[Putt4Dough]

Hello,

I have tried all the procedure here to get rid of this Google redirect pest and it won't go away. Here is my OTL log:

Best regards,

OTL logfile created on: 2011-04-08 09:40:14 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Tools
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

502,00 Mb Total Physical Memory | 204,00 Mb Available Physical Memory | 41,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 219,20 Gb Free Space | 94,13% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JEANBERUBE
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2011-04-07 03:58:47 | 001,192,240 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011-04-07 03:58:39 | 001,753,048 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010-12-17 12:52:21 | 000,110,592 | ---- | M] () -- C:\Program Files\NCH Software\Components\mp3el\mp3enc.exe
PRC - [2010-12-17 12:52:19 | 000,499,716 | ---- | M] (NCH Software) -- C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe
PRC - [2010-11-09 09:30:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Tools\OTL.exe
PRC - [2010-07-06 11:06:20 | 005,279,016 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer.exe
PRC - [2010-07-06 11:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009-09-04 21:12:58 | 000,247,080 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\Temp\pccntupd.exe
PRC - [2009-04-15 22:38:34 | 000,070,944 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\Misc\xpupg.exe
PRC - [2009-01-14 18:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008-04-14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-02-12 13:18:50 | 000,924,160 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe


========== Modules (SafeList) ==========

MOD - [2010-11-09 09:30:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Tools\OTL.exe
MOD - [2010-08-23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010-07-06 11:06:20 | 000,107,816 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TV.dll
MOD - [2008-04-14 08:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2011-04-07 03:58:39 | 001,753,048 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010-12-17 12:52:19 | 000,499,716 | ---- | M] (NCH Software) [Auto | Running] -- C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe -- (BroadWaveService)
SRV - [2010-07-06 11:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009-09-04 21:14:34 | 001,304,528 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe -- (tmlisten)
SRV - [2009-09-04 21:12:28 | 001,389,864 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe -- (ntrtscan)
SRV - [2009-07-15 18:37:18 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2009-07-06 15:19:04 | 000,345,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\..\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009-01-14 18:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008-01-15 10:28:20 | 000,204,800 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2007-02-12 13:18:50 | 000,924,160 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\npmxy.sys -- (xusvr)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Safe Returner\RegKernelHelp.sys -- (RegKernelHelp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\igdkmd32.sys -- (igfx)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2011-02-04 10:27:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010-12-03 05:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010-10-20 19:45:16 | 000,249,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys -- (TmFilter)
DRV - [2010-10-20 19:45:06 | 000,036,432 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2010-10-20 19:30:02 | 001,331,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\vsapiNT.sys -- (VSApiNt)
DRV - [2010-07-19 19:03:10 | 000,059,472 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010-07-19 19:03:00 | 000,051,792 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010-07-19 19:02:54 | 000,163,408 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009-07-15 18:37:40 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2008-12-12 11:33:58 | 006,048,768 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008-04-14 08:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007-02-12 13:17:40 | 000,033,792 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007-02-12 13:17:24 | 000,031,360 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007-02-12 13:14:42 | 000,112,384 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2006-12-02 12:19:30 | 000,050,688 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2006-11-03 10:32:30 | 004,394,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006-11-01 08:59:40 | 000,009,432 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006-11-01 08:59:10 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006-11-01 08:59:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006-11-01 08:59:08 | 000,098,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006-11-01 08:59:06 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006-11-01 08:59:04 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006-11-01 08:59:02 | 000,104,760 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006-11-01 08:59:02 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006-10-25 08:22:22 | 000,099,816 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006-09-15 09:45:24 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006-09-15 09:45:22 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006-09-15 09:42:52 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006-06-29 07:53:00 | 000,244,864 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.imesh....ar.html?src=ssb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/de...fr-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8A 55 E9 7E 96 90 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - C:\Program Files\Elf_1.15\prxtbElf0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



O1 HOSTS File: ([2011-04-08 09:26:44 | 000,000,635 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Elf 1.13 Toolbar) - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf0.dll (Conduit Ltd.)
O2 - BHO: (Elf 1.15 Toolbar) - {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - C:\Program Files\Elf_1.15\prxtbElf0.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Elf 1.13 Toolbar) - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Elf 1.15 Toolbar) - {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - C:\Program Files\Elf_1.15\prxtbElf0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Elf 1.13 Toolbar) - {B80F591E-FE9A-46CF-A13E-180377240586} - C:\Program Files\Elf_1.13\prxtbElf0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Elf 1.15 Toolbar) - {B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - C:\Program Files\Elf_1.15\prxtbElf0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [BroadWave] C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe (NCH Software)
O4 - HKLM..\Run: [ErrorTeck] C:\Program Files\ErrorTeck\ErrorTeck.exe File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe File not found
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\TeamViewer 5.lnk = C:\Program Files\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O15 - HKCU\..Trusted Domains: //@install.mar@/ ([]msni in My Computer)
O15 - HKCU\..Trusted Domains: //@mail.mar@/ ([]msni in Local intranet)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 142.217.192.8 142.217.192.9
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-03-30 11:20:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2a00b3b6-6061-11df-bdd1-001921507246}\Shell\AutoRun\command - "" = E:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{2a00b3b6-6061-11df-bdd1-001921507246}\Shell\install\command - "" = E:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{2a00b3b6-6061-11df-bdd1-001921507246}\Shell\usermanualEnglish\command - "" = E:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{2a00b3b6-6061-11df-bdd1-001921507246}\Shell\usermanualFrench\command - "" = E:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{2a00b3b6-6061-11df-bdd1-001921507246}\Shell\usermanualSpanish\command - "" = E:\rcaeasyrip_setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2011-04-08 08:53:27 | 000,059,472 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2011-04-08 08:53:27 | 000,051,792 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2011-04-08 08:53:26 | 000,163,408 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011-04-08 08:52:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\log
[2011-04-08 08:52:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011-04-08 08:51:29 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011-04-08 07:47:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New folder
[2011-04-07 16:52:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SafeReturner
[2011-04-07 16:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\Safe Returner
[2011-04-07 15:18:08 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011-04-07 15:18:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011-04-07 10:34:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2011-03-26 13:51:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ErrorTeck
[2011-03-26 13:15:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DriverCure
[2011-03-26 13:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ParetoLogic
[2011-03-26 13:14:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011-03-26 09:47:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011-03-16 12:29:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2011-02-26 11:43:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\gHnLfIb01805
[2011-02-20 10:57:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011-02-03 17:28:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011-02-03 17:24:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2011-02-03 17:23:47 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011-02-03 17:23:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google

