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe (Musicmatch, Inc.)
PRC - C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe (Musicmatch, Inc.)
PRC - C:\WIN2000\Guru.exe (a la mode, inc.)
PRC - C:\Program Files\SpywareGuard\sgmain.exe ()
PRC - C:\Program Files\SpywareGuard\sgbhp.exe ()
PRC - C:\Program Files\D-Link\Air USB Utility\AirCFG.exe (D-Link)
PRC - C:\Program Files\WZCBDL Service\WZCBDLS.exe (D-Link)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\EBRR.exe (SEIKO EPSON CORPORATION)
PRC - C:\WINDOWS\SYSTEM32\E_S00RP2.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\SAgentNT.exe (SEIKO EPSON CORPORATION)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Matt M\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (Check Point Software Technologies)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WSWNDA3100) -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (getPlus® Helper) getPlus® -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (NetSvc) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel® Corporation)
SRV - (WZCBDLService) -- C:\Program Files\WZCBDL Service\WZCBDLS.exe (D-Link)
SRV - (EPSONStatusAgent2) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV2_02) EPSON V3 Service2(02) -- C:\WINDOWS\SYSTEM32\E_S00RP2.EXE (SEIKO EPSON CORPORATION)
SRV - (StatusAgent) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgentNT.exe (SEIKO EPSON CORPORATION)


========== Driver Services (SafeList) ==========

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (X4HSEx) -- C:\Program Files\Free Ride Games\X4HSEx.sys (Exent Technologies Ltd.)
DRV - (avgntflt) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys (Avira GmbH)
DRV - (vsdatant) -- C:\WINDOWS\SYSTEM32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (ssmdrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys (Avira GmbH)
DRV - (BCMH43XX) -- C:\WINDOWS\SYSTEM32\DRIVERS\bcmwlhigh5.sys (Broadcom Corporation)
DRV - (avipbb) -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (NPF) -- C:\WINDOWS\SYSTEM32\DRIVERS\npf.sys (CACE Technologies)
DRV - (ActionReplayDS) -- C:\WINDOWS\SYSTEM32\DRIVERS\ActionReplayDS.sys (Thesycon GmbH, Germany)
DRV - (WUSB54GPV4SRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\rt2500usb.sys (Ralink Technology Inc.)
DRV - (nv) -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS (NVIDIA Corporation)
DRV - (IntelC53) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys (Intel Corporation)
DRV - (IntelC52) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys (Intel Corporation)
DRV - (IntelC51) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys (Intel Corporation)
DRV - (PRISM_USB) -- C:\WINDOWS\SYSTEM32\DRIVERS\PRISMUSB.sys (Intersil Americas Inc.)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (NIOC) -- C:\WINDOWS\SYSTEM32\NIOC.sys (D-Link Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (Eplpdx02) -- C:\WINDOWS\SYSTEM32\DRIVERS\EPLPDX02.SYS (MK Systems CO., LTD.)
DRV - (USBIO) USBIO Driver (usbio.sys) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbio.sys (Thesycon GmbH, Germany)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/01/10 16:10:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin

[2009/06/16 20:48:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matt M\Application Data\Mozilla\Extensions
[2009/06/16 20:48:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matt M\Application Data\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2011/01/21 12:06:26 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [D-Link Air USB Utility] C:\Program Files\D-Link\Air USB Utility\AirCFG.exe (D-Link)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MimBoot] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WinTOTAL Scheduler] C:\WIN2000\Guru.exe (a la mode, inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
O4 - Startup: C:\Documents and Settings\Matt M\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://etrade.webex...nbr/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/02/06 10:04:52 | 000,000,051 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2003/08/18 05:29:46 | 000,270,336 | R--- | M] () - D:\autorun.exe -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave - C:\WINDOWS\System32\SERWVDRV.DLL (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (60812205720862720)

========== Files/Folders - Created Within 30 Days ==========

[2011/01/21 12:05:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/21 12:01:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt M\Application Data\simppulltoolbar
[2011/01/19 16:04:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matt M\Desktop\OTL.exe
[2011/01/11 18:06:11 | 000,000,000 | ---D | C] -- C:\.yanillescapeclientv3_file_store_32
[2004/12/16 09:33:00 | 000,040,960 | ---- | C] ( ) -- C:\WINDOWS\System32\alaLIB.dll
[2004/07/28 11:46:06 | 000,098,304 | ---- | C] ( ) -- C:\WINDOWS\System32\AutoLicense.dll
[2002/07/16 17:12:58 | 000,045,056 | ---- | C] ( ) -- C:\WINDOWS\System32\AutoPAX.dll
[2002/04/29 11:04:40 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll

