Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Anti-malware doctor has progressed to overrun my hard drive

Started by griruco , Apr 08 2011 08:40 AM

This topic is locked

#1
griruco

Posted 08 April 2011 - 08:40 AM

Member

Member
74 posts

I originally triggered the Anti-malware doctor virus. I was unable to run RKill to stop virus processes to re-load Malwarebytes'. When RKill ran, a line read after "be patient" that Access was denied. I tried to run RKill under other names. No luck.I ran RKill several times while not closing any windows, no luck. I tried to load Malwarebytes' via a thumb drive to the desktop in safe mode. The virus was apparent while running safe mode. I tried to run Malwarebytes from the thumb drive, but it was unable to update library, although it was updated before setup on thumb drive. No Luck. Originally, I had Malwarebytes and AVG on my machine before infection. I've tried to run these repeatedly with some success. My Desktop now reads "Active desktop recovery. I cannot see any programs or files. I downloaded 7-zip filemanager, and can see files. I can retrieve data, but am trying to restore the computer. I ran CCleaner because the virus has filled up my hard drive. I'm stuck.Thank you for your help!

OTL logfile created on: 4/8/2011 10:05:40 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 2.09 Gb Free Space | 5.62% Space Free | Partition Type: NTFS
Drive F: | 3.73 Gb Total Space | 3.72 Gb Free Space | 99.80% Space Free | Partition Type: FAT32

Computer Name: HP10409150401 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/08 10:03:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2011/04/03 22:10:38 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rkill.exe
PRC - [2010/11/24 10:19:27 | 000,725,344 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/28 16:06:04 | 000,185,688 | -H-- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2010/09/28 15:30:20 | 001,156,440 | -H-- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/09/23 09:33:07 | 000,621,920 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/15 09:37:24 | 000,515,424 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/15 09:37:16 | 000,308,136 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/15 09:35:13 | 001,101,152 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/04/13 15:27:52 | 015,319,688 | -H-- | M] () -- C:\Program Files\Wimba\Pronto\pronto.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/09 09:31:56 | 000,143,360 | -H-- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
PRC - [2009/02/03 03:10:08 | 000,388,096 | ---- | M] (Igor Pavlov) -- C:\Program Files\7-Zip\7zFM.exe
PRC - [2008/12/16 21:59:50 | 000,150,040 | -H-- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/09/10 23:37:36 | 000,024,576 | -H-- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/04/13 20:12:22 | 000,015,360 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 20:12:14 | 000,389,120 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
PRC - [2007/10/26 15:28:06 | 001,524,512 | -H-- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2006/01/16 12:46:12 | 000,878,592 | -H-- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2005/02/25 20:28:03 | 000,212,992 | -H-- | M] (Ahead Software) -- C:\Program Files\Nero\data\Xtras\mssysmgr.exe
PRC - [2003/01/31 20:49:34 | 000,098,304 | -H-- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
PRC - [2002/09/20 20:50:10 | 000,045,056 | -H-- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002/09/20 12:29:28 | 000,053,248 | -H-- | M] (Computer Associates) -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
PRC - [2002/05/28 06:37:16 | 000,069,632 | -H-- | M] (adi) -- C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe

========== Modules (SafeList) ==========

MOD - [2011/04/08 10:03:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 20:12:08 | 000,369,152 | -H-- | M] () -- C:\WINDOWS\akuyuvas.dll
MOD - [2008/04/13 20:12:02 | 000,122,880 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oledlg.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/09/28 15:30:20 | 001,156,440 | -H-- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/07/15 09:37:16 | 000,308,136 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2008/12/16 21:59:50 | 000,150,040 | -H-- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/09/10 23:37:36 | 000,024,576 | -H-- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/08/08 22:10:46 | 000,061,440 | -H-- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/04/13 20:12:22 | 000,015,360 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 20:12:22 | 000,015,360 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 20:12:22 | 000,015,360 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/10/26 15:28:06 | 001,524,512 | -H-- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2006/01/16 12:46:12 | 000,878,592 | -H-- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR) InCD Helper (read only)
SRV - [2002/09/20 20:50:10 | 000,045,056 | -H-- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
SRV - [2002/09/20 12:41:00 | 000,077,824 | -H-- | M] (Computer Associates) [On_Demand | Stopped] -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe -- (CA_LIC_SRVR)
SRV - [2002/09/20 12:29:28 | 000,053,248 | -H-- | M] (Computer Associates) [Auto | Running] -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe -- (LogWatch)
SRV - [2002/09/20 12:27:04 | 000,077,824 | -H-- | M] (Computer Associates) [On_Demand | Stopped] -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe -- (CA_LIC_CLNT)

========== Driver Services (SafeList) ==========

DRV - [2010/07/15 09:37:30 | 000,243,024 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/15 09:35:23 | 000,216,400 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/21 08:28:24 | 000,029,584 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/11/10 10:27:06 | 000,018,560 | -H-- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2008/12/17 02:02:08 | 000,023,832 | RH-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/12/17 02:01:44 | 006,364,440 | RH-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam Pro for Notebooks(UVC)
DRV - [2008/12/17 02:01:22 | 000,041,752 | RH-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 02:00:14 | 000,768,024 | RH-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/12/16 21:58:54 | 000,025,624 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/10/26 15:27:00 | 000,306,300 | -H-- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/01/31 14:45:06 | 000,127,376 | -H-- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 17:28:02 | 000,005,275 | -H-- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/01/17 11:09:34 | 000,102,016 | -H-- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2006/01/17 11:09:28 | 000,029,440 | -H-- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2006/01/17 05:09:26 | 000,032,640 | -H-- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2005/01/26 11:22:20 | 000,280,344 | -H-- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004/08/03 20:29:50 | 000,019,455 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 20:29:48 | 000,012,063 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 20:29:46 | 000,025,471 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 20:29:46 | 000,023,615 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 20:29:46 | 000,022,271 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 20:29:44 | 000,033,599 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 20:29:44 | 000,019,551 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 20:29:42 | 000,029,311 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 20:29:42 | 000,011,871 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 20:29:40 | 000,011,807 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 20:29:40 | 000,011,295 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 20:29:38 | 000,161,020 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 20:29:38 | 000,012,415 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 20:29:38 | 000,012,127 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 20:29:38 | 000,011,775 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2004/03/08 13:55:50 | 000,013,567 | -H-- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003/02/25 12:18:08 | 000,170,880 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2003/02/05 16:22:32 | 000,050,816 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp)
DRV - [2002/04/04 02:32:06 | 000,028,416 | RH-- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{CEBA455A-C63B-4E7B-9D02-C92BF25C43C2}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{CEBA455A-C63B-4E7B-9D02-C92BF25C43C2} [2011/03/31 20:58:44 | 000,000,000 | -H-D | M]