========== Files - Modified Within 90 Days ==========

[2011-04-08 09:39:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D3894A60-D1F2-410F-BF4D-E0890E4AD689}.job
[2011-04-08 09:28:02 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011-04-08 09:26:44 | 000,000,635 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011-04-08 08:52:42 | 000,451,678 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-04-08 08:52:41 | 000,074,484 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-04-08 08:52:40 | 000,522,062 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2011-04-08 08:11:42 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011-04-08 08:11:40 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-04-08 08:11:13 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011-04-08 08:11:11 | 000,000,314 | -HS- | M] () -- C:\WINDOWS\tasks\Krscva.job
[2011-04-08 08:11:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2011-04-08 08:11:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-04-08 08:10:16 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2011-04-08 08:10:16 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2011-04-08 08:08:42 | 000,000,021 | ---- | M] () -- C:\tmuninst.ini
[2011-04-08 07:58:40 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7D214F70-5922-4225-9C94-B4E06E8D6E34}.job
[2011-04-07 14:42:40 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2011-04-07 10:34:22 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2011-04-07 10:06:09 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-04-07 09:36:06 | 000,011,966 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\olralxi5ci8w
[2011-04-07 09:36:05 | 000,011,966 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\olralxi5ci8w
[2011-03-31 09:40:02 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\doxillionShakeIcon.job
[2011-03-29 14:08:09 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\tempoperfectShakeIcon.job
[2011-03-25 09:37:11 | 000,015,576 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Brochure[1].docx
[2011-03-22 09:00:43 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011-03-17 03:02:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011-03-16 14:08:55 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TempoPerfect Metronome Software.lnk
[2011-03-16 12:29:11 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Doxillion Document Converter.lnk
[2011-02-10 04:18:08 | 000,189,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-02-09 09:53:52 | 000,270,848 | ---- | M] () -- C:\WINDOWS\System32\sbe.dll
[2011-02-09 09:53:52 | 000,270,848 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sbe.dll
[2011-02-09 09:53:52 | 000,186,880 | ---- | M] () -- C:\WINDOWS\System32\encdec.dll
[2011-02-09 09:53:52 | 000,186,880 | ---- | M] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2011-02-08 08:55:21 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe

========== Files Created - No Company Name ==========

[2011-04-08 08:08:32 | 000,000,021 | ---- | C] () -- C:\tmuninst.ini
[2011-04-07 14:42:40 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2011-04-07 10:33:24 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\TeamViewer 5.lnk
[2011-04-06 16:45:42 | 000,011,966 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\olralxi5ci8w
[2011-04-06 16:45:42 | 000,011,966 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\olralxi5ci8w
[2011-03-25 09:40:08 | 000,000,300 | ---- | C] () -- C:\WINDOWS\tasks\doxillionShakeIcon.job
[2011-03-25 09:37:11 | 000,015,576 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Brochure[1].docx
[2011-03-16 14:09:39 | 000,000,318 | ---- | C] () -- C:\WINDOWS\tasks\tempoperfectShakeIcon.job
[2011-03-16 14:08:55 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TempoPerfect Metronome Software.lnk
[2011-03-16 12:29:11 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Doxillion Document Converter.lnk
[2011-02-03 17:23:56 | 000,000,900 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011-02-03 17:23:55 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010-10-12 12:16:43 | 000,098,816 | RHS- | C] () -- C:\WINDOWS\System32\kbdsfa.dll
[2010-08-15 10:03:40 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010-06-08 09:27:57 | 000,000,013 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt
[2010-06-08 08:57:39 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2010-06-08 08:57:39 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010-05-15 16:54:35 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Smiley.ico
[2010-03-30 12:54:36 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5016.dll
[2007-01-17 13:57:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006-12-13 23:01:36 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006-12-13 23:01:36 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll

========== LOP Check ==========

[2011-03-26 13:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DriverCure
[2011-03-26 13:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ErrorTeck
[2010-03-30 15:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2010-05-15 17:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MSNInstaller
[2011-03-16 14:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NCH Swift Sound
[2011-03-26 13:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ParetoLogic
[2011-04-06 16:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PriceGong
[2011-04-07 15:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2010-12-03 13:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2B134
[2010-11-27 14:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\392FD
[2011-03-16 11:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gHnLfIb01805
[2010-08-14 15:25:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys
[2011-03-26 09:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011-03-16 14:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011-03-26 13:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011-04-07 16:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeReturner
[2010-12-13 16:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010-12-13 17:45:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2010-12-13 16:16:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A3570649-72CF-4FA2-A237-74A7EE92053E}
[2010-12-04 12:40:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A471C4AE-B27B-4761-9BCF-82FAAAAA2D01}
[2011-04-08 08:11:42 | 000,000,492 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011-03-31 09:40:02 | 000,000,300 | ---- | M] () -- C:\WINDOWS\Tasks\doxillionShakeIcon.job
[2010-12-16 15:33:11 | 000,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnShakeIcon.job
[2010-12-09 15:34:02 | 000,000,310 | ---- | M] () -- C:\WINDOWS\Tasks\expressripShakeIcon.job
[2011-04-08 08:11:11 | 000,000,314 | -HS- | M] () -- C:\WINDOWS\Tasks\Krscva.job
[2010-12-09 16:13:02 | 000,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job
[2011-03-29 14:08:09 | 000,000,318 | ---- | M] () -- C:\WINDOWS\Tasks\tempoperfectShakeIcon.job
[2011-04-08 07:58:40 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{7D214F70-5922-4225-9C94-B4E06E8D6E34}.job
[2011-04-08 09:39:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D3894A60-D1F2-410F-BF4D-E0890E4AD689}.job
[2010-12-16 15:33:10 | 000,000,298 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
< End of report >

[Advertisements]

Copy the text in the code box by highlighting and Ctrl + c

:Services
xusvr
RegKernelHelp
igfx
catchme

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.imesh....ar.html?src=ssb
IE - HKCU\..\URLSearchHook: {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - C:\Program Files\Elf_1.15\prxtbElf0.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Elf 1.13 Toolbar) - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf0.dll (Conduit Ltd.)
O2 - BHO: (Elf 1.15 Toolbar) - {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - C:\Program Files\Elf_1.15\prxtbElf0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Elf 1.13 Toolbar) - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Elf 1.15 Toolbar) - {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - C:\Program Files\Elf_1.15\prxtbElf0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Elf 1.13 Toolbar) - {B80F591E-FE9A-46CF-A13E-180377240586} - C:\Program Files\Elf_1.13\prxtbElf0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Elf 1.15 Toolbar) - {B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - C:\Program Files\Elf_1.15\prxtbElf0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ErrorTeck] C:\Program Files\ErrorTeck\ErrorTeck.exe File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O33 - MountPoints2\{2a00b3b6-6061-11df-bdd1-001921507246}\Shell\AutoRun\command - "" = E:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{2a00b3b6-6061-11df-bdd1-001921507246}\Shell\install\command - "" = E:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{2a00b3b6-6061-11df-bdd1-001921507246}\Shell\usermanualEnglish\command - "" = E:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{2a00b3b6-6061-11df-bdd1-001921507246}\Shell\usermanualFrench\command - "" = E:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{2a00b3b6-6061-11df-bdd1-001921507246}\Shell\usermanualSpanish\command - "" = E:\rcaeasyrip_setup.exe -- File not found
[2011-04-06 16:45:42 | 000,011,966 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\olralxi5ci8w
[2011-04-06 16:45:42 | 000,011,966 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\olralxi5ci8w
[2011-03-16 11:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gHnLfIb01805
[2011-04-08 08:11:11 | 000,000,314 | -HS- | M] () -- C:\WINDOWS\Tasks\Krscva.job
[2010-10-12 12:16:43 | 000,098,816 | RHS- | C] () -- C:\WINDOWS\System32\kbdsfa.dll