========== Files - Modified Within 30 Days ==========

[2011/01/21 19:21:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt M\Desktop\OTL.exe
[2011/01/21 19:09:59 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Matt M\Desktop\RKUnhookerLE.EXE
[2011/01/21 19:00:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2011/01/21 15:31:52 | 000,000,558 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for isaac.job
[2011/01/21 12:14:42 | 000,003,523 | ---- | M] () -- C:\WINDOWS\ALAMODE.INI
[2011/01/21 12:11:11 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-749379181-2625633795-2857781431-1006.job
[2011/01/21 12:10:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/01/21 12:10:00 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/21 12:06:26 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2011/01/20 11:21:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/19 14:31:50 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Matt M\jagex_runescape_preferences.dat
[2011/01/19 11:08:20 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/01/18 16:59:52 | 000,000,117 | ---- | M] () -- C:\Documents and Settings\Matt M\jagex_runescape_preferences2.dat
[2011/01/17 21:01:49 | 000,004,785 | ---- | M] () -- C:\Documents and Settings\Matt M\Application Data\Cabos.plist
[2011/01/16 11:59:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-749379181-2625633795-2857781431-1006.job
[2011/01/04 17:41:51 | 000,000,185 | ---- | M] () -- C:\Documents and Settings\Matt M\Desktop\Shortcut to Kindle (E).lnk
[2010/12/30 11:12:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL

========== Files Created - No Company Name ==========

[2011/01/21 19:09:59 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Matt M\Desktop\RKUnhookerLE.EXE
[2011/01/21 12:00:14 | 000,000,085 | ---- | C] () -- C:\Documents and Settings\Matt M\Application Data\toolbar_log.txt
[2011/01/04 17:41:51 | 000,000,185 | ---- | C] () -- C:\Documents and Settings\Matt M\Desktop\Shortcut to Kindle (E).lnk
[2010/12/12 22:25:19 | 000,004,785 | ---- | C] () -- C:\Documents and Settings\Matt M\Application Data\Cabos.plist
[2010/08/01 19:44:59 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/09/21 16:07:40 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Matt M\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/25 19:55:15 | 000,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/03/13 14:19:07 | 000,000,162 | ---- | C] () -- C:\WINDOWS\VeggieMysteryIsland.ini
[2009/03/13 10:38:28 | 000,000,112 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2009/03/12 07:52:27 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2009/03/07 18:02:22 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/01/01 11:35:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2008/05/04 08:51:00 | 000,000,880 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/03/03 17:59:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005/05/11 14:25:32 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\alaMapi.dll
[2004/12/02 18:05:53 | 000,000,115 | ---- | C] () -- C:\WINDOWS\DDETEST.ini
[2004/12/01 16:06:00 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Matt M\Application Data\PFP120JPR.{PB
[2004/12/01 16:06:00 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Matt M\Application Data\PFP120JCM.{PB
[2004/11/09 17:03:44 | 000,003,523 | ---- | C] () -- C:\WINDOWS\ALAMODE.INI
[2004/10/31 11:56:55 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/10/31 11:29:53 | 000,000,023 | ---- | C] () -- C:\WINDOWS\EPSC80.ini
[2004/10/27 16:16:54 | 000,000,035 | ---- | C] () -- C:\WINDOWS\mercury.ini
[2004/10/12 23:49:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/12 23:41:34 | 000,000,859 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/10/12 23:19:28 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/13 16:03:12 | 001,159,168 | ---- | C] () -- C:\WINDOWS\System32\alaMFC2.dll
[2004/08/11 08:07:00 | 000,003,522 | ---- | C] () -- C:\WINDOWS\TECHHELP.INI
[2004/08/10 12:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 12:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/04 04:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/06/17 10:43:12 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\ala32.dll
[2003/12/11 17:05:40 | 000,401,408 | ---- | C] () -- C:\WINDOWS\System32\AXF_AXS.dll
[2002/07/16 17:15:02 | 000,577,536 | ---- | C] () -- C:\WINDOWS\System32\PAXMeta.dll
[2002/06/09 12:07:30 | 000,053,315 | ---- | C] () -- C:\WINDOWS\System32\DevCtrl.dll
[2002/04/29 11:05:00 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\Postiex.dll
[2002/04/29 11:04:58 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P2kDesk.dll
[2002/04/29 11:04:41 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFfpx7.dll
[2002/04/29 11:04:41 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKodak.dll
[2002/04/29 11:04:28 | 000,204,864 | ---- | C] () -- C:\WINDOWS\System32\AtxWrap.dll
[2002/04/29 11:04:27 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\alaIE.dll
[2002/01/30 08:03:00 | 000,495,616 | ---- | C] () -- C:\WINDOWS\System32\TX32.dll
[2001/06/27 01:24:00 | 000,000,260 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini
[1999/09/15 14:03:48 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DP2kFrms.dll
[1999/08/17 08:50:30 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\DeskSkt.dll
[1979/12/31 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2010/08/18 22:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1F12D
[2010/05/15 17:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3b21bae
[2009/06/19 18:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/12/09 19:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2010/12/09 19:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Free Ride Games
[2009/01/01 15:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/12/09 19:40:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
[2011/01/19 08:58:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/12/09 20:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder
[2009/01/01 20:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/03/09 18:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2009/06/16 21:30:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/12/03 09:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt M\Application Data\Auslogics
[2009/06/19 19:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt M\Application Data\Azureus
[2011/01/17 21:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt M\Application Data\Cabos
[2009/12/03 16:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt M\Application Data\CheckPoint
[2010/03/06 14:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt M\Application Data\Facebook
[2004/10/27 16:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt M\Application Data\Leadertech
[2007/04/06 09:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt M\Application Data\Musicmatch
[2010/03/19 07:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt M\Application Data\RadioBar
[2010/11/24 13:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt M\Application Data\Registry Mechanic
[2011/01/21 12:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt M\Application Data\simppulltoolbar
[2009/12/19 14:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt M\Application Data\Singlesnet
[2004/10/18 21:26:35 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job
[2011/01/21 19:00:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job