O1 HOSTS File: ([2009/12/15 20:53:23 | 000,302,612 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10431 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe (adi)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [mMouse] File not found
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Phatopegogajeku] C:\WINDOWS\akuyuvas.dll (Wacom Technology)
O4 - HKLM..\Run: [SetMou] File not found
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [srmclean] C:\cpqs\scom\srmclean.exe ()
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files\Nero\data\Xtras\mssysmgr.exe (Ahead Software)
O4 - HKCU..\Run: [pronto] C:\Program Files\Wimba\Pronto\pronto.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe (Sony Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: ameritrade.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([community] https in Trusted sites)
O15 - HKCU\..Trusted Domains: tdameritrade.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range78 ([https] in Trusted sites)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://www.expologi...intpro/smsx.cab (MeadCo ScriptX)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1190813842812 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1190813915359 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFECAFE-0013-0001-0017-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.17)
O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://hirerighteve...bex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 74.128.17.114 74.128.19.102
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{53140a7a-b1a1-11dd-8e7e-000f206f6843}\Shell\AutoRun\command - "" = E:\system\viewer\FlipVideoforPC.exe
O33 - MountPoints2\{53140a7a-b1a1-11dd-8e7e-000f206f6843}\Shell\Flip Video for PC\command - "" = E:\system\viewer\FlipVideoforPC.exe
O33 - MountPoints2\{83b9e81d-20f2-11dd-8e5f-000f206f6843}\Shell - "" = AutoRun
O33 - MountPoints2\{83b9e81d-20f2-11dd-8e5f-000f206f6843}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{83b9e81d-20f2-11dd-8e5f-000f206f6843}\Shell\AutoRun\command - "" = F:\Imageviewer.exe
O33 - MountPoints2\{df0fe0c7-2dbb-11de-b2a0-000f206f6843}\Shell - "" = AutoRun
O33 - MountPoints2\{df0fe0c7-2dbb-11de-b2a0-000f206f6843}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{df0fe0c7-2dbb-11de-b2a0-000f206f6843}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL README.HTML
O33 - MountPoints2\{ebfccded-1742-11de-84ef-000f206f6843}\Shell - "" = AutoRun
O33 - MountPoints2\{ebfccded-1742-11de-84ef-000f206f6843}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ebfccded-1742-11de-84ef-000f206f6843}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL README.HTML
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/08 10:04:45 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/04/08 09:52:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/08 09:43:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/04/08 09:37:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/04/08 09:37:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/04/08 09:37:14 | 003,050,664 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup305.exe
[2011/04/07 14:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Google
[2011/04/07 08:40:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/04/06 19:43:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/05 21:53:31 | 000,963,976 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Administrator\Desktop\mbam.exe
[2011/04/05 21:53:31 | 000,518,480 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Administrator\Desktop\mbamcore.dll
[2011/04/05 21:53:31 | 000,496,976 | ---- | C] (vbAccelerator) -- C:\Documents and Settings\Administrator\Desktop\vbalsgrid6.ocx
[2011/04/05 21:53:31 | 000,443,728 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Administrator\Desktop\mbamgui.exe
[2011/04/05 21:53:31 | 000,363,344 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Administrator\Desktop\mbamservice.exe
[2011/04/05 21:53:31 | 000,331,088 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Administrator\Desktop\mbamnet.dll
[2011/04/05 21:53:31 | 000,202,576 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Administrator\Desktop\mbam.dll
[2011/04/05 21:53:31 | 000,090,960 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Administrator\Desktop\mbamext.dll
[2011/04/05 21:53:31 | 000,046,416 | ---- | C] (vbAccelerator) -- C:\Documents and Settings\Administrator\Desktop\ssubtmr6.dll
[2011/04/05 21:53:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Languages
[2011/04/05 16:07:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2011/04/05 16:07:34 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/04/05 16:07:13 | 000,000,000 | ---D | C] -- C:\Program Files\Search Toolbar
[2011/04/04 19:12:20 | 000,000,000 | ---D | C] -- C:\SDFix
[2011/04/04 13:59:48 | 000,000,000 | ---D | C] -- C:\hello
[2011/04/04 12:10:19 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\gfix.exe
[2011/04/04 07:35:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/04/04 03:26:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/04/04 03:26:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/04/04 03:14:49 | 000,000,000 | -H-D | C] -- C:\Windows Restore
[2011/04/04 00:43:28 | 007,734,208 | -H-- | C] (Malwarebytes Corporation ) -- C:\mbam-setup-1.50.1.1100.exe
[2011/04/03 23:18:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/03 23:17:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/04/03 01:23:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/04/01 16:31:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/03/31 21:07:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/03/31 21:06:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/03/31 20:58:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{CEBA455A-C63B-4E7B-9D02-C92BF25C43C2}
[2011/03/31 20:56:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\DE80641BF679C83455FF22DFC888E9E5
[2009/10/29 10:26:37 | 002,020,136 | -H-- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe
[2009/04/21 09:23:44 | 004,705,320 | -H-- | C] (Macrovision Corporation) -- C:\Program Files\nav-u_tool2211Setup.exe
[2009/04/05 21:05:50 | 063,049,904 | -H-- | C] (AVG Technologies) -- C:\Program Files\avg_free_stf_en_85_285a1462.exe
[2009/03/25 07:50:34 | 004,707,592 | -H-- | C] (Macrovision Corporation) -- C:\Program Files\nav-u_tool2190Setup.exe
[2009/03/14 09:52:05 | 062,801,864 | -H-- | C] (AVG Technologies) -- C:\Program Files\avg_afwt_stf_en_8_237a1428.exe
[2009/03/13 19:32:22 | 000,361,464 | -H-- | C] (Digital River, Inc.) -- C:\Program Files\Download_N360S200_now.exe
[2009/02/14 11:34:01 | 059,981,528 | -H-- | C] (AVG Technologies) -- C:\Program Files\avg_free_stf_en_8_233a1415.exe
[2009/01/12 20:41:29 | 007,771,584 | -H-- | C] (Microsoft Corporation) -- C:\Program Files\windows-kb890830-v2.5.exe
[2009/01/12 09:40:55 | 015,083,520 | -H-- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd160.exe
[2008/12/03 23:02:50 | 000,891,048 | -H-- | C] (AVG Technologies) -- C:\Program Files\avg_free_stb_all_9_39_cnet.exe
[2008/11/12 07:07:04 | 002,698,976 | -H-- | C] (Uniblue ) -- C:\Program Files\systemtweaker.exe
[2008/11/12 07:04:29 | 001,645,640 | -H-- | C] (Uniblue Systems ) -- C:\Program Files\rb09_2_1_0_0.exe
[2008/11/09 08:30:33 | 001,677,920 | -H-- | C] (Uniblue Systems ) -- C:\Program Files\registryboosterbnf2.exe
[2008/03/12 17:33:29 | 045,144,176 | -H-- | C] (SleepEx Systems, Inc. ) -- C:\Program Files\SleepEx.2.3.build.2.3.0.17.Install.AllUsers.exe
[2007/10/24 22:51:01 | 023,405,072 | -H-- | C] ( ) -- C:\Program Files\AdbeRdr811_en_US.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/08 10:06:26 | 000,000,886 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/08 10:03:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/04/08 10:00:03 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/08 09:59:57 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\Hjumecisuwaqi.bin
[2011/04/08 09:59:55 | 000,000,120 | -H-- | M] () -- C:\WINDOWS\Sgetiporere.dat
[2011/04/08 09:56:33 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/08 09:56:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/08 09:56:23 | 1601,753,088 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/08 09:50:52 | 004,316,701 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/04/08 09:37:27 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/04/08 09:24:28 | 003,050,664 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup305.exe
[2011/04/07 13:43:26 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/05 20:06:28 | 000,000,015 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\settings.dat
[2011/04/05 15:42:04 | 000,465,298 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RootRepeal.rar
[2011/04/04 19:06:38 | 001,529,241 | ---- | M] () -- C:\SDFix.exe
[2011/04/04 15:49:58 | 000,010,562 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\unins000.msg
[2011/04/04 15:49:58 | 000,009,621 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\unins000.dat
[2011/04/04 15:49:02 | 000,709,456 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\unins000.exe
[2011/04/04 03:14:52 | 000,000,719 | -H-- | M] () -- C:\Windows Restore.lnk
[2011/04/04 03:14:52 | 000,000,120 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~16047924r
[2011/04/04 03:14:52 | 000,000,104 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~16047924
[2011/04/04 03:14:42 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\16047924
[2011/04/04 00:43:33 | 007,734,208 | -H-- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.50.1.1100.exe
[2011/04/04 00:33:44 | 000,000,112 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\rk-proxy.reg
[2011/04/04 00:10:45 | 000,019,258 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\dcs020pnx6qb2cg757557o3g4oo7cl1yrtu055q0kf6f
[2011/04/04 00:10:45 | 000,019,258 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\dcs020pnx6qb2cg757557o3g4oo7cl1yrtu055q0kf6f
[2011/04/04 00:01:50 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\gfix.exe
[2011/04/03 23:16:46 | 000,512,992 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\sdsetup_aff.exe
[2011/04/03 22:10:38 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rkill.exe
[2011/04/03 21:55:30 | 000,019,136 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\543024106
[2011/04/03 21:55:30 | 000,019,136 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\3441665747
[2011/04/03 21:55:19 | 000,019,132 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\543024106
[2011/04/03 21:55:19 | 000,019,132 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3441665747
[2011/04/02 01:16:24 | 000,000,600 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PUTTY.RND
[2011/04/01 09:57:38 | 073,617,605 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/03/31 22:46:21 | 000,002,447 | -H-- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/03/28 03:09:29 | 000,001,813 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/03/23 23:52:17 | 000,528,382 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/23 23:52:17 | 000,104,418 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/17 20:09:31 | 000,001,791 | -H-- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/08 09:56:23 | 1601,753,088 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/08 09:52:13 | 004,316,701 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/04/08 09:37:27 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/04/07 13:02:25 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/05 21:53:31 | 000,709,456 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\unins000.exe
[2011/04/05 21:53:31 | 000,394,695 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\mbam.chm
[2011/04/05 21:53:31 | 000,010,562 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\unins000.msg
[2011/04/05 21:53:31 | 000,009,621 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\unins000.dat
[2011/04/05 21:53:31 | 000,000,941 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\changes.rtf
[2011/04/05 21:05:47 | 000,465,298 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RootRepeal.rar
[2011/04/05 20:04:05 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\settings.dat
[2011/04/04 19:11:20 | 001,529,241 | ---- | C] () -- C:\SDFix.exe
[2011/04/04 12:09:48 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rkill.exe
[2011/04/04 03:14:52 | 000,000,719 | -H-- | C] () -- C:\Windows Restore.lnk
[2011/04/04 03:14:52 | 000,000,120 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~16047924r
[2011/04/04 03:14:52 | 000,000,104 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~16047924
[2011/04/04 03:14:42 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\16047924
[2011/04/04 00:20:19 | 000,000,112 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\rk-proxy.reg
[2011/04/03 23:17:34 | 000,512,992 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\sdsetup_aff.exe
[2011/04/03 21:10:19 | 000,019,132 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3441665747
[2011/04/03 21:10:18 | 000,019,262 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\dcs020pnx6qb2cg757557o3g4oo7cl1yrtu055q0kf6f
[2011/04/03 21:10:18 | 000,019,136 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\543024106
[2011/04/03 21:10:18 | 000,019,136 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\3441665747
[2011/04/03 21:10:18 | 000,019,132 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\543024106
[2011/04/03 20:33:12 | 000,019,258 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\dcs020pnx6qb2cg757557o3g4oo7cl1yrtu055q0kf6f
[2011/04/02 02:27:03 | 000,019,262 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\dcs020pnx6qb2cg757557o3g4oo7cl1yrtu055q0kf6f
[2011/04/02 02:27:03 | 000,019,258 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\dcs020pnx6qb2cg757557o3g4oo7cl1yrtu055q0kf6f
[2011/04/01 13:51:41 | 000,147,968 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\appprovcfg.exe
[2011/03/31 20:58:46 | 000,000,120 | -H-- | C] () -- C:\WINDOWS\Sgetiporere.dat
[2011/03/31 20:58:46 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\Hjumecisuwaqi.bin
[2010/07/02 13:19:05 | 000,000,050 | -H-- | C] () -- C:\WINDOWS\System32\bridf08b.dat
[2010/07/02 12:59:46 | 000,031,767 | -H-- | C] () -- C:\WINDOWS\maxlink.ini
[2010/03/23 15:02:21 | 000,000,600 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PUTTY.RND
[2010/03/23 09:27:13 | 000,014,812 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\Mh3jm32txN
[2010/03/23 09:27:13 | 000,014,812 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mh3jm32txN
[2010/03/23 08:20:30 | 000,021,791 | -H-- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2010/03/23 08:20:30 | 000,001,037 | -H-- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2010/03/23 08:20:07 | 000,038,576 | -H-- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2010/03/23 08:20:07 | 000,010,225 | -H-- | C] () -- C:\WINDOWS\System32\axperf.ini
[2010/03/23 08:20:06 | 000,011,435 | -H-- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2010/03/23 08:20:04 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/10/31 20:57:16 | 000,081,110 | RH-- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/10/29 10:32:31 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/08/03 15:07:42 | 000,403,816 | -H-- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | -H-- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/04/21 09:22:24 | 018,677,852 | -H-- | C] () -- C:\Program Files\SONYNAVU_U44_1.1.CO.BIN
[2009/03/25 14:15:39 | 000,000,116 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/14 09:38:46 | 000,005,115 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2009/03/11 20:41:11 | 000,002,492 | -H-- | C] () -- C:\Documents and Settings\Administrator\Application Data\ViewerApp.dat
[2009/01/01 12:44:30 | 000,000,090 | -H-- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2008/12/16 21:58:54 | 000,025,624 | -H-- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 21:50:56 | 000,013,584 | -H-- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/08/04 21:48:26 | 000,000,283 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2008/04/27 21:19:03 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2008/02/19 02:33:34 | 000,446,352 | -H-- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/11/29 20:40:48 | 000,087,552 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/19 03:31:58 | 000,003,654 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/10/26 15:28:18 | 000,197,408 | -H-- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/10/26 15:28:04 | 000,193,312 | -H-- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/10/06 22:13:44 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\encore_launcher.ini
[2007/10/06 20:53:50 | 000,000,717 | -H-- | C] () -- C:\WINDOWS\QIII.INI
[2007/09/26 23:32:02 | 000,000,419 | -H-- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/09/26 23:32:02 | 000,000,027 | -H-- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/09/26 23:31:37 | 000,000,888 | -H-- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2007/09/26 23:31:37 | 000,000,093 | -H-- | C] () -- C:\WINDOWS\brpcfx.ini
[2007/09/26 23:31:37 | 000,000,050 | -H-- | C] () -- C:\WINDOWS\System32\bridf06a.dat
[2007/09/26 23:30:53 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\brdfxspd.dat
[2007/09/26 23:30:52 | 000,106,496 | -H-- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2007/09/26 23:26:15 | 000,001,155 | -H-- | C] () -- C:\WINDOWS\checkip.dat
[2007/09/26 21:31:03 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/26 21:04:22 | 000,000,047 | -H-- | C] () -- C:\WINDOWS\InoSetup.ini
[2006/10/30 21:44:25 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/30 21:42:03 | 000,036,864 | -H-- | C] () -- C:\WINDOWS\Reboot.exe
[2006/10/30 21:40:48 | 000,001,057 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/10/30 21:38:04 | 000,005,025 | -H-- | C] () -- C:\WINDOWS\System32\patterns.dat
[2006/10/30 21:37:48 | 000,000,044 | -H-- | C] () -- C:\WINDOWS\System32\msssc.dll
[2006/10/30 21:25:54 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/10/30 21:25:32 | 000,004,605 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/10/30 21:25:27 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/10/30 21:25:22 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/10/30 21:23:53 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/09/18 14:37:50 | 000,000,530 | -H-- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2006/09/18 14:37:48 | 000,667,280 | -H-- | C] () -- C:\WINDOWS\System32\tx12.dll
[2004/08/10 13:53:59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/09 16:44:34 | 000,528,382 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/09 16:44:34 | 000,104,418 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/09 16:40:44 | 000,286,112 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/09 16:33:30 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/09 16:28:56 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/03/04 10:16:34 | 000,110,592 | RH-- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/09/05 01:25:36 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\LoadDll.dll
[2001/08/17 16:30:26 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/17 16:30:26 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/17 16:15:40 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/07/21 17:36:50 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/07/21 17:36:06 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat

========== LOP Check ==========

[2009/03/25 13:14:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Auslogics
[2011/04/03 23:31:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\DE80641BF679C83455FF22DFC888E9E5
[2009/03/22 20:57:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\DriverCure
[2010/03/07 14:25:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Facebook
[2009/03/14 02:38:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2011/03/02 22:19:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\HorizonWimba
[2009/10/31 20:58:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2008/01/06 16:43:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\OurPictures
[2008/01/21 12:28:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\PC-FAX TX
[2007/09/27 11:38:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\ScanSoft
[2009/03/25 14:07:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Simple Star
[2009/10/31 20:54:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Snapfish
[2008/11/12 07:07:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\System Tweaker
[2008/11/09 08:31:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Uniblue
[2010/03/23 11:39:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/03/14 11:33:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/03/23 07:52:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2009/12/26 14:12:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2009/03/22 20:38:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/03/25 12:25:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/02/01 11:21:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Raize
[2010/07/02 12:59:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/01/01 12:54:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2011/04/04 00:36:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/22 21:01:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2008/11/12 07:05:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
[2009/03/13 21:50:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

Attached Files

OTL.Txt 98.8KB 113 downloads

#2
Essexboy

Posted 08 April 2011 - 01:14 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi there lets see if we can resolve this - Once this run has completed could you let me know what your current problems are

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
MOD - [2008/04/13 20:12:08 | 000,369,152 | -H-- | M] () -- C:\WINDOWS\akuyuvas.dll
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found.
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found.
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O4 - HKLM..\Run: [Phatopegogajeku] C:\WINDOWS\akuyuvas.dll (Wacom Technology)
O4 - HKLM..\Run: [SetMou] File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFECAFE-0013-0001-0017-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.17)
O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
[2011/04/08 09:59:57 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\Hjumecisuwaqi.bin
[2011/04/08 09:59:55 | 000,000,120 | -H-- | M] () -- C:\WINDOWS\Sgetiporere.dat
[2011/04/04 03:14:52 | 000,000,719 | -H-- | M] () -- C:\Windows Restore.lnk
[2011/04/04 03:14:52 | 000,000,120 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~16047924r
[2011/04/04 03:14:52 | 000,000,104 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~16047924
[2011/04/04 03:14:42 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\16047924
[2011/04/04 00:33:44 | 000,000,112 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\rk-proxy.reg
[2011/04/04 00:10:45 | 000,019,258 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\dcs020pnx6qb2cg757557o3g4oo7cl1yrtu055q0kf6f
[2011/04/04 00:10:45 | 000,019,258 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\dcs020pnx6qb2cg757557o3g4oo7cl1yrtu055q0kf6f
[2011/04/03 21:55:30 | 000,019,136 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\543024106
[2011/04/03 21:55:30 | 000,019,136 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\3441665747
[2011/04/03 21:55:19 | 000,019,132 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\543024106
[2011/04/03 21:55:19 | 000,019,132 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3441665747
[2010/03/23 09:27:13 | 000,014,812 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\Mh3jm32txN
[2010/03/23 09:27:13 | 000,014,812 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mh3jm32txN

:Files
ipconfig /flushdns /c
C:\Program Files\Search Toolbar

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Posted Image

Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

#3
griruco

Posted 11 April 2011 - 12:58 PM

Member

Topic Starter
Member
74 posts

Thank you for your help and patience.
I executed what you told me to do. Here are the saved logs.

OTL logfile created on: 4/11/2011 2:45:27 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 8.24 Gb Free Space | 22.10% Space Free | Partition Type: NTFS
Drive F: | 3.73 Gb Total Space | 3.72 Gb Free Space | 99.78% Space Free | Partition Type: FAT32

Computer Name: HP10409150401 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/08 10:03:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/09/28 16:06:04 | 000,185,688 | -H-- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2010/04/13 15:27:52 | 015,319,688 | -H-- | M] () -- C:\Program Files\Wimba\Pronto\pronto.exe
PRC - [2009/03/10 22:18:14 | 000,934,792 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/09 09:31:56 | 000,143,360 | -H-- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
PRC - [2009/02/03 03:10:08 | 000,388,096 | ---- | M] (Igor Pavlov) -- C:\Program Files\7-Zip\7zFM.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/01/16 12:46:12 | 000,878,592 | -H-- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2005/02/25 20:28:03 | 000,212,992 | -H-- | M] (Ahead Software) -- C:\Program Files\Nero\data\Xtras\mssysmgr.exe
PRC - [2003/01/31 20:49:34 | 000,098,304 | -H-- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
PRC - [2002/08/07 12:24:48 | 000,485,376 | -H-- | M] (Hewlett-Packard Company) -- C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
PRC - [2002/05/28 06:37:16 | 000,069,632 | -H-- | M] (adi) -- C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe

========== Modules (SafeList) ==========

MOD - [2011/04/08 10:03:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/09/28 15:30:20 | 001,156,440 | -H-- | M] (LeapFrog Enterprises, Inc.) [Auto | Stopped] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/07/15 09:37:16 | 000,308,136 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2008/12/16 21:59:50 | 000,150,040 | -H-- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/09/10 23:37:36 | 000,024,576 | -H-- | M] (Intuit) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/08/08 22:10:46 | 000,061,440 | -H-- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/04/13 20:12:22 | 000,015,360 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 20:12:22 | 000,015,360 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 20:12:22 | 000,015,360 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/10/26 15:28:06 | 001,524,512 | -H-- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2006/01/16 12:46:12 | 000,878,592 | -H-- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR) InCD Helper (read only)
SRV - [2002/09/20 20:50:10 | 000,045,056 | -H-- | M] (Analog Devices, Inc.) [Auto | Stopped] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
SRV - [2002/09/20 12:41:00 | 000,077,824 | -H-- | M] (Computer Associates) [On_Demand | Stopped] -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe -- (CA_LIC_SRVR)
SRV - [2002/09/20 12:29:28 | 000,053,248 | -H-- | M] (Computer Associates) [Auto | Stopped] -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe -- (LogWatch)
SRV - [2002/09/20 12:27:04 | 000,077,824 | -H-- | M] (Computer Associates) [On_Demand | Stopped] -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe -- (CA_LIC_CLNT)