:Files
C:\Documents and Settings\All Users\Application Data\gHnLfIb01805
C:\Documents and Settings\All Users\Application Data\olralxi5ci8w
C:\Documents and Settings\Administrator\Local Settings\Application Data\olralxi5ci8w
     
:Commands
[purity]
[emptytemp]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run it.

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.





Are you still getting redirects?

Ron

[RKinner]

Copy the text in the code box by highlighting and Ctrl + c

:Services
xusvr
RegKernelHelp
igfx
catchme

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.imesh....ar.html?src=ssb
IE - HKCU\..\URLSearchHook: {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - C:\Program Files\Elf_1.15\prxtbElf0.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Elf 1.13 Toolbar) - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf0.dll (Conduit Ltd.)
O2 - BHO: (Elf 1.15 Toolbar) - {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - C:\Program Files\Elf_1.15\prxtbElf0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Elf 1.13 Toolbar) - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Elf 1.15 Toolbar) - {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - C:\Program Files\Elf_1.15\prxtbElf0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Elf 1.13 Toolbar) - {B80F591E-FE9A-46CF-A13E-180377240586} - C:\Program Files\Elf_1.13\prxtbElf0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Elf 1.15 Toolbar) - {B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - C:\Program Files\Elf_1.15\prxtbElf0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ErrorTeck] C:\Program Files\ErrorTeck\ErrorTeck.exe File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O33 - MountPoints2\{2a00b3b6-6061-11df-bdd1-001921507246}\Shell\AutoRun\command - "" = E:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{2a00b3b6-6061-11df-bdd1-001921507246}\Shell\install\command - "" = E:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{2a00b3b6-6061-11df-bdd1-001921507246}\Shell\usermanualEnglish\command - "" = E:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{2a00b3b6-6061-11df-bdd1-001921507246}\Shell\usermanualFrench\command - "" = E:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{2a00b3b6-6061-11df-bdd1-001921507246}\Shell\usermanualSpanish\command - "" = E:\rcaeasyrip_setup.exe -- File not found
[2011-04-06 16:45:42 | 000,011,966 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\olralxi5ci8w
[2011-04-06 16:45:42 | 000,011,966 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\olralxi5ci8w
[2011-03-16 11:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gHnLfIb01805
[2011-04-08 08:11:11 | 000,000,314 | -HS- | M] () -- C:\WINDOWS\Tasks\Krscva.job
[2010-10-12 12:16:43 | 000,098,816 | RHS- | C] () -- C:\WINDOWS\System32\kbdsfa.dll

:Files
C:\Documents and Settings\All Users\Application Data\gHnLfIb01805
C:\Documents and Settings\All Users\Application Data\olralxi5ci8w
C:\Documents and Settings\Administrator\Local Settings\Application Data\olralxi5ci8w
     
:Commands
[purity]
[emptytemp]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run it.

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.





Are you still getting redirects?

Ron

[Putt4Dough]

Hello and thanks for this. It’s much appreciated.

I was unable to retrieve the first log after running OTL with your script. The user rebooted the PC while I was not there. This is the only log I found in regards to the time I ran the script.

As for your last question, redirects are gone. Google works fine now. TY.

All processes killed
========== SERVICES/DRIVERS ==========
Service xusvr stopped successfully!
Service xusvr deleted successfully!
Service RegKernelHelp stopped successfully!
Service RegKernelHelp deleted successfully!
Service igfx stopped successfully!
Service igfx deleted successfully!
Service catchme stopped successfully!
Service catchme deleted successfully!
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{b80f591e-fe9a-46cf-a13e-180377240586} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b80f591e-fe9a-46cf-a13e-180377240586}\ deleted successfully.
C:\Program Files\Elf_1.13\prxtbElf0.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}\ deleted successfully.
C:\Program Files\Elf_1.15\prxtbElf0.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\ deleted successfully.
C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b80f591e-fe9a-46cf-a13e-180377240586}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b80f591e-fe9a-46cf-a13e-180377240586}\ not found.
File C:\Program Files\Elf_1.13\prxtbElf0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}\ not found.
File C:\Program Files\Elf_1.15\prxtbElf0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{b80f591e-fe9a-46cf-a13e-180377240586} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b80f591e-fe9a-46cf-a13e-180377240586}\ not found.
File C:\Program Files\Elf_1.13\prxtbElf0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}\ not found.
File C:\Program Files\Elf_1.15\prxtbElf0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B80F591E-FE9A-46CF-A13E-180377240586} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B80F591E-FE9A-46CF-A13E-180377240586}\ not found.
File C:\Program Files\Elf_1.13\prxtbElf0.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B9D63C58-90CC-428B-8D3B-CBB88EB07E7E}\ not found.
File C:\Program Files\Elf_1.15\prxtbElf0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ErrorTeck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a00b3b6-6061-11df-bdd1-001921507246}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a00b3b6-6061-11df-bdd1-001921507246}\ not found.
File E:\rcaeasyrip_setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a00b3b6-6061-11df-bdd1-001921507246}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a00b3b6-6061-11df-bdd1-001921507246}\ not found.
File E:\rcaeasyrip_setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a00b3b6-6061-11df-bdd1-001921507246}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a00b3b6-6061-11df-bdd1-001921507246}\ not found.
File E:\rcaeasyrip_setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a00b3b6-6061-11df-bdd1-001921507246}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a00b3b6-6061-11df-bdd1-001921507246}\ not found.
File E:\rcaeasyrip_setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a00b3b6-6061-11df-bdd1-001921507246}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a00b3b6-6061-11df-bdd1-001921507246}\ not found.
File E:\rcaeasyrip_setup.exe not found.
C:\Documents and Settings\All Users\Application Data\olralxi5ci8w moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\olralxi5ci8w moved successfully.
Folder C:\Documents and Settings\All Users\Application Data\gHnLfIb01805\ not found.
C:\WINDOWS\Tasks\Krscva.job moved successfully.
C:\WINDOWS\system32\kbdsfa.dll moved successfully.
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\gHnLfIb01805 folder moved successfully.
File\Folder C:\Documents and Settings\All Users\Application Data\olralxi5ci8w not found.
File\Folder C:\Documents and Settings\Administrator\Local Settings\Application Data\olralxi5ci8w not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 14487136 bytes
->Temporary Internet Files folder emptied: 5800341 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 615 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: JHBerube