========== Purity Check ==========



========== Custom Scans ==========


< %appdata%\Local\Temp\DDM\*.* /s >

< %PROGRAMFILES%\*.* >

< %systemroot%\*. /mp /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/12/03 10:37:16 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\DESKTOP.INI

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/12/03 12:16:06 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Matt M\Application Data\Microsoft\Internet Explorer\Quick Launch\DESKTOP.INI
[2004/08/10 12:08:38 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Matt M\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2007/03/21 14:37:14 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Matt M\Desktop\ATF-Cleaner.exe
[2009/02/03 09:27:36 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Matt M\Desktop\HJTInstall.exe
[2009/12/02 17:26:25 | 016,832,288 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Matt M\Desktop\jre-6u17-windows-i586-s.exe
[2011/01/21 19:21:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt M\Desktop\OTL.exe
[2011/01/21 19:09:59 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Matt M\Desktop\RKUnhookerLE.EXE
[2006/07/25 08:54:30 | 002,585,872 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Matt M\Desktop\WindowsInstaller-KB893803-v2-x86.exe
[2005/01/13 15:49:07 | 000,823,296 | ---- | M] (Frontcode Technologies) -- C:\Documents and Settings\Matt M\Desktop\winmx353.exe
[2009/01/01 20:09:37 | 014,665,056 | ---- | M] () -- C:\Documents and Settings\Matt M\Desktop\winzip120.exe
[2005/01/13 17:42:29 | 000,901,984 | ---- | M] () -- C:\Documents and Settings\Matt M\Desktop\wpsetup.exe

< %PROGRAMFILES%\Common Files\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2009/11/30 14:38:15 | 030,909,992 | ---- | M] () -- C:\Documents and Settings\Matt M\My Documents\avira_antivir_personal_en.exe
[2008/04/17 21:13:02 | 000,811,008 | ---- | M] () -- C:\Documents and Settings\Matt M\My Documents\gmer.exe

< %USERPROFILE%\*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %USERPROFILE%\Favorites\*.url /x >
[2009/12/03 12:16:06 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Matt M\Favorites\Desktop.ini

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/01/21 19:23:48 | 000,114,688 | -HS- | M] () -- C:\Documents and Settings\Matt M\Cookies\index.dat

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-01-12 18:08:14

< >

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >

Edited by realapp, 21 January 2011 - 07:39 PM.