========== Driver Services (SafeList) ==========

DRV - [2010/07/15 09:37:30 | 000,243,024 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/15 09:35:23 | 000,216,400 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/21 08:28:24 | 000,029,584 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/11/10 10:27:06 | 000,018,560 | -H-- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2008/12/17 02:02:08 | 000,023,832 | RH-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/12/17 02:01:44 | 006,364,440 | RH-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam Pro for Notebooks(UVC)
DRV - [2008/12/17 02:01:22 | 000,041,752 | RH-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 02:00:14 | 000,768,024 | RH-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/12/16 21:58:54 | 000,025,624 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/10/26 15:27:00 | 000,306,300 | -H-- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/01/31 14:45:06 | 000,127,376 | -H-- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 17:28:02 | 000,005,275 | -H-- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/01/17 11:09:34 | 000,102,016 | -H-- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2006/01/17 11:09:28 | 000,029,440 | -H-- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2006/01/17 05:09:26 | 000,032,640 | -H-- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2005/01/26 11:22:20 | 000,280,344 | -H-- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004/08/03 20:29:50 | 000,019,455 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 20:29:48 | 000,012,063 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 20:29:46 | 000,025,471 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 20:29:46 | 000,023,615 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 20:29:46 | 000,022,271 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 20:29:44 | 000,033,599 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 20:29:44 | 000,019,551 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 20:29:42 | 000,029,311 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 20:29:42 | 000,011,871 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 20:29:40 | 000,011,807 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 20:29:40 | 000,011,295 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 20:29:38 | 000,161,020 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 20:29:38 | 000,012,415 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 20:29:38 | 000,012,127 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 20:29:38 | 000,011,775 | -H-- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2004/03/08 13:55:50 | 000,013,567 | -H-- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003/02/25 12:18:08 | 000,170,880 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2003/02/05 16:22:32 | 000,050,816 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp)
DRV - [2002/04/04 02:32:06 | 000,028,416 | RH-- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{CEBA455A-C63B-4E7B-9D02-C92BF25C43C2}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{CEBA455A-C63B-4E7B-9D02-C92BF25C43C2} [2011/03/31 20:58:44 | 000,000,000 | -H-D | M]

O1 HOSTS File: ([2011/04/11 14:40:02 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe (adi)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [mMouse] File not found
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [srmclean] C:\cpqs\scom\srmclean.exe ()
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files\Nero\data\Xtras\mssysmgr.exe (Ahead Software)
O4 - HKCU..\Run: [pronto] C:\Program Files\Wimba\Pronto\pronto.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe (Sony Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: ameritrade.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([community] https in Trusted sites)
O15 - HKCU\..Trusted Domains: tdameritrade.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range78 ([https] in Trusted sites)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://www.expologi...intpro/smsx.cab (MeadCo ScriptX)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1190813842812 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1190813915359 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFECAFE-0013-0001-0017-ABCDEFABCDEF} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://hirerighteve...bex/ieatgpc.cab (GpcContainer Class)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{53140a7a-b1a1-11dd-8e7e-000f206f6843}\Shell\AutoRun\command - "" = E:\system\viewer\FlipVideoforPC.exe
O33 - MountPoints2\{53140a7a-b1a1-11dd-8e7e-000f206f6843}\Shell\Flip Video for PC\command - "" = E:\system\viewer\FlipVideoforPC.exe
O33 - MountPoints2\{83b9e81d-20f2-11dd-8e5f-000f206f6843}\Shell - "" = AutoRun
O33 - MountPoints2\{83b9e81d-20f2-11dd-8e5f-000f206f6843}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{83b9e81d-20f2-11dd-8e5f-000f206f6843}\Shell\AutoRun\command - "" = F:\Imageviewer.exe
O33 - MountPoints2\{df0fe0c7-2dbb-11de-b2a0-000f206f6843}\Shell - "" = AutoRun
O33 - MountPoints2\{df0fe0c7-2dbb-11de-b2a0-000f206f6843}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{df0fe0c7-2dbb-11de-b2a0-000f206f6843}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL README.HTML
O33 - MountPoints2\{ebfccded-1742-11de-84ef-000f206f6843}\Shell - "" = AutoRun
O33 - MountPoints2\{ebfccded-1742-11de-84ef-000f206f6843}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ebfccded-1742-11de-84ef-000f206f6843}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL README.HTML
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/11 14:39:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/11 14:24:28 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/04/10 08:49:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/04/08 12:27:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\AVG
[2011/04/08 10:41:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/08 09:37:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/04/08 09:37:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/04/08 09:37:14 | 003,050,664 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup305.exe
[2011/04/07 14:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Google
[2011/04/07 08:40:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/04/06 19:43:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/05 21:53:31 | 000,963,976 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Administrator\Desktop\mbam.exe
[2011/04/05 21:53:31 | 000,518,480 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Administrator\Desktop\mbamcore.dll
[2011/04/05 21:53:31 | 000,496,976 | ---- | C] (vbAccelerator) -- C:\Documents and Settings\Administrator\Desktop\vbalsgrid6.ocx
[2011/04/05 21:53:31 | 000,443,728 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Administrator\Desktop\mbamgui.exe
[2011/04/05 21:53:31 | 000,363,344 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Administrator\Desktop\mbamservice.exe
[2011/04/05 21:53:31 | 000,331,088 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Administrator\Desktop\mbamnet.dll
[2011/04/05 21:53:31 | 000,202,576 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Administrator\Desktop\mbam.dll
[2011/04/05 21:53:31 | 000,090,960 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Administrator\Desktop\mbamext.dll
[2011/04/05 21:53:31 | 000,046,416 | ---- | C] (vbAccelerator) -- C:\Documents and Settings\Administrator\Desktop\ssubtmr6.dll
[2011/04/05 21:53:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Languages
[2011/04/05 16:07:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2011/04/05 16:07:34 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/04/04 12:10:19 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\gfix.exe
[2011/04/04 07:35:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/04/04 03:26:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/04/04 03:26:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/04/04 03:14:49 | 000,000,000 | -H-D | C] -- C:\Windows Restore
[2011/04/04 00:43:28 | 007,734,208 | -H-- | C] (Malwarebytes Corporation ) -- C:\mbam-setup-1.50.1.1100.exe
[2011/04/03 23:18:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/03 23:17:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/04/03 01:23:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/04/01 16:31:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/03/31 21:07:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/03/31 21:06:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/03/31 20:58:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{CEBA455A-C63B-4E7B-9D02-C92BF25C43C2}
[2011/03/31 20:56:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\DE80641BF679C83455FF22DFC888E9E5
[2009/10/29 10:26:37 | 002,020,136 | -H-- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe
[2009/04/21 09:23:44 | 004,705,320 | -H-- | C] (Macrovision Corporation) -- C:\Program Files\nav-u_tool2211Setup.exe
[2009/04/05 21:05:50 | 063,049,904 | -H-- | C] (AVG Technologies) -- C:\Program Files\avg_free_stf_en_85_285a1462.exe
[2009/03/25 07:50:34 | 004,707,592 | -H-- | C] (Macrovision Corporation) -- C:\Program Files\nav-u_tool2190Setup.exe
[2009/03/14 09:52:05 | 062,801,864 | -H-- | C] (AVG Technologies) -- C:\Program Files\avg_afwt_stf_en_8_237a1428.exe
[2009/03/13 19:32:22 | 000,361,464 | -H-- | C] (Digital River, Inc.) -- C:\Program Files\Download_N360S200_now.exe
[2009/02/14 11:34:01 | 059,981,528 | -H-- | C] (AVG Technologies) -- C:\Program Files\avg_free_stf_en_8_233a1415.exe
[2009/01/12 20:41:29 | 007,771,584 | -H-- | C] (Microsoft Corporation) -- C:\Program Files\windows-kb890830-v2.5.exe
[2009/01/12 09:40:55 | 015,083,520 | -H-- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd160.exe
[2008/12/03 23:02:50 | 000,891,048 | -H-- | C] (AVG Technologies) -- C:\Program Files\avg_free_stb_all_9_39_cnet.exe
[2008/11/12 07:07:04 | 002,698,976 | -H-- | C] (Uniblue ) -- C:\Program Files\systemtweaker.exe
[2008/11/12 07:04:29 | 001,645,640 | -H-- | C] (Uniblue Systems ) -- C:\Program Files\rb09_2_1_0_0.exe
[2008/11/09 08:30:33 | 001,677,920 | -H-- | C] (Uniblue Systems ) -- C:\Program Files\registryboosterbnf2.exe
[2008/03/12 17:33:29 | 045,144,176 | -H-- | C] (SleepEx Systems, Inc. ) -- C:\Program Files\SleepEx.2.3.build.2.3.0.17.Install.AllUsers.exe
[2007/10/24 22:51:01 | 023,405,072 | -H-- | C] ( ) -- C:\Program Files\AdbeRdr811_en_US.exe

