[JoeDownes]

Hi guys,

Two weeks ago I hit a virus infected site. A program ran and told me my hard disk was corrupted and I need to buy some stuff to fix it. It hid all the files on the 'corrupted drives'. I ran mbam antimalware and the computer was almost back to normal.

Now my laptop shows the following symptoms, which might be related to the attack:
- some google search results are redirected, often to a site that shows a text box and asks me to verify my identity by typing in some code. The code never shows up, though. Sometimes I'm redirected to sites that are blocked by Firefox.
- One or two iexplore.exe processes keep reappearing in the task manager, while I never open internet explorer.
- A yellow triangle shows up from time to time in the tray. It shows no information when I hover above it and disappears when I click on it.
- The system browser gets reset to internet explorer when I restart.

I followed the routines on your site to remove the google redirect stuff and got stuck when TDSSkiller wouldn't run. I also tried a few other directions I found on similar forums, but didn't succeed. After following some instructions, the iexplore symptom was gone for a few days and the yellow triangle seems to behave less nasty and doesn't reappear immediatey.

Anyway it's my first infection, I tried some scanners and stuff and now I'm pretty much lost, so I decided to start a topic. Any help is appreciated.

Here's the OTM log:

OTL logfile created on: 6/11/2011 4:03:57 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = D:\^HEINER\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.58 Gb Available Physical Memory | 46.41% Memory free
2.98 Gb Paging File | 2.50 Gb Available in Paging File | 83.83% Paging File free
Paging file location(s): D:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.77 Gb Total Space | 0.56 Gb Free Space | 5.78% Space Free | Partition Type: NTFS
Drive D: | 18.11 Gb Total Space | 0.83 Gb Free Space | 4.60% Space Free | Partition Type: NTFS

Computer Name: AE8A865F7EC440A | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/11 16:03:46 | 000,580,096 | ---- | M] (OldTimer Tools) -- D:\^HEINER\Downloads\OTL.exe
PRC - [2011/06/11 15:37:05 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTM.exe
PRC - [2011/04/30 10:36:01 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/18 18:09:00 | 000,421,888 | ---- | M] (Igor Pavlov) -- C:\Program Files\7-Zip\7zFM.exe
PRC - [2010/11/03 01:09:42 | 001,862,456 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
PRC - [2010/09/12 20:32:22 | 001,413,120 | ---- | M] (Marek Jasinski - www.FreeCommander.com) -- C:\Program Files\FreeCommander\FreeCommander.exe
PRC - [2010/05/25 18:09:26 | 000,289,792 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe
PRC - [2010/05/04 16:05:16 | 000,192,512 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
PRC - [2008/04/14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/11 16:03:46 | 000,580,096 | ---- | M] (OldTimer Tools) -- D:\^HEINER\Downloads\OTL.exe
MOD - [2010/08/23 18:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/05/04 16:05:16 | 000,192,512 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe -- (MacDrive8Service)


========== Driver Services (SafeList) ==========

DRV - [2010/09/22 21:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010/05/18 11:07:04 | 000,232,040 | ---- | M] (Mediafour Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\MDFSYSNT.SYS -- (MDFSYSNT)
DRV - [2010/04/28 17:36:56 | 000,028,512 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\MDPMGRNT.SYS -- (MDPMGRNT)
DRV - [2010/02/25 19:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/02/22 16:49:12 | 000,027,232 | ---- | M] (ESI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\romio.sys -- (ROMIO) Service for RoMI/O Driver(WDM)
DRV - [2010/01/13 14:15:52 | 000,057,800 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CBDisk.sys -- (CBDisk)
DRV - [2007/09/25 16:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2006/03/24 13:48:20 | 000,030,728 | ---- | M] (Eugene Muzychenko) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM)
DRV - [2005/02/28 10:36:50 | 000,662,400 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Intel®
DRV - [2004/11/15 17:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 0C C8 58 C6 1E CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 10:36:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/30 02:48:47 | 000,000,000 | ---D | M]