[realapp]

OTL extras



OTL Extras logfile created on: 1/19/2011 4:07:08 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Matt M\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 289.00 Mb Available Physical Memory | 28.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.94 Gb Total Space | 47.76 Gb Free Space | 67.32% Space Free | Partition Type: NTFS
Drive D: | 447.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive Z: | 37.24 Gb Total Space | 12.29 Gb Free Space | 33.01% Space Free | Partition Type: NTFS

Computer Name: MATT | User Name: Matt M | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Dell Computer\Dell Picture Studio v2.0\launch.exe" = C:\Program Files\Dell Computer\Dell Picture Studio v2.0\launch.exe:*:Enabled:Jasc Paint Shop Photo Album Application -- (Jasc Software)
"C:\WIN2000\WinTOTAL.exe" = C:\WIN2000\WinTOTAL.exe:*:Enabled:WinTOTAL -- ()
"C:\WINDOWS\SYSTEM32\FXSCLNT.EXE" = C:\WINDOWS\SYSTEM32\FXSCLNT.EXE:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\WinMX\WinMX.exe" = C:\Program Files\WinMX\WinMX.exe:*:Enabled:WinMX Application -- (Frontcode Technologies)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM
"C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE" = C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE:*:Enabled:SUPERAntiSpyware Free Edition -- (SUPERAntiSpyware.com)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- (Lime Wire, LLC)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26595B84-25F5-43E2-9696-B1720E813850}" = WZCBDL Service
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Free Ride Games Player
"{2CA94ED4-F38D-44B4-A79D-E5835E276EFC}" = Air USB Utility
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}" = NETGEAR WNDA3100v2 wireless USB 2.0 adapter
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{508BFA95-545E-42A2-8C9D-E531C53C9B79}" = inTuneMP3
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPROR_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F986C21-5D52-49EA-BAE6-23529040A2DC}" = ASPCA Reminder V7F+AU by We-Care.com
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{BCF4E5BE-C249-4ED3-BA3B-C4257C743995}" = NIOC Service
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C792A75A-2A1F-4991-9B85-291745478A79}" = NetAssistant
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"7-Zip" = 7-Zip 4.63
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Arthur's Kindergarten" = Arthur's Kindergarten
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Busytown" = Busytown Uninstall
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DellSupport" = Dell Support 5.0.0 (766)
"EPSON Printer and Utilities" = EPSON Printer Software
"exent_466550" = The Treasures of Montezuma
"exent_605350" = Magic Encyclopedia
"exent_629350" = Virtual Villagers 2: The Lost Children
"Hidden Mysteries Buckingham Palace" = Hidden Mysteries Buckingham Palace
"Hidden Mysteries Civil War" = Hidden Mysteries Civil War
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{26595B84-25F5-43E2-9696-B1720E813850}" = WZCBDL Service
"InstallShield_{2CA94ED4-F38D-44B4-A79D-E5835E276EFC}" = Air USB Utility
"InstallShield_{BCF4E5BE-C249-4ED3-BA3B-C4257C743995}" = NIOC Service
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NSS" = Norton Security Scan
"PDF-XChange 3_is1" = PDF-XChange 3.0
"PriceGong" = PriceGong 2.1.0
"PROSet" = Intel® PRO Network Adapters and Drivers
"RadioBar" = RadioBar Toolbar
"Revo Uninstaller" = Revo Uninstaller 1.83
"Rrr132.exe" = Reader Rabbit's Reading 1
"Scholastic's I SPY Spooky Mansion Deluxe" = Scholastic's I SPY Spooky Mansion Deluxe
"simppulltoolbar" = Simppull Toolbar (Remove Toolbar Only)
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.3
"SpywareBlaster_is1" = SpywareBlaster 4.3
"SpywareGuard_is1" = SpywareGuard v2.2
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SysInfo" = Creative System Information
"TBSB07183.TBSB07183Toolbar" = Fast Browser Search (My Web Tattoo)
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"ULTIMATER" = Microsoft Office Ultimate 2007
"VeggieMysteryIslandDKey" = The Mystery of Veggie Island
"VISPROR" = Microsoft Office Visio Professional 2007
"WhoCrashed_is1" = WhoCrashed 1.01
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinMX" = WinMX
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/26/2010 12:37:22 AM | Computer Name = MATT | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/26/2010 12:37:23 AM | Computer Name = MATT | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/26/2010 12:37:24 AM | Computer Name = MATT | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/26/2010 12:38:22 AM | Computer Name = MATT | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/26/2010 8:45:40 PM | Computer Name = MATT | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/26/2010 8:46:16 PM | Computer Name = MATT | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/27/2010 6:46:39 PM | Computer Name = MATT | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/27/2010 6:48:17 PM | Computer Name = MATT | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/31/2010 2:24:45 PM | Computer Name = MATT | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/19/2011 10:09:06 AM | Computer Name = MATT | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 1/19/2011 5:52:56 PM | Computer Name = MATT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/19/2011 5:52:56 PM | Computer Name = MATT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/19/2011 5:52:57 PM | Computer Name = MATT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/19/2011 5:52:57 PM | Computer Name = MATT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/19/2011 5:52:57 PM | Computer Name = MATT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/19/2011 5:52:57 PM | Computer Name = MATT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/19/2011 5:52:57 PM | Computer Name = MATT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/19/2011 5:52:57 PM | Computer Name = MATT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/19/2011 5:52:57 PM | Computer Name = MATT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/19/2011 5:52:58 PM | Computer Name = MATT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >

[SweetTech]

Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

• IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  
  Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
  
• Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

[realapp]

ComboFix 11-01-22.03 - Matt M 01/23/2011 15:14:26.7.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.510 [GMT -6:00]
Running from: c:\documents and settings\Matt M\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\isaac\Application Data\PriceGong
c:\documents and settings\isaac\Application Data\PriceGong\Data\1.xml
c:\documents and settings\isaac\Application Data\PriceGong\Data\a.xml
c:\documents and settings\isaac\Application Data\PriceGong\Data\b.xml
c:\documents and settings\isaac\Application Data\PriceGong\Data\c.xml
c:\documents and settings\isaac\Application Data\PriceGong\Data\d.xml
c:\documents and settings\isaac\Application Data\PriceGong\Data\e.xml
c:\documents and settings\isaac\Application Data\PriceGong\Data\f.xml
c:\documents and settings\isaac\Application Data\PriceGong\Data\g.xml
c:\documents and settings\isaac\Application Data\PriceGong\Data\h.xml
c:\documents and settings\isaac\Application Data\PriceGong\Data\i.xml
c:\documents and settings\isaac\Application Data\PriceGong\Data\J.xml
c:\documents and settings\isaac\Application Data\PriceGong\Data\k.xml
c:\documents and settings\isaac\Application Data\PriceGong\Data\l.xml
c:\documents and settings\isaac\Application Data\PriceGong\Data\m.xml
c:\documents and settings\isaac\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\isaac\Application Data\PriceGong\Data\n.xml
c:\documents and settings\isaac\Application Data\PriceGong\Data\o.xml
c:\documents and settings\isaac\Application Data\PriceGong\Data\p.xml
c:\documents and settings\isaac\Application Data\PriceGong\Data\q.xml
c:\documents and settings\isaac\Application Data\PriceGong\Data\r.xml
c:\documents and settings\isaac\Application Data\PriceGong\Data\s.xml
c:\documents and settings\isaac\Application Data\PriceGong\Data\t.xml
c:\documents and settings\isaac\Application Data\PriceGong\Data\u.xml
c:\documents and settings\isaac\Application Data\PriceGong\Data\v.xml
c:\documents and settings\isaac\Application Data\PriceGong\Data\w.xml
c:\documents and settings\isaac\Application Data\PriceGong\Data\x.xml
c:\documents and settings\isaac\Application Data\PriceGong\Data\y.xml
c:\documents and settings\isaac\Application Data\PriceGong\Data\z.xml
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2010-12-23 to 2011-01-23 )))))))))))))))))))))))))))))))
.

2011-01-21 18:05 . 2011-01-21 18:05 -------- d-----w- C:\_OTL
2011-01-21 18:01 . 2011-01-21 18:01 -------- d-----w- c:\documents and settings\Matt M\Application Data\simppulltoolbar
2011-01-12 00:06 . 2011-01-12 00:08 -------- d-----w- C:\.yanillescapeclientv3_file_store_32