========== Files - Modified Within 30 Days ==========

[2011/04/11 14:46:08 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/11 14:44:36 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/11 14:44:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/11 14:44:27 | 1601,753,088 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/11 14:40:02 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/04/08 12:49:11 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/08 11:06:03 | 000,000,886 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/08 10:43:21 | 000,286,112 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/08 10:03:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/04/08 09:37:27 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/04/08 09:24:28 | 003,050,664 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup305.exe
[2011/04/05 20:06:28 | 000,000,015 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\settings.dat
[2011/04/05 15:42:04 | 000,465,298 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RootRepeal.rar
[2011/04/04 15:49:58 | 000,010,562 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\unins000.msg
[2011/04/04 15:49:58 | 000,009,621 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\unins000.dat
[2011/04/04 15:49:02 | 000,709,456 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\unins000.exe
[2011/04/04 03:14:52 | 000,000,719 | -H-- | M] () -- C:\Windows Restore.lnk
[2011/04/04 00:43:33 | 007,734,208 | -H-- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.50.1.1100.exe
[2011/04/04 00:01:50 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\gfix.exe
[2011/04/03 23:16:46 | 000,512,992 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\sdsetup_aff.exe
[2011/04/03 22:10:38 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rkill.exe
[2011/04/02 01:16:24 | 000,000,600 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PUTTY.RND
[2011/04/01 09:57:38 | 073,617,605 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/03/31 22:46:21 | 000,002,447 | -H-- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/03/28 03:09:29 | 000,001,813 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/03/23 23:52:17 | 000,528,382 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/23 23:52:17 | 000,104,418 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/17 20:09:31 | 000,001,791 | -H-- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2011/04/11 14:44:27 | 1601,753,088 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/08 09:37:27 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/04/07 13:02:25 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/05 21:53:31 | 000,709,456 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\unins000.exe
[2011/04/05 21:53:31 | 000,394,695 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\mbam.chm
[2011/04/05 21:53:31 | 000,010,562 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\unins000.msg
[2011/04/05 21:53:31 | 000,009,621 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\unins000.dat
[2011/04/05 21:53:31 | 000,000,941 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\changes.rtf
[2011/04/05 21:05:47 | 000,465,298 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RootRepeal.rar
[2011/04/05 20:04:05 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\settings.dat
[2011/04/04 12:09:48 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rkill.exe
[2011/04/04 03:14:52 | 000,000,719 | -H-- | C] () -- C:\Windows Restore.lnk
[2011/04/03 23:17:34 | 000,512,992 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\sdsetup_aff.exe
[2011/04/03 21:10:18 | 000,019,262 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\dcs020pnx6qb2cg757557o3g4oo7cl1yrtu055q0kf6f
[2011/04/02 02:27:03 | 000,019,262 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\dcs020pnx6qb2cg757557o3g4oo7cl1yrtu055q0kf6f
[2011/04/01 13:51:41 | 000,147,968 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\appprovcfg.exe
[2010/07/02 13:19:05 | 000,000,050 | -H-- | C] () -- C:\WINDOWS\System32\bridf08b.dat
[2010/07/02 12:59:46 | 000,031,767 | -H-- | C] () -- C:\WINDOWS\maxlink.ini
[2010/03/23 15:02:21 | 000,000,600 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PUTTY.RND
[2010/03/23 08:20:30 | 000,021,791 | -H-- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2010/03/23 08:20:30 | 000,001,037 | -H-- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2010/03/23 08:20:07 | 000,038,576 | -H-- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2010/03/23 08:20:07 | 000,010,225 | -H-- | C] () -- C:\WINDOWS\System32\axperf.ini
[2010/03/23 08:20:06 | 000,011,435 | -H-- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2010/03/23 08:20:04 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/10/31 20:57:16 | 000,081,110 | RH-- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/10/29 10:32:31 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/08/03 15:07:42 | 000,403,816 | -H-- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | -H-- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/04/21 09:22:24 | 018,677,852 | -H-- | C] () -- C:\Program Files\SONYNAVU_U44_1.1.CO.BIN
[2009/03/25 14:15:39 | 000,000,116 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/14 09:38:46 | 000,005,115 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2009/03/11 20:41:11 | 000,002,492 | -H-- | C] () -- C:\Documents and Settings\Administrator\Application Data\ViewerApp.dat
[2009/01/01 12:44:30 | 000,000,090 | -H-- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2008/12/16 21:58:54 | 000,025,624 | -H-- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 21:50:56 | 000,013,584 | -H-- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/08/04 21:48:26 | 000,000,283 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2008/04/27 21:19:03 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2008/02/19 02:33:34 | 000,446,352 | -H-- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/11/29 20:40:48 | 000,087,552 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/19 03:31:58 | 000,003,654 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/10/26 15:28:18 | 000,197,408 | -H-- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/10/26 15:28:04 | 000,193,312 | -H-- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/10/06 22:13:44 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\encore_launcher.ini
[2007/10/06 20:53:50 | 000,000,717 | -H-- | C] () -- C:\WINDOWS\QIII.INI
[2007/09/26 23:32:02 | 000,000,419 | -H-- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/09/26 23:32:02 | 000,000,027 | -H-- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/09/26 23:31:37 | 000,000,888 | -H-- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2007/09/26 23:31:37 | 000,000,093 | -H-- | C] () -- C:\WINDOWS\brpcfx.ini
[2007/09/26 23:31:37 | 000,000,050 | -H-- | C] () -- C:\WINDOWS\System32\bridf06a.dat
[2007/09/26 23:30:53 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\brdfxspd.dat
[2007/09/26 23:30:52 | 000,106,496 | -H-- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2007/09/26 23:26:15 | 000,001,155 | -H-- | C] () -- C:\WINDOWS\checkip.dat
[2007/09/26 21:31:03 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/26 21:04:22 | 000,000,047 | -H-- | C] () -- C:\WINDOWS\InoSetup.ini
[2006/10/30 21:44:25 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/30 21:42:03 | 000,036,864 | -H-- | C] () -- C:\WINDOWS\Reboot.exe
[2006/10/30 21:40:48 | 000,001,057 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/10/30 21:38:04 | 000,005,025 | -H-- | C] () -- C:\WINDOWS\System32\patterns.dat
[2006/10/30 21:37:48 | 000,000,044 | -H-- | C] () -- C:\WINDOWS\System32\msssc.dll
[2006/10/30 21:25:54 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/10/30 21:25:32 | 000,004,605 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/10/30 21:25:27 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/10/30 21:25:22 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/10/30 21:23:53 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/09/18 14:37:50 | 000,000,530 | -H-- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2006/09/18 14:37:48 | 000,667,280 | -H-- | C] () -- C:\WINDOWS\System32\tx12.dll
[2004/08/10 13:53:59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/09 16:44:34 | 000,528,382 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/09 16:44:34 | 000,104,418 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/09 16:40:44 | 000,286,112 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/09 16:33:30 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/09 16:28:56 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/03/04 10:16:34 | 000,110,592 | RH-- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/09/05 01:25:36 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\LoadDll.dll
[2001/08/17 16:30:26 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/17 16:30:26 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/17 16:15:40 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/07/21 17:36:50 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/07/21 17:36:06 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat

========== LOP Check ==========

[2009/03/25 13:14:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Auslogics
[2011/04/03 23:31:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\DE80641BF679C83455FF22DFC888E9E5
[2009/03/22 20:57:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\DriverCure
[2010/03/07 14:25:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Facebook
[2009/03/14 02:38:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2011/03/02 22:19:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\HorizonWimba
[2009/10/31 20:58:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2008/01/06 16:43:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\OurPictures
[2008/01/21 12:28:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\PC-FAX TX
[2007/09/27 11:38:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\ScanSoft
[2009/03/25 14:07:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Simple Star
[2009/10/31 20:54:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Snapfish
[2008/11/12 07:07:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\System Tweaker
[2008/11/09 08:31:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Uniblue
[2010/03/23 11:39:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/03/14 11:33:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/03/23 07:52:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2009/12/26 14:12:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2009/03/22 20:38:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/03/25 12:25:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/02/01 11:21:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Raize
[2010/07/02 12:59:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/01/01 12:54:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2011/04/04 00:36:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/22 21:01:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2008/11/12 07:05:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
[2009/03/13 21:50:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

Attached Files

OTL.Txt2.txt 84.45KB 97 downloads
aswMBR.txt 1.45KB 99 downloads

#4
Essexboy

Posted 11 April 2011 - 01:07 PM

GeekU Moderator

Retired Staff
69,964 posts

You have a TDL 4 mbr infection - once these runs are complete can you let me know what problems remain

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
FF - HKLM\software\mozilla\Firefox\Extensions\\{CEBA455A-C63B-4E7B-9D02-C92BF25C43C2}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{CEBA455A-C63B-4E7B-9D02-C92BF25C43C2} [2011/03/31 20:58:44 | 000,000,000 | -H-D | M]
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found.
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found.
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No CLSID value found.
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFECAFE-0013-0001-0017-ABCDEFABCDEF} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O33 - MountPoints2\{df0fe0c7-2dbb-11de-b2a0-000f206f6843}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL README.HTML
O33 - MountPoints2\{ebfccded-1742-11de-84ef-000f206f6843}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL README.HTML
[2011/04/04 03:14:49 | 000,000,000 | -H-D | C] -- C:\Windows Restore
[2011/04/04 03:14:52 | 000,000,719 | -H-- | M] () -- C:\Windows Restore.lnk

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Re-Run aswMBR

Click Scan

On completion of the scan

Click the Fix Button

Posted Image

Save the log as before and post in your next reply

#5
griruco

Posted 11 April 2011 - 04:38 PM

Member

Topic Starter
Member
74 posts

I can't get a clean reboot. It gets stuck shutting down windows.
Thanks

#6
Essexboy

Posted 12 April 2011 - 10:48 AM

GeekU Moderator

Retired Staff
69,964 posts

Power the system down and then reboot please - let me know what happens when you reboot - i.e. any problems

#7
griruco

Posted 12 April 2011 - 12:36 PM

Member

Topic Starter
Member
74 posts

I had to pull the plug, but from there rebooted fine. I didn't know if the changes were made properly.
Thank you.

#8
Essexboy

Posted 12 April 2011 - 12:44 PM

GeekU Moderator

Retired Staff
69,964 posts

Could you rerun aswmbr please to check it out

Also what other problems are you experiencing ?

#9
griruco

Posted 13 April 2011 - 10:52 AM

Member

Topic Starter
Member
74 posts

I was able to run aswMBR and the log is attached. Currently, I cannot see programs under "START" nor hard drive contents, but I can if I use 7-zip file manager. I get active desktop recovery message on desktop. I am able to run internet explorer from desktop, but linkup seems slow. I will continue to monitor for other problems.
Thank you very much!

Attached Files

aswMBR2.txt 1.45KB 96 downloads

#10
Essexboy

Posted 13 April 2011 - 10:56 AM

GeekU Moderator

Retired Staff
69,964 posts

OK then two things to do - clear the last remaining miscreant and give you your folders back

We will use a different programme for the MBR as the malware gets uppity with ASWMbr,

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

THEN

Magic time to restore files and folders

Download RogueKiller to your desktop

Quit all running programs
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
When prompted, type 6 and validate
The RKreport.txt shall be generated next to the executable.

Please post the contents of the RKreport.txt in your next Reply.

Once all is done could you run a fresh OTL log please

#11
griruco

Posted 13 April 2011 - 11:43 AM

Member

Topic Starter
Member
74 posts

Looks promising, thank you.