[2011/03/17 01:48:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/03/17 01:48:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\MediaCoder
[2011/06/05 17:14:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions
[2011/02/12 11:58:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/05 17:14:47 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2011/02/10 16:56:57 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2011/03/16 21:58:15 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/05/17 14:01:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011/03/16 21:58:14 | 000,000,000 | ---D | M] (Element Hiding Helper for Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions\[email protected]
[2011/05/17 10:22:56 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions\staged(2)
[2011/05/17 14:01:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2011/05/19 14:40:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/21 02:09:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/05/19 14:40:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/04/30 10:36:01 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/06/23 13:34:24 | 002,156,280 | ---- | M] (Myriad Software.) -- C:\Program Files\Mozilla Firefox\plugins\NPMyrMus.dll
[2010/03/31 11:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\PDFNetC.dll
[2010/04/08 13:36:02 | 000,107,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/11 15:38:29 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [MacDrive 8 application] C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.54.35.25 192.168.123.254
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2010/11/21 00:55:58 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{945f1fd2-44ff-11e0-87e8-000f1fcf6c31}\Shell\AutoRun\command - "" = G:\tanja/todorovic.exe
O33 - MountPoints2\{945f1fd2-44ff-11e0-87e8-000f1fcf6c31}\Shell\Explore\command - "" = G:\tanja/todorovic.exe
O33 - MountPoints2\{945f1fd2-44ff-11e0-87e8-000f1fcf6c31}\Shell\Open\command - "" = G:\tanja/todorovic.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/11 15:59:27 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTM.exe
[2011/06/11 15:46:37 | 001,437,488 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2011/06/11 15:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\GooredFix Backups
[2011/06/11 15:44:51 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Administrator\Desktop\GooredFix.exe
[2011/06/11 15:31:23 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/06/11 15:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/06/11 14:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/11 13:34:01 | 000,000,000 | ---D | C] -- C:\Program Files\SumatraPDF
[2011/06/11 03:34:16 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/06/06 16:43:06 | 000,000,000 | ---D | C] -- C:\Program Files\OpenLibraries
[2011/06/06 16:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\jahPlayer
[2011/06/06 14:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\mp3DirectCut
[2011/06/03 14:14:30 | 000,000,000 | ---D | C] -- C:\Program Files\Lame For Audacity
[2011/06/01 14:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\vundo antimal
[2011/05/31 10:35:25 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2011/05/30 13:44:46 | 000,076,696 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2011/05/30 13:44:44 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx
[2011/05/30 13:44:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2011/05/30 13:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\Trojancheck 6
[2011/05/30 13:20:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trojancheck 6
[2011/05/30 12:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\HiJackThis
[2011/05/30 02:33:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
[2011/05/30 00:04:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/05/30 00:04:33 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/05/30 00:04:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/05/24 19:02:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GIMP
[2011/05/21 23:31:59 | 000,000,000 | ---D | C] -- C:\Program Files\PAP40
[2011/05/21 13:00:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
[2011/05/21 12:51:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.thumbnails