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 17298746 bytes

Total Files Cleaned = 36,00 mb


OTL by OldTimer - Version 3.2.14.1 log created on 04092011_074935

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


OTL logfile created on: 2011-04-09 13:46:17 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Tools
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

502,00 Mb Total Physical Memory | 224,00 Mb Available Physical Memory | 45,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 219,22 Gb Free Space | 94,14% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: JEANBERUBE | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-04-09 13:43:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Tools\OTL.exe
PRC - [2011-04-07 03:58:47 | 001,192,240 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011-04-07 03:58:39 | 001,753,048 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010-12-17 12:52:21 | 000,110,592 | ---- | M] () -- C:\Program Files\NCH Software\Components\mp3el\mp3enc.exe
PRC - [2010-12-17 12:52:19 | 000,499,716 | ---- | M] (NCH Software) -- C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe
PRC - [2010-07-06 11:06:20 | 005,279,016 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer.exe
PRC - [2010-07-06 11:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009-09-04 21:12:58 | 000,247,080 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\Temp\pccntupd.exe
PRC - [2009-04-15 22:38:34 | 000,070,944 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\Misc\xpupg.exe
PRC - [2008-04-14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-02-12 13:18:50 | 000,924,160 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe


========== Modules (SafeList) ==========

MOD - [2011-04-09 13:43:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Tools\OTL.exe
MOD - [2010-08-23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010-07-06 11:06:20 | 000,107,816 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TV.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011-04-07 03:58:39 | 001,753,048 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010-12-17 12:52:19 | 000,499,716 | ---- | M] (NCH Software) [Auto | Running] -- C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe -- (BroadWaveService)
SRV - [2010-07-06 11:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009-09-04 21:14:34 | 001,304,528 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe -- (tmlisten)
SRV - [2009-09-04 21:12:28 | 001,389,864 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe -- (ntrtscan)
SRV - [2009-07-15 18:37:18 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2009-07-06 15:19:04 | 000,345,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\..\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2008-01-15 10:28:20 | 000,204,800 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2007-02-12 13:18:50 | 000,924,160 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - [2011-02-04 10:27:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010-12-03 05:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010-10-20 19:45:16 | 000,249,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys -- (TmFilter)
DRV - [2010-10-20 19:45:06 | 000,036,432 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2010-10-20 19:30:02 | 001,331,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\vsapiNT.sys -- (VSApiNt)
DRV - [2010-07-19 19:03:10 | 000,059,472 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010-07-19 19:03:00 | 000,051,792 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010-07-19 19:02:54 | 000,163,408 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009-07-15 18:37:40 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2007-02-12 13:17:40 | 000,033,792 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007-02-12 13:17:24 | 000,031,360 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007-02-12 13:14:42 | 000,112,384 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2006-12-02 12:19:30 | 000,050,688 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2006-11-03 10:32:30 | 004,394,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006-11-01 08:59:40 | 000,009,432 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006-11-01 08:59:10 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006-11-01 08:59:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006-11-01 08:59:08 | 000,098,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006-11-01 08:59:06 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006-11-01 08:59:04 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006-11-01 08:59:02 | 000,104,760 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006-11-01 08:59:02 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006-09-15 09:45:24 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006-09-15 09:45:22 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006-06-29 07:53:00 | 000,244,864 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/de...fr-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8A 55 E9 7E 96 90 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



O1 HOSTS File: ([2011-04-08 09:26:44 | 000,000,635 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [BroadWave] C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe (NCH Software)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] File not found
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\TeamViewer 5.lnk = C:\Program Files\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKCU\..Trusted Domains: //@install.mar@/ ([]msni in My Computer)
O15 - HKCU\..Trusted Domains: //@mail.mar@/ ([]msni in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 142.217.192.8 142.217.192.9
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-03-30 11:20:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-04-08 08:53:27 | 000,059,472 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2011-04-08 08:53:27 | 000,051,792 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2011-04-08 08:53:26 | 000,163,408 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011-04-08 08:52:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\log
[2011-04-08 08:52:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trend Micro OfficeScan Client
[2011-04-08 08:51:29 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011-04-08 07:47:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New folder
[2011-04-07 16:52:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SafeReturner
[2011-04-07 16:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\Safe Returner
[2011-04-07 16:12:42 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011-04-07 16:12:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011-04-07 16:12:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011-04-07 15:18:08 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011-04-07 15:18:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011-04-07 10:34:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2011-03-26 13:51:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ErrorTeck
[2011-03-26 13:15:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DriverCure
[2011-03-26 13:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ParetoLogic
[2011-03-26 13:14:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011-03-26 09:47:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011-03-16 12:29:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software

========== Files - Modified Within 30 Days ==========

[2011-04-09 13:49:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D3894A60-D1F2-410F-BF4D-E0890E4AD689}.job
[2011-04-09 13:28:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011-04-09 10:59:57 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7D214F70-5922-4225-9C94-B4E06E8D6E34}.job
[2011-04-09 09:16:52 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011-04-09 09:16:51 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-04-09 09:16:30 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011-04-09 09:16:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-04-08 09:26:44 | 000,000,635 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011-04-08 08:52:42 | 000,451,678 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-04-08 08:52:41 | 000,074,484 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-04-08 08:08:42 | 000,000,021 | ---- | M] () -- C:\tmuninst.ini
[2011-04-07 14:42:40 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2011-04-07 10:34:22 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2011-04-07 10:06:09 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-03-31 09:40:02 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\doxillionShakeIcon.job
[2011-03-29 14:08:09 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\tempoperfectShakeIcon.job
[2011-03-22 09:00:43 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011-03-17 03:02:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011-03-16 14:08:55 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TempoPerfect Metronome Software.lnk
[2011-03-16 12:29:11 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Doxillion Document Converter.lnk