RogueKiller V4.3.8 by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Administrator [Admin rights]
Mode: Shortcuts HJfix -- Date : 04/13/2011 13:20:32

Bad processes: 0

File attributes restored:
Desktop: Success 2558 / Fail 0
Quick launch: Success 7 / Fail 0
Programs: Success 277 / Fail 0
Start menu: Success 29 / Fail 0
User folder: Success 53 / Fail 0
My documents: Success 1827 / Fail 0
My favorites: Success 347 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 89907 / Fail 0

Finished : << RKreport[1].txt >>
RKreport[1].txt

OTL logfile created on: 4/13/2011 1:24:11 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 8.17 Gb Free Space | 21.92% Space Free | Partition Type: NTFS

Computer Name: HP10409150401 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/08 10:03:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/11/24 10:19:27 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/28 16:06:04 | 000,185,688 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2010/09/28 15:30:20 | 001,156,440 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/09/23 09:33:07 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/15 09:37:24 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/15 09:37:16 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/15 09:35:13 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/04/13 15:27:52 | 015,319,688 | ---- | M] () -- C:\Program Files\Wimba\Pronto\pronto.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/09 09:31:56 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
PRC - [2009/02/03 03:10:08 | 000,388,096 | ---- | M] (Igor Pavlov) -- C:\Program Files\7-Zip\7zFM.exe
PRC - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/09/10 23:37:36 | 000,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/26 15:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2006/01/16 12:46:12 | 000,878,592 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2005/02/25 20:28:03 | 000,212,992 | ---- | M] (Ahead Software) -- C:\Program Files\Nero\data\Xtras\mssysmgr.exe
PRC - [2003/01/31 20:49:34 | 000,098,304 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
PRC - [2002/09/20 20:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002/09/20 12:29:28 | 000,053,248 | ---- | M] (Computer Associates) -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
PRC - [2002/05/28 06:37:16 | 000,069,632 | ---- | M] (adi) -- C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe

========== Modules (SafeList) ==========

MOD - [2011/04/08 10:03:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/09/28 15:30:20 | 001,156,440 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/07/15 09:37:16 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/09/10 23:37:36 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/08/08 22:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/10/26 15:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2006/01/16 12:46:12 | 000,878,592 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR) InCD Helper (read only)
SRV - [2002/09/20 20:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
SRV - [2002/09/20 12:41:00 | 000,077,824 | ---- | M] (Computer Associates) [On_Demand | Stopped] -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe -- (CA_LIC_SRVR)
SRV - [2002/09/20 12:29:28 | 000,053,248 | ---- | M] (Computer Associates) [Auto | Running] -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe -- (LogWatch)
SRV - [2002/09/20 12:27:04 | 000,077,824 | ---- | M] (Computer Associates) [On_Demand | Stopped] -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe -- (CA_LIC_CLNT)

========== Driver Services (SafeList) ==========

DRV - [2010/07/15 09:37:30 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/15 09:35:23 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/21 08:28:24 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/11/10 10:27:06 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2008/12/17 02:02:08 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/12/17 02:01:44 | 006,364,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam Pro for Notebooks(UVC)
DRV - [2008/12/17 02:01:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 02:00:14 | 000,768,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/12/16 21:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/10/26 15:27:00 | 000,306,300 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/01/31 14:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/01/17 11:09:34 | 000,102,016 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2006/01/17 11:09:28 | 000,029,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2006/01/17 05:09:26 | 000,032,640 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2005/01/26 11:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004/08/03 20:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 20:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 20:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 20:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 20:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 20:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 20:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 20:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 20:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 20:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 20:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 20:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 20:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 20:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 20:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2004/03/08 13:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003/02/25 12:18:08 | 000,170,880 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2003/02/05 16:22:32 | 000,050,816 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp)
DRV - [2002/04/04 02:32:06 | 000,028,416 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2011/04/11 17:01:15 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe (adi)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [mMouse] File not found
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [srmclean] C:\cpqs\scom\srmclean.exe ()
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files\Nero\data\Xtras\mssysmgr.exe (Ahead Software)
O4 - HKCU..\Run: [pronto] C:\Program Files\Wimba\Pronto\pronto.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe (Sony Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: ameritrade.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([community] https in Trusted sites)
O15 - HKCU\..Trusted Domains: tdameritrade.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range78 ([https] in Trusted sites)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://www.expologi...intpro/smsx.cab (MeadCo ScriptX)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1190813842812 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1190813915359 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFECAFE-0013-0001-0017-ABCDEFABCDEF} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://hirerighteve...bex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 74.128.17.114 74.128.19.102
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{53140a7a-b1a1-11dd-8e7e-000f206f6843}\Shell\AutoRun\command - "" = E:\system\viewer\FlipVideoforPC.exe
O33 - MountPoints2\{53140a7a-b1a1-11dd-8e7e-000f206f6843}\Shell\Flip Video for PC\command - "" = E:\system\viewer\FlipVideoforPC.exe
O33 - MountPoints2\{83b9e81d-20f2-11dd-8e5f-000f206f6843}\Shell - "" = AutoRun
O33 - MountPoints2\{83b9e81d-20f2-11dd-8e5f-000f206f6843}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{83b9e81d-20f2-11dd-8e5f-000f206f6843}\Shell\AutoRun\command - "" = F:\Imageviewer.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/13 13:20:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\RK_Quarantine
[2011/04/13 12:41:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/04/11 14:54:22 | 000,566,272 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2011/04/11 14:39:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/11 14:24:28 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/04/08 12:27:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\AVG
[2011/04/08 10:41:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/08 09:37:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/04/08 09:37:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/04/08 09:37:14 | 003,050,664 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup305.exe
[2011/04/07 14:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Google
[2011/04/07 08:40:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/04/06 19:43:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/05 21:53:31 | 000,963,976 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Administrator\Desktop\mbam.exe
[2011/04/05 21:53:31 | 000,518,480 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Administrator\Desktop\mbamcore.dll
[2011/04/05 21:53:31 | 000,496,976 | ---- | C] (vbAccelerator) -- C:\Documents and Settings\Administrator\Desktop\vbalsgrid6.ocx
[2011/04/05 21:53:31 | 000,443,728 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Administrator\Desktop\mbamgui.exe
[2011/04/05 21:53:31 | 000,363,344 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Administrator\Desktop\mbamservice.exe
[2011/04/05 21:53:31 | 000,331,088 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Administrator\Desktop\mbamnet.dll
[2011/04/05 21:53:31 | 000,202,576 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Administrator\Desktop\mbam.dll
[2011/04/05 21:53:31 | 000,090,960 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Administrator\Desktop\mbamext.dll
[2011/04/05 21:53:31 | 000,046,416 | ---- | C] (vbAccelerator) -- C:\Documents and Settings\Administrator\Desktop\ssubtmr6.dll
[2011/04/05 21:53:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Languages
[2011/04/05 16:07:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2011/04/05 16:07:34 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/04/04 12:10:19 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\gfix.exe
[2011/04/04 07:35:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/04/04 03:26:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/04/04 03:26:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/04/04 03:15:17 | 000,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\beep.sys
[2011/04/04 00:43:28 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup-1.50.1.1100.exe
[2011/04/03 23:18:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/03 23:17:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/04/03 01:23:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/04/01 16:31:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/03/31 21:07:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/03/31 21:06:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/03/31 20:56:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\DE80641BF679C83455FF22DFC888E9E5
[2009/10/29 10:26:37 | 002,020,136 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe
[2009/04/21 09:23:44 | 004,705,320 | ---- | C] (Macrovision Corporation) -- C:\Program Files\nav-u_tool2211Setup.exe
[2009/04/05 21:05:50 | 063,049,904 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stf_en_85_285a1462.exe
[2009/03/25 07:50:34 | 004,707,592 | ---- | C] (Macrovision Corporation) -- C:\Program Files\nav-u_tool2190Setup.exe
[2009/03/14 09:52:05 | 062,801,864 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_afwt_stf_en_8_237a1428.exe
[2009/03/13 19:32:22 | 000,361,464 | ---- | C] (Digital River, Inc.) -- C:\Program Files\Download_N360S200_now.exe
[2009/02/14 11:34:01 | 059,981,528 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stf_en_8_233a1415.exe
[2009/01/12 20:41:29 | 007,771,584 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windows-kb890830-v2.5.exe
[2009/01/12 09:40:55 | 015,083,520 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd160.exe
[2008/12/03 23:02:50 | 000,891,048 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stb_all_9_39_cnet.exe
[2008/11/12 07:07:04 | 002,698,976 | ---- | C] (Uniblue ) -- C:\Program Files\systemtweaker.exe
[2008/11/12 07:04:29 | 001,645,640 | ---- | C] (Uniblue Systems ) -- C:\Program Files\rb09_2_1_0_0.exe
[2008/11/09 08:30:33 | 001,677,920 | ---- | C] (Uniblue Systems ) -- C:\Program Files\registryboosterbnf2.exe
[2008/03/12 17:33:29 | 045,144,176 | ---- | C] (SleepEx Systems, Inc. ) -- C:\Program Files\SleepEx.2.3.build.2.3.0.17.Install.AllUsers.exe
[2007/10/24 22:51:01 | 023,405,072 | ---- | C] ( ) -- C:\Program Files\AdbeRdr811_en_US.exe