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2004-08-04 10:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2004-08-04 10:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-04 10:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-04 10:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-04 10:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}]
2010-11-09 16:21 371320 ----a-w- c:\program files\Freeze.com\NetAssistant\NetAssistant.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinTOTAL Scheduler"="c:\win2000\guru.exe" [2005-04-11 622592]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-08-02 2403568]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 700416]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~2\mimboot.exe" [2006-01-19 11776]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-10 118784]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"D-Link Air USB Utility"="c:\program files\D-Link\Air USB Utility\AirCFG.exe" [2003-07-23 2695168]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-02 149280]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2009-10-14 730480]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2010-07-18 1774080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10d.exe" [2009-11-03 257440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE [2004-10-31 135680]
NETGEAR WNDA3100v2 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2010-8-1 3272704]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-12-03 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-12-03 18:25 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MpfService"=2 (0x2)
"MCVSRte"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"McShield"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Dell Computer\\Dell Picture Studio v2.0\\launch.exe"=
"c:\\WIN2000\\WinTOTAL.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\FXSCLNT.EXE"=
"c:\\Program Files\\WinMX\\WinMX.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Media Player\\WMPLAYER.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERANTISPYWARE.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 12:53 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 11:39 AM 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/3/2009 6:30 PM 108289]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [10/14/2009 7:30 AM 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [10/14/2009 7:30 AM 476528]
R2 NIOC;NIOC Service;c:\windows\SYSTEM32\NIOC.sys [9/27/2002 5:21 PM 22912]
R2 WZCBDLService;WZCBDL Service;c:\program files\WZCBDL Service\WZCBDLS.exe [3/19/2002 11:15 AM 36864]
R2 X4HSEx;X4HSEx;c:\program files\Free Ride Games\X4HSEx.sys [12/9/2010 7:41 PM 56352]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\SYSTEM32\DRIVERS\bcmwlhigh5.sys [8/1/2010 7:45 PM 632576]
S2 WSWNDA3100;WSWNDA3100;c:\program files\NETGEAR\WNDA3100v2\WifiSvc.exe [8/1/2010 7:44 PM 278528]
S3 ActionReplayDS;ActionReplayDS;c:\windows\SYSTEM32\DRIVERS\ActionReplayDS.sys [1/16/2010 8:18 PM 29184]
S3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;c:\windows\SYSTEM32\DRIVERS\PRISMUSB.sys [10/22/2004 2:59 PM 636502]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 4:51 PM 12872]
.
Contents of the 'Scheduled Tasks' folder

2011-01-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2004-10-19 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\OOBEBALN.EXE [2004-08-04 00:12]

2011-01-23 c:\windows\Tasks\Norton Security Scan for isaac.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-09-19 11:32]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-23 15:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7e,49,91,ad,d7,59,12,42,92,a2,21,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7e,49,91,ad,d7,59,12,42,92,a2,21,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(844)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

- - - - - - - > 'lsass.exe'(900)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'explorer.exe'(2740)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\EPSON\EBAPI\SAgentNT.exe
c:\program files\Common Files\EPSON\EBAPI\EBRR.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\SpywareGuard\sgmain.exe
c:\program files\SpywareGuard\sgbhp.exe
c:\windows\system32\locator.exe
.
**************************************************************************
.
Completion time: 2011-01-23 15:45:58 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-23 21:45

Pre-Run: 44,831,444,992 bytes free
Post-Run: 44,827,111,424 bytes free

- - End Of File - - 7132C07E23DCC5886AB52C65AD0D6153




Computer is running better, althought when I tried to paste this info I got directed to another website as soon as I hit paste and had to do it again.

Edited by realapp, 23 January 2011 - 04:47 PM.

[SweetTech]

Hello,

How are you doing today?

Lets see what this scan below finds.

Running TDSSKiller

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
  
  
  
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
  
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
  
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
  
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

NEXT:



If your still experiencing redirects after running the above tool please proceed with resetting your router. If your not experiencing redirects anymore, please do not follow these instructions. Instead post the TDSSKiller log for me to review.


Router Reset

• Please read this: Malware Silently Alters Wireless Router Settings
  
  
• Consult this link to find out what is the default username and password of your router and note down them: Route Passwords
  
  
• Then rest your router to it's factory default settings:
  
  

  "If your machine has been infected by one of these Zlob/DNSchanger Trojans, and your router settings have been altered, I would strongly recommend that you reset the router to its default configuration. Usually, this can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 30 seconds)"

  
  
• This is the difficult part.
  First get to the routers server. To do that type http:\\192.168.1.1 in the address bar and click Enter. You get the log in window.
  Fill in the password you have already found and you will get the configuration page.
  Configure the router to allow you to connect to your ISP server. In some routers it is done by a setup wizard. But you have to fill in the log in password your ISP has initially given to you.
  You can also call your ISP if you don't have your initial password.
  Don't forget to change the routers default password and set a strong password. Note down the password and keep it somewhere for future reference.
  