========== Files Created - No Company Name ==========

[2011-04-08 08:08:32 | 000,000,021 | ---- | C] () -- C:\tmuninst.ini
[2011-04-07 14:42:40 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2011-04-07 10:33:24 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\TeamViewer 5.lnk
[2011-03-25 09:40:08 | 000,000,300 | ---- | C] () -- C:\WINDOWS\tasks\doxillionShakeIcon.job
[2011-03-16 14:09:39 | 000,000,318 | ---- | C] () -- C:\WINDOWS\tasks\tempoperfectShakeIcon.job
[2011-03-16 14:08:55 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TempoPerfect Metronome Software.lnk
[2011-03-16 14:08:54 | 000,000,880 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\TempoPerfect Metronome Software.lnk
[2011-03-16 12:29:11 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Doxillion Document Converter.lnk
[2011-03-16 12:29:11 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Doxillion Document Converter.lnk
[2010-12-13 18:46:38 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010-08-15 10:03:40 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010-07-19 11:21:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ljuyogovitogolo.bin
[2010-07-19 11:21:50 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Lfuvoxiredoxi.dat
[2010-06-08 08:57:39 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2010-06-08 08:57:39 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010-03-30 12:54:36 | 001,481,884 | ---- | C] () -- C:\WINDOWS\System32\igkrng400.bin
[2010-03-30 12:54:36 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5016.dll
[2010-03-30 12:00:33 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010-03-30 11:23:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010-03-30 11:17:09 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010-03-30 05:58:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010-03-30 05:57:26 | 000,189,000 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008-04-14 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008-04-14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008-04-14 08:00:00 | 000,451,678 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008-04-14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008-04-14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008-04-14 08:00:00 | 000,074,484 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008-04-14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008-04-14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008-04-14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008-04-14 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008-04-14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008-04-14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007-01-17 13:57:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006-12-13 23:01:36 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006-12-13 23:01:36 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84

< End of report >

OTL Extras logfile created on: 2011-04-09 13:46:17 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Tools
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

502,00 Mb Total Physical Memory | 224,00 Mb Available Physical Memory | 45,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 219,22 Gb Free Space | 94,14% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: JEANBERUBE | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"85:TCP" = 85:TCP:*:Enabled:BroadWave Web Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 24
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6599091B-D42D-4765-ABC3-8B25E844C746}" = Roxio Easy CD and DVD Burning
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{874AF83E-1BF6-4F2B-9086-BF62BDAE1033}" = Nero 7 Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C15B6175-689A-4D97-A42C-7225353F60A7}" = Linksys Updater
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB4F9000-04FC-11E0-85D2-001AA037B01E}" = Google Earth Plug-in
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"BroadWave" = BroadWave
"conduitEngine" = Conduit Engine
"Doxillion" = Doxillion Document Converter
"Elf_1.13 Toolbar" = Elf 1.13 Toolbar
"Elf_1.15 Toolbar" = Elf 1.15 Toolbar
"ExpressBurn" = Express Burn Disc Burning Software
"ExpressRip" = Express Rip
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MVApplication1" = Memorex exPressit Label Design Studio
"OfficeScanNT" = Trend Micro OfficeScan Client
"PitchPerfect" = PitchPerfect Musical Instrument Tuner
"Switch" = Switch Sound File Converter
"TeamViewer 5" = TeamViewer 5
"TempoPerfect" = TempoPerfect Metronome Software
"ToolBox" = NCH Toolbox
"WavePad" = WavePad Sound Editor
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2010-12-13 18:10:24 | Computer Name = JEANBERUBE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2010-12-23 12:20:23 | Computer Name = JEANBERUBE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2010-12-24 16:33:58 | Computer Name = JEANBERUBE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2010-12-24 16:33:58 | Computer Name = JEANBERUBE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2010-12-31 12:07:10 | Computer Name = JEANBERUBE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2011-01-22 11:40:03 | Computer Name = JEANBERUBE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2011-02-08 16:27:45 | Computer Name = JEANBERUBE | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.50.1.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2011-02-16 08:58:10 | Computer Name = JEANBERUBE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2011-02-18 13:29:18 | Computer Name = JEANBERUBE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2011-03-26 11:51:44 | Computer Name = JEANBERUBE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 2011-04-08 08:11:37 | Computer Name = JEANBERUBE | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 f7a901b7, parameter3
f7a76864, parameter4 00000000.

Error - 2011-04-08 08:11:41 | Computer Name = JEANBERUBE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon

Error - 2011-04-09 07:49:47 | Computer Name = JEANBERUBE | Source = Service Control Manager | ID = 7034
Description = The LightScribeService Direct Disc Labeling Service service terminated
unexpectedly. It has done this 1 time(s).

Error - 2011-04-09 07:49:47 | Computer Name = JEANBERUBE | Source = Service Control Manager | ID = 7034
Description = The TeamViewer 5 service terminated unexpectedly. It has done this
1 time(s).

Error - 2011-04-09 07:49:47 | Computer Name = JEANBERUBE | Source = Service Control Manager | ID = 7031
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 5000
milliseconds: Restart the service.

Error - 2011-04-09 07:49:47 | Computer Name = JEANBERUBE | Source = Service Control Manager | ID = 7034
Description = The SeaPort service terminated unexpectedly. It has done this 1 time(s).

Error - 2011-04-09 07:49:47 | Computer Name = JEANBERUBE | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 2011-04-09 07:49:47 | Computer Name = JEANBERUBE | Source = Service Control Manager | ID = 7034
Description = The InCD Helper service terminated unexpectedly. It has done this
1 time(s).

Error - 2011-04-09 07:49:47 | Computer Name = JEANBERUBE | Source = Service Control Manager | ID = 7031
Description = The BroadWave service terminated unexpectedly. It has done this 1
time(s). The following corrective action will be taken in 1000 milliseconds: Restart
the service.

Error - 2011-04-09 09:16:48 | Computer Name = JEANBERUBE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon


< End of report >

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6320

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2011-04-09 14:13:17
mbam-log-2011-04-09 (14-13-17).txt