========== Files - Modified Within 30 Days ==========

[2011/04/13 13:10:10 | 001,103,872 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe
[2011/04/13 13:08:01 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/13 13:07:25 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/13 13:07:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/13 13:07:16 | 1601,753,088 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/13 12:59:32 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.zip
[2011/04/13 12:56:30 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/11 17:06:14 | 000,000,886 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/11 17:01:15 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/04/11 14:42:44 | 000,566,272 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2011/04/08 10:43:21 | 000,286,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/08 10:03:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/04/08 09:37:27 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/04/08 09:24:28 | 003,050,664 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup305.exe
[2011/04/05 20:06:28 | 000,000,015 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\settings.dat
[2011/04/05 15:42:04 | 000,465,298 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RootRepeal.rar
[2011/04/04 15:49:58 | 000,010,562 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\unins000.msg
[2011/04/04 15:49:58 | 000,009,621 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\unins000.dat
[2011/04/04 15:49:02 | 000,709,456 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\unins000.exe
[2011/04/04 00:43:33 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.50.1.1100.exe
[2011/04/04 00:01:50 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\gfix.exe
[2011/04/03 23:16:46 | 000,512,992 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\sdsetup_aff.exe
[2011/04/03 22:10:38 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rkill.exe
[2011/04/02 01:16:24 | 000,000,600 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PUTTY.RND
[2011/04/01 09:57:38 | 073,617,605 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/03/31 22:46:21 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/03/28 03:09:29 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/03/23 23:52:17 | 000,528,382 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/23 23:52:17 | 000,104,418 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/17 20:09:31 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2011/04/13 13:10:52 | 001,103,872 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe
[2011/04/13 13:01:33 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.zip
[2011/04/11 14:44:27 | 1601,753,088 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/08 09:37:27 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/04/07 13:02:25 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/05 21:53:31 | 000,709,456 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\unins000.exe
[2011/04/05 21:53:31 | 000,394,695 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\mbam.chm
[2011/04/05 21:53:31 | 000,010,562 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\unins000.msg
[2011/04/05 21:53:31 | 000,009,621 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\unins000.dat
[2011/04/05 21:53:31 | 000,000,941 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\changes.rtf
[2011/04/05 21:05:47 | 000,465,298 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RootRepeal.rar
[2011/04/05 20:04:05 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\settings.dat
[2011/04/04 12:09:48 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rkill.exe
[2011/04/03 23:17:34 | 000,512,992 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\sdsetup_aff.exe
[2011/04/03 21:10:18 | 000,019,262 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\dcs020pnx6qb2cg757557o3g4oo7cl1yrtu055q0kf6f
[2011/04/02 02:27:03 | 000,019,262 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\dcs020pnx6qb2cg757557o3g4oo7cl1yrtu055q0kf6f
[2011/04/01 13:51:41 | 000,147,968 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\appprovcfg.exe
[2010/07/02 13:19:05 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08b.dat
[2010/07/02 12:59:46 | 000,031,767 | -H-- | C] () -- C:\WINDOWS\maxlink.ini
[2010/03/23 15:02:21 | 000,000,600 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PUTTY.RND
[2010/03/23 08:20:30 | 000,021,791 | -H-- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2010/03/23 08:20:30 | 000,001,037 | -H-- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2010/03/23 08:20:07 | 000,038,576 | -H-- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2010/03/23 08:20:07 | 000,010,225 | -H-- | C] () -- C:\WINDOWS\System32\axperf.ini
[2010/03/23 08:20:06 | 000,011,435 | -H-- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2010/03/23 08:20:04 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/10/31 20:57:16 | 000,081,110 | RH-- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/10/29 10:32:31 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/04/21 09:22:24 | 018,677,852 | ---- | C] () -- C:\Program Files\SONYNAVU_U44_1.1.CO.BIN
[2009/03/25 14:15:39 | 000,000,116 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/14 09:38:46 | 000,005,115 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2009/03/11 20:41:11 | 000,002,492 | -H-- | C] () -- C:\Documents and Settings\Administrator\Application Data\ViewerApp.dat
[2009/01/01 12:44:30 | 000,000,090 | -H-- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2008/12/16 21:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 21:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/08/04 21:48:26 | 000,000,283 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2008/04/27 21:19:03 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/11/29 20:40:48 | 000,087,552 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/19 03:31:58 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/10/26 15:28:18 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/10/26 15:28:04 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/10/06 22:13:44 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\encore_launcher.ini
[2007/10/06 20:53:50 | 000,000,717 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2007/09/26 23:32:02 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/09/26 23:32:02 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/09/26 23:31:37 | 000,000,888 | -H-- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2007/09/26 23:31:37 | 000,000,093 | -H-- | C] () -- C:\WINDOWS\brpcfx.ini
[2007/09/26 23:31:37 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf06a.dat
[2007/09/26 23:30:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2007/09/26 23:30:52 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2007/09/26 23:26:15 | 000,001,155 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2007/09/26 21:31:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/26 21:04:22 | 000,000,047 | -H-- | C] () -- C:\WINDOWS\InoSetup.ini
[2006/10/30 21:44:25 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/30 21:42:03 | 000,036,864 | ---- | C] () -- C:\WINDOWS\Reboot.exe
[2006/10/30 21:40:48 | 000,001,057 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/10/30 21:38:04 | 000,005,025 | ---- | C] () -- C:\WINDOWS\System32\patterns.dat
[2006/10/30 21:37:48 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2006/10/30 21:25:54 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/10/30 21:25:32 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/10/30 21:25:27 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/10/30 21:25:22 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/10/30 21:23:53 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/09/18 14:37:50 | 000,000,530 | -H-- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2006/09/18 14:37:48 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2004/08/10 13:53:59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/09 16:44:34 | 000,528,382 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/09 16:44:34 | 000,104,418 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/09 16:40:44 | 000,286,112 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/09 16:33:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/09 16:28:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/03/04 10:16:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/09/05 01:25:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\LoadDll.dll
[2001/08/17 16:30:26 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/17 16:30:26 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/17 16:15:40 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/07/21 17:36:50 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/07/21 17:36:06 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

Attached Files

TDSSKiller.2.4.21.0_13.04.2011_13.02.02_log.txt 47.46KB 104 downloads
RKreport1.txt 857bytes 92 downloads
OTL3.txt 79.73KB 90 downloads

#12
Essexboy

Posted 13 April 2011 - 12:34 PM

GeekU Moderator

Retired Staff
69,964 posts

That looks pretty

Ok let remove a few orphans with OTL - run MBAM after updating and then see how your computer performs and any problems outstanding

First though could you disable spybot teatimer as it is stopping me from removing some old BHO's

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found.
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found.
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFECAFE-0013-0001-0017-ABCDEFABCDEF} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
[2011/04/11 14:54:22 | 000,566,272 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#13
griruco

Posted 13 April 2011 - 03:01 PM

Member

Topic Starter
Member
74 posts

I uninstalled spybot, but a Teatimer file still resides along w/ a driver. Any ideas on how to remove this? No threats after running MBAM. I ran a quick scan anyway and attached the txt file.
Thank you.

OTL logfile created on: 4/13/2011 4:34:06 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 8.08 Gb Free Space | 21.69% Space Free | Partition Type: NTFS
Drive F: | 3.73 Gb Total Space | 3.72 Gb Free Space | 99.71% Space Free | Partition Type: FAT32

Computer Name: HP10409150401 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/08 10:03:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/09/28 16:06:04 | 000,185,688 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2010/09/28 15:30:20 | 001,156,440 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/04/13 15:27:52 | 015,319,688 | ---- | M] () -- C:\Program Files\Wimba\Pronto\pronto.exe
PRC - [2009/02/09 09:31:56 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
PRC - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/09/10 23:37:36 | 000,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/26 15:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2006/01/16 12:46:12 | 000,878,592 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2005/02/25 20:28:03 | 000,212,992 | ---- | M] (Ahead Software) -- C:\Program Files\Nero\data\Xtras\mssysmgr.exe
PRC - [2004/07/08 17:13:42 | 000,106,496 | ---- | M] (Sony Corporation.) -- C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
PRC - [2003/11/21 22:02:42 | 000,151,552 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
PRC - [2003/01/31 20:49:34 | 000,098,304 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
PRC - [2002/09/20 20:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002/09/20 12:29:28 | 000,053,248 | ---- | M] (Computer Associates) -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
PRC - [2002/05/28 06:37:16 | 000,069,632 | ---- | M] (adi) -- C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe

========== Modules (SafeList) ==========

MOD - [2011/04/08 10:03:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/09/28 15:30:20 | 001,156,440 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/09/10 23:37:36 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/08/08 22:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/10/26 15:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2006/01/16 12:46:12 | 000,878,592 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR) InCD Helper (read only)
SRV - [2002/09/20 20:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
SRV - [2002/09/20 12:41:00 | 000,077,824 | ---- | M] (Computer Associates) [On_Demand | Stopped] -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe -- (CA_LIC_SRVR)
SRV - [2002/09/20 12:29:28 | 000,053,248 | ---- | M] (Computer Associates) [Auto | Running] -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe -- (LogWatch)
SRV - [2002/09/20 12:27:04 | 000,077,824 | ---- | M] (Computer Associates) [On_Demand | Stopped] -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe -- (CA_LIC_CLNT)