  
• Please make sure of the following settings:
  
• Go to Start -> Control Panel -> Double click on Network Connections.
• Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.
  
• Select the General tab.
• Double click on Internet Protocol (TCP/IP).
  
• Under General tab:
  
• Select "Obtain an IP address automatically".
• Select "Obtain DNS server address automatically".

[*]Click OK twice to save the settings.
[*]Reboot if you had to change any setting.[/list][/list]

NEXT:



Flush the DNS cache

• Click the Start logo in the bottom left corner of the screen
• Click on Run
• In the command window copy/paste the following

ipconfig /flushdns

• then hit enter
• Exit the command window.

After that, Reboot

[realapp]

2011/01/25 17:12:49.0796 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
2011/01/25 17:12:49.0796 ================================================================================
2011/01/25 17:12:49.0796 SystemInfo:
2011/01/25 17:12:49.0796
2011/01/25 17:12:49.0796 OS Version: 5.1.2600 ServicePack: 3.0
2011/01/25 17:12:49.0796 Product type: Workstation
2011/01/25 17:12:49.0796 ComputerName: MATT
2011/01/25 17:12:49.0796 UserName: Matt M
2011/01/25 17:12:49.0796 Windows directory: C:\WINDOWS
2011/01/25 17:12:49.0796 System windows directory: C:\WINDOWS
2011/01/25 17:12:49.0796 Processor architecture: Intel x86
2011/01/25 17:12:49.0796 Number of processors: 1
2011/01/25 17:12:49.0796 Page size: 0x1000
2011/01/25 17:12:49.0796 Boot type: Normal boot
2011/01/25 17:12:49.0796 ================================================================================
2011/01/25 17:12:50.0015 Initialize success

[SweetTech]

Have you tried resetting your router to see if that fixes the issue you are experiencing with the redirects?

[realapp]

have just tried to get on a couple times and don't seem to be having redirects, but just slow.

Edited by realapp, 25 January 2011 - 05:58 PM.

[SweetTech]

Hello realapp,

Glad to hear the redirects have stopped. I am going to have you update a few programs in this post, and run a few additional scans to ensure that nothing else is hiding.

Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy

• Go to Start > Control Panel > Add/Remove Programs
• Remove ALL instances of Adobe Reader
• Re-boot your computer as required.
• Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader

Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.



NEXT:



Java Outdated
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Microsoft: ‘Unprecedented Wave of Java Exploitation’
Drive-by Trojan preying on out-of-date Java installations
Ghosts of Java Haunt UsersPlease follow these steps to remove older version Java components and update:

• Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
• Look for "Java Platform, Standard Edition".
• Click the "Download JRE" button to the right.
• Select your Platform: "Windows" (32-bit) or "Windows x64" (64-bit).
• Select your Language: "Multi-language".
• Read the License Agreement, and then check the box that says: "I agree to the Java SE...License Agreement".
• Click Continue and the page will refresh.
• Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
• Close any programs you may have running - especially your web browser.

Go to > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.

• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u23-windows-i586.exe to install the newest version.
• If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
• When the Java Setup - Welcome window opens, click the Install > button.
• If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:

• Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
• Click Ok and reboot your computer.

NEXT



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

• Open Malwarebytes' Anti-Malware
• Select the Update tab
• Click Check for Updates
• After the update have been completed, Select the Scanner tab.
• Select Perform quick scan, then click on Scan
• Leave the default options as it is and click on Start Scan
• When done, you will be prompted. Click OK, then click on Show Results
• Checked (ticked) all items and click on Remove Selected
• After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
• Check
• Click the button.
• Accept any security warnings from your browser.
• Check
• Make sure that the option "Remove found threats" is Unchecked
• Push the Start button.
• ESET will then download updates for itself, install itself, and begin
  scanning your computer. Please be patient as this can take some time.
• When the scan completes, push
• Push , and save the file to your desktop using a unique name, such as
  ESETScan. Include the contents of this report in your next reply.
• Push the button.
• Push

NEXT:



Security Check
Download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

[realapp]

For some reason I can't uninstall Adobe reader. It says cannot open key. And then it says fatal error.
Also, I have other Adobe programs such as shockwave flashplayer, Air installed. Should I remove those?