Scan type: Full scan (C:\|)
Objects scanned: 181247
Time elapsed: 15 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ComboFix 11-04-08.03 - Administrator 2011-04-10 14:44:00.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.228 [GMT -4:00]
Running from: c:\tools\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Antivirus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Trend Micro OfficeScan Antivirus *Disabled/Outdated* {C328BCBD-CCBA-408A-84ED-9C27A11CA876}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\PriceGong
c:\documents and settings\Administrator\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\z.xml
.
.
((((((((((((((((((((((((( Files Created from 2011-03-10 to 2011-04-10 )))))))))))))))))))))))))))))))
.
.
2011-04-09 17:56 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-09 17:56 . 2011-04-09 17:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-09 17:56 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-08 12:53 . 2010-07-19 23:03 59472 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2011-04-08 12:53 . 2010-07-19 23:03 51792 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2011-04-08 12:53 . 2010-07-19 23:02 163408 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-04-08 12:52 . 2011-04-08 12:52 -------- d-----w- c:\windows\system32\log
2011-04-08 12:51 . 2011-04-08 12:53 -------- d-----w- c:\program files\Trend Micro
2011-04-07 20:52 . 2011-04-07 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SafeReturner
2011-04-07 20:52 . 2011-04-08 11:46 -------- d-----w- c:\program files\Safe Returner
2011-04-07 19:18 . 2011-04-08 12:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-07 19:18 . 2011-04-08 12:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-04-07 14:34 . 2011-04-07 14:34 -------- d-----w- C:\_OTL
2011-03-26 17:51 . 2011-03-26 17:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\ErrorTeck
2011-03-26 17:15 . 2011-03-26 17:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\DriverCure
2011-03-26 17:15 . 2011-03-26 17:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\ParetoLogic
2011-03-26 17:14 . 2011-03-26 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2011-03-26 13:47 . 2011-03-26 13:50 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-03-16 16:29 . 2011-03-16 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2008-04-14 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 12:55 . 2010-12-13 22:46 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-02-03 01:40 . 2010-10-18 22:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 23:19 . 2010-08-14 19:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2010-03-30 15:15 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2010-03-30 15:15 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2008-04-14 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"BroadWave"="c:\program files\NCH Swift Sound\BroadWave\broadwave.exe" [2010-12-17 499716]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2009-09-08 849192]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
TeamViewer 5.lnk - c:\program files\TeamViewer\Version5\TeamViewer.exe [2010-7-6 5279016]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"85:TCP"= 85:TCP:BroadWave Web Server
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-12-13 64288]
R2 BroadWaveService;BroadWave;c:\program files\NCH Swift Sound\BroadWave\broadwave.exe [2010-12-17 499716]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-12-03 1753048]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [2010-10-20 36432]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-03 136176]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2011-04-08 51792]
S2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\TmXPFlt.sys [2010-10-20 249424]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [2010-12-03 15232]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [2009-07-15 689416]
S4 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-01-15 204800]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 07:58]
.
2011-03-31 c:\windows\Tasks\doxillionShakeIcon.job
- c:\program files\NCH Software\Doxillion\doxillion.exe [2011-03-16 16:29]
.
2010-12-16 c:\windows\Tasks\expressburnShakeIcon.job
- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-12-06 19:33]
.
2010-12-09 c:\windows\Tasks\expressripShakeIcon.job
- c:\program files\NCH Swift Sound\ExpressRip\expressrip.exe [2010-12-06 19:31]
.
2011-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-03 21:23]
.
2011-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-03 21:23]
.
2010-12-09 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-12-06 19:33]
.
2011-03-29 c:\windows\Tasks\tempoperfectShakeIcon.job
- c:\program files\NCH Swift Sound\TempoPerfect\tempoperfect.exe [2011-03-16 18:08]
.
2011-04-09 c:\windows\Tasks\User_Feed_Synchronization-{7D214F70-5922-4225-9C94-B4E06E8D6E34}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
2011-04-09 c:\windows\Tasks\User_Feed_Synchronization-{D3894A60-D1F2-410F-BF4D-E0890E4AD689}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
2010-12-16 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-12-06 19:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sympatico.ca/
uInternet Settings,ProxyOverride = <local>
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
SafeBoot-klmdb.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-10 14:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d7,ae,b1,93,4a,f6,34,42,a0,6a,d6,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d7,ae,b1,93,4a,f6,34,42,a0,6a,d6,\
.
[HKEY_USERS\S-1-5-21-606747145-1214440339-1417001333-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d2,0a,b0,74,a2,23,ad,4d,b0,8c,76,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d2,0a,b0,74,a2,23,ad,4d,b0,8c,76,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-04-10 14:50:11
ComboFix-quarantined-files.txt 2011-04-10 18:50
.
Pre-Run: 235 310 669 824 bytes free
Post-Run: 235 255 291 904 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - D90290CFA5DF7BF1FFCB8D9102025045