========== Driver Services (SafeList) ==========

DRV - [2010/07/15 09:35:23 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/21 08:28:24 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/11/10 10:27:06 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2008/12/17 02:02:08 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/12/17 02:01:44 | 006,364,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam Pro for Notebooks(UVC)
DRV - [2008/12/17 02:01:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 02:00:14 | 000,768,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/12/16 21:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/10/26 15:27:00 | 000,306,300 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/01/31 14:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/01/17 11:09:34 | 000,102,016 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2006/01/17 11:09:28 | 000,029,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2006/01/17 05:09:26 | 000,032,640 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2005/01/26 11:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004/08/03 20:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 20:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 20:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 20:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 20:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 20:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 20:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 20:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 20:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 20:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 20:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 20:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 20:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 20:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 20:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2004/03/08 13:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003/02/25 12:18:08 | 000,170,880 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2003/02/05 16:22:32 | 000,050,816 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp)
DRV - [2002/04/04 02:32:06 | 000,028,416 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2011/04/13 15:04:25 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe (adi)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [mMouse] File not found
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [srmclean] C:\cpqs\scom\srmclean.exe ()
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files\Nero\data\Xtras\mssysmgr.exe (Ahead Software)
O4 - HKCU..\Run: [pronto] C:\Program Files\Wimba\Pronto\pronto.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe (Sony Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: ameritrade.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([community] https in Trusted sites)
O15 - HKCU\..Trusted Domains: tdameritrade.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range78 ([https] in Trusted sites)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://www.expologi...intpro/smsx.cab (MeadCo ScriptX)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1190813842812 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1190813915359 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://hirerighteve...bex/ieatgpc.cab (GpcContainer Class)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{53140a7a-b1a1-11dd-8e7e-000f206f6843}\Shell\AutoRun\command - "" = E:\system\viewer\FlipVideoforPC.exe
O33 - MountPoints2\{53140a7a-b1a1-11dd-8e7e-000f206f6843}\Shell\Flip Video for PC\command - "" = E:\system\viewer\FlipVideoforPC.exe
O33 - MountPoints2\{83b9e81d-20f2-11dd-8e5f-000f206f6843}\Shell - "" = AutoRun
O33 - MountPoints2\{83b9e81d-20f2-11dd-8e5f-000f206f6843}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{83b9e81d-20f2-11dd-8e5f-000f206f6843}\Shell\AutoRun\command - "" = F:\Imageviewer.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/13 15:02:58 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/04/13 14:15:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/04/13 13:20:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\RK_Quarantine
[2011/04/11 14:39:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/11 14:24:28 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/04/08 10:41:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/08 09:37:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/04/08 09:37:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/04/08 09:37:14 | 003,050,664 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup305.exe
[2011/04/07 14:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Google
[2011/04/07 08:40:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/04/06 19:43:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/05 21:53:31 | 000,496,976 | ---- | C] (vbAccelerator) -- C:\Documents and Settings\Administrator\Desktop\vbalsgrid6.ocx
[2011/04/05 21:53:31 | 000,363,344 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Administrator\Desktop\mbamservice.exe
[2011/04/05 21:53:31 | 000,331,088 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Administrator\Desktop\mbamnet.dll
[2011/04/05 21:53:31 | 000,046,416 | ---- | C] (vbAccelerator) -- C:\Documents and Settings\Administrator\Desktop\ssubtmr6.dll
[2011/04/05 21:53:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Languages
[2011/04/05 16:07:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2011/04/05 16:07:34 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/04/04 12:10:19 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\gfix.exe
[2011/04/04 07:35:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/04/04 03:26:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/04/04 03:26:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/04/04 00:43:28 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup-1.50.1.1100.exe
[2011/04/03 23:18:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/03 23:17:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/04/03 01:23:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/04/01 16:31:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/03/31 21:07:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/03/31 21:06:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/03/31 20:56:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\DE80641BF679C83455FF22DFC888E9E5
[2009/10/29 10:26:37 | 002,020,136 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe
[2009/04/21 09:23:44 | 004,705,320 | ---- | C] (Macrovision Corporation) -- C:\Program Files\nav-u_tool2211Setup.exe
[2009/04/05 21:05:50 | 063,049,904 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stf_en_85_285a1462.exe
[2009/03/25 07:50:34 | 004,707,592 | ---- | C] (Macrovision Corporation) -- C:\Program Files\nav-u_tool2190Setup.exe
[2009/03/14 09:52:05 | 062,801,864 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_afwt_stf_en_8_237a1428.exe
[2009/03/13 19:32:22 | 000,361,464 | ---- | C] (Digital River, Inc.) -- C:\Program Files\Download_N360S200_now.exe
[2009/02/14 11:34:01 | 059,981,528 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stf_en_8_233a1415.exe
[2009/01/12 20:41:29 | 007,771,584 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windows-kb890830-v2.5.exe
[2009/01/12 09:40:55 | 015,083,520 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd160.exe
[2008/12/03 23:02:50 | 000,891,048 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stb_all_9_39_cnet.exe
[2008/11/12 07:07:04 | 002,698,976 | ---- | C] (Uniblue ) -- C:\Program Files\systemtweaker.exe
[2008/11/12 07:04:29 | 001,645,640 | ---- | C] (Uniblue Systems ) -- C:\Program Files\rb09_2_1_0_0.exe
[2008/11/09 08:30:33 | 001,677,920 | ---- | C] (Uniblue Systems ) -- C:\Program Files\registryboosterbnf2.exe
[2008/03/12 17:33:29 | 045,144,176 | ---- | C] (SleepEx Systems, Inc. ) -- C:\Program Files\SleepEx.2.3.build.2.3.0.17.Install.AllUsers.exe
[2007/10/24 22:51:01 | 023,405,072 | ---- | C] ( ) -- C:\Program Files\AdbeRdr811_en_US.exe

========== Files - Modified Within 30 Days ==========

[2011/04/13 16:32:10 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/13 16:31:34 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/04/13 16:31:27 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/13 16:31:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/13 16:31:18 | 1601,753,088 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/13 16:06:00 | 000,000,886 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/13 15:04:25 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/04/13 13:10:10 | 001,103,872 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe
[2011/04/13 12:59:32 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.zip
[2011/04/13 12:56:30 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/08 10:43:21 | 000,286,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/08 10:03:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/04/08 09:37:27 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/04/08 09:24:28 | 003,050,664 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup305.exe
[2011/04/05 15:42:04 | 000,465,298 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RootRepeal.rar
[2011/04/04 00:43:33 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.50.1.1100.exe
[2011/04/04 00:01:50 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\gfix.exe
[2011/04/03 23:16:46 | 000,512,992 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\sdsetup_aff.exe
[2011/04/03 22:10:38 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rkill.exe
[2011/04/02 01:16:24 | 000,000,600 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PUTTY.RND
[2011/04/01 09:57:38 | 073,617,605 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/03/28 03:09:29 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/03/23 23:52:17 | 000,528,382 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/23 23:52:17 | 000,104,418 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/17 20:09:31 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2011/04/13 14:27:48 | 1601,753,088 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/13 13:10:52 | 001,103,872 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe
[2011/04/13 13:01:33 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.zip
[2011/04/08 09:37:27 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/04/07 13:02:25 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/05 21:53:31 | 000,009,621 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\unins000.dat
[2011/04/05 21:53:31 | 000,000,941 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\changes.rtf
[2011/04/05 21:05:47 | 000,465,298 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RootRepeal.rar
[2011/04/05 20:04:05 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\settings.dat
[2011/04/04 12:09:48 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rkill.exe
[2011/04/03 23:17:34 | 000,512,992 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\sdsetup_aff.exe
[2011/04/03 21:10:18 | 000,019,262 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\dcs020pnx6qb2cg757557o3g4oo7cl1yrtu055q0kf6f
[2011/04/02 02:27:03 | 000,019,262 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\dcs020pnx6qb2cg757557o3g4oo7cl1yrtu055q0kf6f
[2011/04/01 13:51:41 | 000,147,968 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\appprovcfg.exe
[2010/07/02 13:19:05 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08b.dat
[2010/07/02 12:59:46 | 000,031,767 | -H-- | C] () -- C:\WINDOWS\maxlink.ini
[2010/03/23 15:02:21 | 000,000,600 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PUTTY.RND
[2010/03/23 08:20:30 | 000,021,791 | -H-- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2010/03/23 08:20:30 | 000,001,037 | -H-- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2010/03/23 08:20:07 | 000,038,576 | -H-- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2010/03/23 08:20:07 | 000,010,225 | -H-- | C] () -- C:\WINDOWS\System32\axperf.ini
[2010/03/23 08:20:06 | 000,011,435 | -H-- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2010/03/23 08:20:04 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/10/31 20:57:16 | 000,081,110 | RH-- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/10/29 10:32:31 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/04/21 09:22:24 | 018,677,852 | ---- | C] () -- C:\Program Files\SONYNAVU_U44_1.1.CO.BIN
[2009/03/25 14:15:39 | 000,000,116 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/14 09:38:46 | 000,005,115 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2009/03/11 20:41:11 | 000,002,492 | -H-- | C] () -- C:\Documents and Settings\Administrator\Application Data\ViewerApp.dat
[2009/01/01 12:44:30 | 000,000,090 | -H-- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2008/12/16 21:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 21:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/08/04 21:48:26 | 000,000,283 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2008/04/27 21:19:03 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/11/29 20:40:48 | 000,087,552 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/19 03:31:58 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/10/26 15:28:18 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/10/26 15:28:04 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/10/06 22:13:44 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\encore_launcher.ini
[2007/10/06 20:53:50 | 000,000,717 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2007/09/26 23:32:02 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/09/26 23:32:02 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/09/26 23:31:37 | 000,000,888 | -H-- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2007/09/26 23:31:37 | 000,000,093 | -H-- | C] () -- C:\WINDOWS\brpcfx.ini
[2007/09/26 23:31:37 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf06a.dat
[2007/09/26 23:30:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2007/09/26 23:30:52 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2007/09/26 23:26:15 | 000,001,155 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2007/09/26 21:31:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/26 21:04:22 | 000,000,047 | -H-- | C] () -- C:\WINDOWS\InoSetup.ini
[2006/10/30 21:44:25 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/30 21:42:03 | 000,036,864 | ---- | C] () -- C:\WINDOWS\Reboot.exe
[2006/10/30 21:40:48 | 000,001,057 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/10/30 21:38:04 | 000,005,025 | ---- | C] () -- C:\WINDOWS\System32\patterns.dat
[2006/10/30 21:37:48 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2006/10/30 21:25:54 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/10/30 21:25:32 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/10/30 21:25:27 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/10/30 21:25:22 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/10/30 21:23:53 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/09/18 14:37:50 | 000,000,530 | -H-- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2006/09/18 14:37:48 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2004/08/10 13:53:59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/09 16:44:34 | 000,528,382 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/09 16:44:34 | 000,104,418 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/09 16:40:44 | 000,286,112 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/09 16:33:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/09 16:28:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/03/04 10:16:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/09/05 01:25:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\LoadDll.dll
[2001/08/17 16:30:26 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/17 16:30:26 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/17 16:15:40 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/07/21 17:36:50 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/07/21 17:36:06 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

========== LOP Check ==========

[2009/03/25 13:14:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Auslogics
[2011/04/03 23:31:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\DE80641BF679C83455FF22DFC888E9E5
[2009/03/22 20:57:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\DriverCure
[2010/03/07 14:25:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Facebook
[2009/03/14 02:38:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2011/03/02 22:19:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\HorizonWimba
[2009/10/31 20:58:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2008/01/06 16:43:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\OurPictures
[2008/01/21 12:28:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\PC-FAX TX
[2007/09/27 11:38:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\ScanSoft
[2009/03/25 14:07:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Simple Star
[2009/10/31 20:54:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Snapfish
[2008/11/12 07:07:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\System Tweaker
[2008/11/09 08:31:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Uniblue
[2011/04/13 14:30:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/03/14 11:33:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/03/23 07:52:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2009/12/26 14:12:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2011/04/13 14:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/03/22 20:38:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/03/25 12:25:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/02/01 11:21:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Raize
[2010/07/02 12:59:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/01/01 12:54:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2011/04/04 00:36:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/22 21:01:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2008/11/12 07:05:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
[2009/03/13 21:50:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

Attached Files

OTL4.Txt 77.74KB 100 downloads

#14
Essexboy

Posted 13 April 2011 - 03:12 PM

GeekU Moderator

Retired Staff
69,964 posts

Thats OK they went that time

What problems do you have now ?

#15
griruco

Posted 13 April 2011 - 03:22 PM

Member

Topic Starter
Member
74 posts

I think that everything is working. If I come across anything, I will let you know after I use it a bit. Thank you very much for your time and expertise. It was truly amazing!
Best Wishes,
Gregg