[2011/05/19 14:41:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/05/17 18:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\Vectorian Inc
[2011/05/17 14:44:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CreaToon 3.0
[2011/05/17 14:44:12 | 000,000,000 | ---D | C] -- C:\Program Files\ANDROME NV
[2011/05/17 13:39:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/05/17 12:58:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2011/05/14 21:09:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Octoshape
[2011/05/14 21:09:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Octoshape Streaming Services
[2011/05/14 21:09:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Octoshape
[1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/11 15:43:44 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Administrator\Desktop\GooredFix.exe
[2011/06/11 15:40:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/11 15:38:29 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/11 15:37:05 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTM.exe
[2011/06/11 14:45:31 | 000,002,839 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2011/06/11 13:27:24 | 000,002,144 | ---- | M] () -- C:\WINDOWS\tefview.ini
[2011/06/10 16:41:28 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/09 20:26:07 | 000,076,240 | ---- | M] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2011/06/07 17:32:48 | 001,437,488 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2011/06/07 16:44:19 | 000,004,192 | ---- | M] () -- D:\^HEINER\cc_20110607_164416.reg
[2011/06/06 18:49:59 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/04 10:52:17 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/06/04 10:49:05 | 000,208,896 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/03 13:59:32 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/31 10:00:10 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/30 13:44:46 | 000,076,696 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2011/05/30 13:44:38 | 000,000,024 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/05/30 13:24:12 | 000,002,490 | ---- | M] () -- D:\^HEINER\cc_20110530_132406.reg
[2011/05/30 02:41:58 | 000,000,509 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/05/24 12:56:06 | 000,001,022 | ---- | M] () -- D:\^HEINER\cc_20110524_125604.reg
[2011/05/24 12:53:01 | 000,000,608 | ---- | M] () -- D:\^HEINER\cc_20110524_125258.reg
[2011/05/24 12:52:36 | 000,004,178 | ---- | M] () -- D:\^HEINER\cc_20110524_125230.reg
[2011/05/21 23:34:14 | 000,000,016 | ---- | M] () -- C:\Documents and Settings\Administrator\timecheck.bin
[2011/05/18 13:11:40 | 000,007,280 | ---- | M] () -- C:\Documents and Settings\Administrator\~temp.jpg
[2011/05/17 13:05:05 | 000,000,392 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\16899876
[2011/05/17 13:02:39 | 000,000,136 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~16899876r
[2011/05/17 13:02:39 | 000,000,112 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~16899876
[1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/11 14:45:30 | 000,002,839 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2011/06/11 13:34:05 | 000,001,586 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\SumatraPDF.lnk
[2011/06/09 20:26:07 | 000,076,240 | ---- | C] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2011/06/07 16:44:18 | 000,004,192 | ---- | C] () -- D:\^HEINER\cc_20110607_164416.reg
[2011/05/31 10:00:10 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/31 10:00:10 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2011/05/30 13:44:38 | 000,000,024 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/05/30 13:24:09 | 000,002,490 | ---- | C] () -- D:\^HEINER\cc_20110530_132406.reg
[2011/05/30 02:41:58 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/30 02:41:58 | 000,000,509 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/05/24 12:56:05 | 000,001,022 | ---- | C] () -- D:\^HEINER\cc_20110524_125604.reg
[2011/05/24 12:53:00 | 000,000,608 | ---- | C] () -- D:\^HEINER\cc_20110524_125258.reg
[2011/05/24 12:52:33 | 000,004,178 | ---- | C] () -- D:\^HEINER\cc_20110524_125230.reg
[2011/05/21 23:34:14 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\Administrator\timecheck.bin