2011/04/10 16:59:28.0125 2476 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/10 16:59:28.0265 2476 ================================================================================
2011/04/10 16:59:28.0265 2476 SystemInfo:
2011/04/10 16:59:28.0265 2476
2011/04/10 16:59:28.0265 2476 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/10 16:59:28.0265 2476 Product type: Workstation
2011/04/10 16:59:28.0265 2476 ComputerName: JEANBERUBE
2011/04/10 16:59:28.0265 2476 UserName: Administrator
2011/04/10 16:59:28.0265 2476 Windows directory: C:\WINDOWS
2011/04/10 16:59:28.0265 2476 System windows directory: C:\WINDOWS
2011/04/10 16:59:28.0265 2476 Processor architecture: Intel x86
2011/04/10 16:59:28.0265 2476 Number of processors: 2
2011/04/10 16:59:28.0265 2476 Page size: 0x1000
2011/04/10 16:59:28.0265 2476 Boot type: Normal boot
2011/04/10 16:59:28.0265 2476 ================================================================================
2011/04/10 16:59:28.0406 2476 Initialize success
2011/04/10 16:59:31.0750 3452 ================================================================================
2011/04/10 16:59:31.0750 3452 Scan started
2011/04/10 16:59:31.0750 3452 Mode: Manual;
2011/04/10 16:59:31.0750 3452 ================================================================================
2011/04/10 16:59:33.0062 3452 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/10 16:59:33.0125 3452 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/10 16:59:33.0234 3452 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/10 16:59:33.0328 3452 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/04/10 16:59:33.0828 3452 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/10 16:59:33.0890 3452 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/10 16:59:34.0015 3452 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/10 16:59:34.0078 3452 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/10 16:59:34.0156 3452 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/10 16:59:34.0421 3452 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/10 16:59:34.0546 3452 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/10 16:59:34.0640 3452 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/10 16:59:34.0703 3452 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/10 16:59:35.0046 3452 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/10 16:59:35.0109 3452 DLABMFSM (ace95725b7d9e12227590f4c2e47707f) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
2011/04/10 16:59:35.0125 3452 DLABOIOM (f872cf678b07a7a415bc78c309c433a8) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/04/10 16:59:35.0328 3452 DLACDBHM (81e0ef6c693da1a98bd863a9fb6ab223) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/04/10 16:59:35.0406 3452 DLADResM (9ee44f5aa897dc284b4168d61a0bd71e) C:\WINDOWS\system32\DLA\DLADResM.SYS
2011/04/10 16:59:35.0437 3452 DLAIFS_M (8d74e30d25a962485c4620fbc795c576) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/04/10 16:59:35.0453 3452 DLAOPIOM (d4523b4284191c5824e79a4959cf8103) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/04/10 16:59:35.0562 3452 DLAPoolM (8330839e47287595545d4d4abdea2b18) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/04/10 16:59:35.0625 3452 DLARTL_M (ccd46b2e9de7dde28055008e52d19e62) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2011/04/10 16:59:35.0671 3452 DLAUDFAM (c1574997b02ed1c1fdde8ef66106ad90) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/04/10 16:59:35.0734 3452 DLAUDF_M (4bbb14b293a9ec274361b0a543c78f80) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/04/10 16:59:35.0828 3452 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/10 16:59:35.0906 3452 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/10 16:59:35.0953 3452 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/10 16:59:36.0062 3452 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/10 16:59:36.0218 3452 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/10 16:59:36.0296 3452 DRVMCDB (55f25c7eb606f923fa317ae29a8bd72a) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/04/10 16:59:36.0312 3452 DRVNDDM (8a491bd3f9137ba6aecabb93ff849fcc) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/04/10 16:59:36.0453 3452 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/10 16:59:36.0515 3452 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/04/10 16:59:36.0562 3452 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/10 16:59:36.0593 3452 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/04/10 16:59:36.0640 3452 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/04/10 16:59:36.0703 3452 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/10 16:59:36.0781 3452 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/10 16:59:36.0859 3452 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/10 16:59:36.0890 3452 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/04/10 16:59:37.0062 3452 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/10 16:59:37.0187 3452 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/10 16:59:37.0328 3452 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/10 16:59:37.0515 3452 ialm (66a685b05066683621920bc14a45cfe8) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/04/10 16:59:37.0687 3452 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/10 16:59:37.0765 3452 InCDfs (544f76e71f026099a563c202e2e4a341) C:\WINDOWS\system32\drivers\InCDFs.sys
2011/04/10 16:59:37.0828 3452 InCDPass (13708047b3988ac50e81e524ac32edbe) C:\WINDOWS\system32\drivers\InCDPass.sys
2011/04/10 16:59:37.0906 3452 InCDrec (182edee6cfaeaf5174ae6e6d714cf778) C:\WINDOWS\system32\drivers\InCDrec.sys
2011/04/10 16:59:37.0968 3452 incdrm (367f3d160e7129f057838a341a5339b2) C:\WINDOWS\system32\drivers\InCDRm.sys
2011/04/10 16:59:38.0234 3452 IntcAzAudAddService (47f27af890da3e51c633fdd510910115) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/04/10 16:59:38.0406 3452 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/04/10 16:59:38.0468 3452 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/10 16:59:38.0484 3452 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/04/10 16:59:38.0546 3452 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/10 16:59:38.0609 3452 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/10 16:59:38.0796 3452 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/10 16:59:38.0843 3452 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/10 16:59:38.0921 3452 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/10 16:59:39.0000 3452 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/10 16:59:39.0078 3452 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/10 16:59:39.0125 3452 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/10 16:59:39.0203 3452 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/10 16:59:39.0375 3452 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/04/10 16:59:39.0500 3452 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2011/04/10 16:59:39.0671 3452 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/10 16:59:39.0765 3452 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/10 16:59:39.0828 3452 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/10 16:59:39.0890 3452 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/10 16:59:39.0921 3452 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/10 16:59:40.0015 3452 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/10 16:59:40.0062 3452 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/10 16:59:40.0171 3452 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/10 16:59:40.0265 3452 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/10 16:59:40.0312 3452 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/10 16:59:40.0328 3452 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/10 16:59:40.0453 3452 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/10 16:59:40.0593 3452 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/10 16:59:40.0734 3452 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/10 16:59:40.0796 3452 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/10 16:59:40.0843 3452 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/10 16:59:40.0875 3452 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/10 16:59:40.0921 3452 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/10 16:59:41.0031 3452 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/10 16:59:41.0093 3452 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/10 16:59:41.0218 3452 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/10 16:59:41.0281 3452 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/10 16:59:41.0359 3452 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/10 16:59:41.0437 3452 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/10 16:59:41.0546 3452 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/10 16:59:41.0656 3452 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/10 16:59:41.0718 3452 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/10 16:59:41.0781 3452 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/10 16:59:41.0828 3452 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/10 16:59:41.0937 3452 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/10 16:59:42.0000 3452 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/10 16:59:42.0343 3452 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/10 16:59:42.0375 3452 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/10 16:59:42.0421 3452 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/10 16:59:42.0484 3452 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/10 16:59:42.0687 3452 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/10 16:59:42.0750 3452 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/10 16:59:42.0765 3452 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/10 16:59:42.0828 3452 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/10 16:59:42.0968 3452 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/10 16:59:43.0078 3452 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/10 16:59:43.0187 3452 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/10 16:59:43.0250 3452 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/10 16:59:43.0328 3452 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/10 16:59:43.0453 3452 RxFilter (30aed4a37e8f8bbf41983d4ae3a15df9) C:\WINDOWS\system32\DRIVERS\RxFilter.sys
2011/04/10 16:59:43.0546 3452 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/10 16:59:43.0625 3452 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/10 16:59:43.0671 3452 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/10 16:59:43.0734 3452 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/10 16:59:44.0000 3452 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/10 16:59:44.0078 3452 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/10 16:59:44.0171 3452 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/10 16:59:44.0250 3452 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/10 16:59:44.0312 3452 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/10 16:59:44.0500 3452 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/10 16:59:44.0578 3452 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/10 16:59:44.0640 3452 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/10 16:59:44.0671 3452 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/10 16:59:44.0718 3452 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/10 16:59:44.0921 3452 tmactmon (ca9e9c2c04a198ed345c1752222a5f3e) C:\WINDOWS\system32\drivers\tmactmon.sys
2011/04/10 16:59:45.0000 3452 tmcomm (a3d20789b3ff0576a29462bef25bcfcc) C:\WINDOWS\system32\drivers\tmcomm.sys
2011/04/10 16:59:45.0062 3452 tmevtmgr (21f215e54770c4bf93efaf63f58fe57e) C:\WINDOWS\system32\drivers\tmevtmgr.sys
2011/04/10 16:59:45.0203 3452 TmFilter (ac940a15959be57958b91cdb914aaa6c) C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys
2011/04/10 16:59:45.0250 3452 TmPreFilter (8651a867c78bd2b69f1d5f982138a074) C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys
2011/04/10 16:59:45.0390 3452 tmtdi (44c262c1b2412ded35078b6166d2acc2) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
2011/04/10 16:59:45.0546 3452 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/10 16:59:45.0734 3452 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/10 16:59:45.0843 3452 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/10 16:59:45.0859 3452 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/10 16:59:45.0921 3452 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/10 16:59:45.0953 3452 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/10 16:59:46.0015 3452 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/10 16:59:46.0109 3452 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/10 16:59:46.0281 3452 VSApiNt (71a53597bfb4bad7218ad2beaba5c564) C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys
2011/04/10 16:59:46.0484 3452 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/10 16:59:46.0593 3452 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/10 16:59:46.0750 3452 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/04/10 16:59:46.0812 3452 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/04/10 16:59:46.0843 3452 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/04/10 16:59:46.0953 3452 yukonwxp (518c4d4dcb93c88316303694163bbd63) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2011/04/10 16:59:47.0140 3452 ================================================================================
2011/04/10 16:59:47.0140 3452 Scan finished
2011/04/10 16:59:47.0140 3452 ================================================================================

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 133):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xF8974000 \WINDOWS\system32\KDCOM.DLL
0xF8884000 \WINDOWS\system32\BOOTVID.dll
0xF8345000 ACPI.sys
0xF8976000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF8334000 pci.sys
0xF8474000 isapnp.sys
0xF8A3C000 pciide.sys
0xF86F4000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF8978000 intelide.sys
0xF8484000 MountMgr.sys
0xF8315000 ftdisk.sys
0xF897A000 dmload.sys
0xF82EF000 dmio.sys
0xF86FC000 PartMgr.sys
0xF8494000 VolSnap.sys
0xF82D7000 atapi.sys
0xF84A4000 disk.sys
0xF84B4000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF82B7000 fltMgr.sys
0xF82A5000 sr.sys
0xF84C4000 Lbd.sys
0xF828E000 DRVMCDB.SYS
0xF84D4000 PxHelp20.sys
0xF8277000 KSecDD.sys
0xF81EA000 Ntfs.sys
0xF81BD000 NDIS.sys
0xF81A3000 Mup.sys
0xF8654000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7B96000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF7B82000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7B5A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF7B1E000 \SystemRoot\system32\DRIVERS\yk51x86.sys
0xF87AC000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF7AFA000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF87B4000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF8664000 \SystemRoot\system32\DRIVERS\serial.sys
0xF8930000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF7AE6000 \SystemRoot\system32\DRIVERS\parport.sys
0xF8674000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF87BC000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF8684000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF89A0000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xF8694000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF86A4000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7AC3000 \SystemRoot\system32\DRIVERS\ks.sys
0xF87C4000 \SystemRoot\system32\drivers\InCDPass.sys
0xF86B4000 \SystemRoot\system32\drivers\InCDRm.sys
0xF8B45000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF86C4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF893C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF7AAC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF86D4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF86E4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF87CC000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7A9B000 \SystemRoot\system32\DRIVERS\psched.sys
0xF8504000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF87D4000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF87DC000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7A43000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF8514000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF87E4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF89A2000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF7945000 \SystemRoot\system32\DRIVERS\update.sys
0xF8958000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF8524000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAA317000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAA2E2000 \SystemRoot\system32\drivers\portcls.sys
0xF8544000 \SystemRoot\system32\drivers\drmk.sys
0xF8564000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF89AA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF89AE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8B28000 \SystemRoot\System32\Drivers\Null.SYS
0xF89B0000 \SystemRoot\System32\Drivers\Beep.SYS
0xF882C000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0xF8834000 \SystemRoot\System32\drivers\vga.sys
0xF89B2000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF89B4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7A8B000 \SystemRoot\System32\Drivers\InCDrec.SYS
0xAA256000 \SystemRoot\system32\drivers\InCDFs.sys
0xF883C000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8844000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7A87000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA243000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA1EA000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAA1C2000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF8574000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAA1A0000 \SystemRoot\System32\drivers\afd.sys
0xF8584000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAA18B000 \SystemRoot\system32\DRIVERS\tmtdi.sys
0xAA160000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAA0C8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF8594000 \SystemRoot\System32\Drivers\Fips.SYS
0xF77A8000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF85A4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF885C000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF77A4000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF85C4000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAA0B0000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF89B8000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAA2CA000 \SystemRoot\System32\drivers\Dxapi.sys
0xF8864000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8AB6000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF058000 \SystemRoot\System32\igxpdv32.DLL
0xBF296000 \SystemRoot\System32\igxpdx32.DLL
0xBF5E3000 \SystemRoot\System32\ATMFD.DLL
0xF8554000 \??\C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys
0xF85B4000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xF8BB5000 \SystemRoot\System32\DLA\DLADResM.SYS
0xA9CC0000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xF870C000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xF89C6000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xF873C000 \SystemRoot\System32\DLA\DLABMFSM.SYS
0xF8744000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xA9CAA000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xA9C93000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xA9F34000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA990E000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9A03000 \SystemRoot\system32\drivers\sysaudio.sys
0xF8A18000 \SystemRoot\system32\drivers\splitter.sys
0xA977B000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF89B6000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA94D8000 \SystemRoot\system32\DRIVERS\srv.sys
0xA8F6F000 \SystemRoot\System32\Drivers\HTTP.sys
0xF8A36000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xA91B8000 \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys
0xA7D19000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 33):
0 System Idle Process
4 System
652 C:\WINDOWS\system32\smss.exe
712 csrss.exe
736 C:\WINDOWS\system32\winlogon.exe
780 C:\WINDOWS\system32\services.exe
816 C:\WINDOWS\system32\lsass.exe
1040 C:\WINDOWS\system32\svchost.exe
1108 svchost.exe
1204 C:\WINDOWS\system32\svchost.exe
1316 svchost.exe
1396 svchost.exe
1440 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
1624 C:\WINDOWS\system32\spoolsv.exe
172 C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe
200 C:\Program Files\Common Files\Java\Java Update\jusched.exe
344 C:\WINDOWS\system32\ctfmon.exe
692 svchost.exe
1148 C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe
1336 C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
1416 C:\Program Files\Java\jre6\bin\jqs.exe
1552 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2196 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2272 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
2776 unsecapp.exe
3308 wmiprvse.exe
3492 C:\WINDOWS\system32\svchost.exe
3844 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
3464 C:\Program Files\Trend Micro\OfficeScan Client\Misc\xpupg.exe
2732 C:\Program Files\Trend Micro\OfficeScan Client\Temp\pccntupd.exe
1748 C:\WINDOWS\explorer.exe
256 C:\Program Files\TeamViewer\Version5\TeamViewer.exe
2452 C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST3250310AS, Rev: 3.AAC

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

[RKinner]

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml


Uninstall:

Java™ 6 Update 3

Conduit Engine

Elf 1.13 Toolbar
Elf 1.15 Toolbar

What is:

BroadWave? It seems to be running a webserver on port 85.





Delete:

C:\WINDOWS\Ljuyogovitogolo.bin
C:\WINDOWS\Lfuvoxiredoxi.dat

Uninstall/Reinstall (if paid up subscription or just uninstall and replace with MSSE
http://www.microsoft...ls/default.aspx if expired):

Trend Micro OfficeScan Antivirus

It is not working correctly and it is not updating.

I assume TeamViewer 5 is something you installed. If not delete it.


We need to clean up System Restore. Follow Jim's procedure here:
http://aumha.net/vie...581099691bf108f


You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\george.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

To hide hidden files again:

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.


Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.5.
http://download.cnet...4-10752777.html
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you install the MVP Hosts file:
http://www.mvps.org/...p2002/hosts.htm
it will keep you from going to most bad sites. You do not need Spybot's Immunize which does the same thing.

If you have a router, log on to it today and change the default password!

Ron

[Putt4Dough]

Thanks for this.
Mike