[2011/05/17 22:41:33 | 000,007,280 | ---- | C] () -- C:\Documents and Settings\Administrator\~temp.jpg
[2011/05/17 21:56:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/17 13:02:39 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~16899876r
[2011/05/17 13:02:39 | 000,000,112 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~16899876
[2011/05/17 13:02:17 | 000,000,392 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\16899876
[2011/04/20 16:13:09 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/04/17 19:38:32 | 000,117,760 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/15 03:39:00 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\cd.dat
[2011/02/14 08:04:56 | 000,000,122 | ---- | C] () -- C:\WINDOWS\msmmdx9.ini
[2011/01/29 20:25:24 | 000,000,107 | ---- | C] () -- C:\WINDOWS\MYOKENT.INI
[2011/01/24 19:35:30 | 000,000,724 | ---- | C] () -- C:\WINDOWS\wacam.ini
[2011/01/24 19:35:28 | 000,169,720 | ---- | C] () -- C:\WINDOWS\System32\MMPlugHostCtrl.dll
[2011/01/02 07:41:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\privatedata.dll
[2011/01/02 02:24:43 | 000,000,129 | ---- | C] () -- C:\WINDOWS\BeatBurner VSTi.INI
[2010/12/19 13:47:27 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/11/30 02:39:17 | 000,000,046 | -H-- | C] () -- C:\WINDOWS\System32\DonationCoder_urlsnooper_InstallInfo.dat
[2010/11/27 23:27:59 | 010,280,046 | ---- | C] () -- C:\Program Files\JAP.jar
[2010/11/21 04:51:07 | 000,002,144 | ---- | C] () -- C:\WINDOWS\tefview.ini
[2010/11/21 01:20:09 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2010/11/21 01:03:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/11/21 00:58:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/11/21 00:57:18 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2010/11/21 00:57:14 | 000,002,389 | -H-- | C] () -- C:\WINDOWS\mozver.dat
[2010/11/21 00:52:00 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/11/21 00:37:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/11/21 00:33:45 | 000,208,896 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/14 17:54:24 | 001,743,872 | ---- | C] () -- C:\WINDOWS\System32\libsndfile-1.dll
[2006/01/13 04:05:28 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/01/13 04:02:21 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/01/13 04:01:02 | 000,004,463 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/01/13 03:59:43 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/01/13 03:55:02 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2006/01/13 03:54:15 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\VCdControlTool.exe
[2006/01/13 03:52:59 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll
[2006/01/13 03:52:17 | 000,745,472 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/01/13 03:50:12 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/01/13 03:44:46 | 000,080,003 | -H-- | C] () -- C:\WINDOWS\System32\GSpot25.dat
[2006/01/13 03:44:08 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/01/13 03:40:44 | 001,163,264 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2006/01/13 03:40:28 | 001,040,384 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2006/01/13 03:39:44 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/01/13 03:39:43 | 000,067,714 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/01/13 03:39:41 | 000,432,924 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/01/13 03:39:41 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/01/13 03:39:33 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
[2006/01/13 03:38:40 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll
[2006/01/13 03:35:46 | 000,008,636 | ---- | C] () -- C:\WINDOWS\modifyPE.exe
[2006/01/13 03:33:47 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2006/01/13 03:33:47 | 000,000,609 | ---- | C] () -- C:\WINDOWS\System32\OEMinfo.ini
[2006/01/13 03:30:44 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\cmdow.exe
[2006/01/13 03:23:56 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/01/13 03:15:59 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/01/13 03:15:31 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\cabarc.exe
[2006/01/13 03:14:52 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat

========== LOP Check ==========

[2011/02/14 16:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ableton
[2011/06/05 13:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Audacity
[2011/04/30 20:38:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\avidemux
[2011/03/06 21:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Belastingdienst
[2011/03/17 01:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Broad Intelligence
[2011/02/12 02:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CDisplayEx
[2011/02/15 14:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Daichi
[2011/03/25 16:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FLV Extract
[2011/06/10 16:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\foobar2000
[2011/06/03 11:50:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
[2011/06/06 19:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HandBrake
[2011/02/15 14:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HybridReverb2
[2011/02/10 17:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InfraRecorder
[2011/02/11 15:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\inkscape
[2011/02/15 14:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\iZotope
[2011/05/14 21:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Octoshape
[2011/06/11 13:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SumatraPDF
[2011/05/21 15:55:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2011/02/24 01:51:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Voxengo
[2011/04/22 14:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Yamb
[2010/12/31 15:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2011/01/09 14:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Audio Damage
[2011/01/21 23:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Guitar and Bass
[2010/11/21 03:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mediafour
[2010/12/02 19:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/06/02 15:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2011/01/07 17:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Topten Software

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WUDFx.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WudfSvc.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WudfPlatform.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WudfHost.exe:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WUDFCoinstaller.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wpdsp.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WPDShServiceObj.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wpdshextres.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wpdshextautoplay.exe:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WpdShext.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wpdmtpus.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wpdmtp.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wpdconns.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wpd_ci.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMVXENCD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMVSENCD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMVSDECD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMVENCOD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmvdmoe2.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmvdmod.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMVDECOD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMVADVE.DLL:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMVADVD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMSPDMOE.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmsdmoe2.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmsdmod.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmpsrcwp.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmpshell.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmpps.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmpmde.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmploc.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmpencen.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmpasf.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmidx.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmerror.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmdrmsdk.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmdrmnet.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmdrmdev.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmdmps.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmdmlog.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMADMOE.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMADMOD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wdfmgr.exe:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wdfapi.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\uwdf.exe:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\qasf.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\PortableDeviceWMDRM.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\PortableDeviceWiaCompat.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\PortableDeviceTypes.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\PortableDeviceClassExtension.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\PortableDeviceApi.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\mswmdm.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\mspmsp.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\mspmsnsv.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\msnetobj.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\msdelta.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\MPG4DMOD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\MPG4DECD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\MP4SDMOD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\MP43DMOD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\MP43DECD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\MFPLAT.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\LAPRXY.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\l3codecp.acm:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\drmv2clt.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\drmupgds.exe:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\drivers\WudfRd.sys:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\drivers\WudfPf.sys:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\drivers\wpdusb.sys:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\drivers\vrtaucbl.sys:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\cewmdm.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\blackbox.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\asferror.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Program Files\Windows Media Player\WMPNetwk.exe:AFP_AfpInfo

< End of report >

[Advertisements]

Hi, JoeDownes! Welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:

• Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
• Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
• Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
• Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
• Please reply within 3 days to be fair to other people asking for help.
• When in doubt, please stop and ask first. There's no harm in asking questions!

Please follow the steps below:

Step 1

Download RogueKiller to your desktop

• Quit all running programs
• For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
• When prompted, type 1 and validate
• The RKreport.txt shall be generated next to the executable.
• If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

Step 2

• Please download aswMBR.exe to your desktop.
• Double click the aswMBR.exe to run it.
  
  
  
• Click the Scan button to start scan.
  
  
  
• On completion of the scan click Save log, save it to your desktop and post in your next reply.

Step 3

OTL Custom Scan

• Double click on the icon to run it.
• Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top, make sure Stadard output is selected.
• Select Scan all users
• Under the Extra Registry section, check Use SafeList
• Check the boxes beside LOP Check and Purity Check.
• Under the Custom Scans/Fixes box copy and paste this in:
  
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  %systemroot%\*. /mp /s
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  CREATERESTOREPOINT
  
• Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

When completed the above, please post back the following in the order asked for:

• contents of the RKreport.txt
• aswMBR log
• OTL scan log
• Extras log
  

[Render]

Hi, JoeDownes! Welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:

• Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
• Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
• Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
• Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
• Please reply within 3 days to be fair to other people asking for help.
• When in doubt, please stop and ask first. There's no harm in asking questions!

Please follow the steps below:

Step 1

Download RogueKiller to your desktop

• Quit all running programs
• For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
• When prompted, type 1 and validate
• The RKreport.txt shall be generated next to the executable.
• If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

Step 2

• Please download aswMBR.exe to your desktop.
• Double click the aswMBR.exe to run it.
  
  
  
• Click the Scan button to start scan.
  
  
  
• On completion of the scan click Save log, save it to your desktop and post in your next reply.

Step 3

OTL Custom Scan

• Double click on the icon to run it.
• Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top, make sure Stadard output is selected.
• Select Scan all users
• Under the Extra Registry section, check Use SafeList
• Check the boxes beside LOP Check and Purity Check.
• Under the Custom Scans/Fixes box copy and paste this in:
  
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  %systemroot%\*. /mp /s
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  CREATERESTOREPOINT
  
• Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

When completed the above, please post back the following in the order asked for:

• contents of the RKreport.txt
• aswMBR log
• OTL scan log
• Extras log
  

[JoeDownes]

Thank you for the fast reply.

RogueKiller:

RogueKiller V5.2.2 [06/05/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Administrator [Admin rights]
Mode: Scan -- Date : 06/11/2011 16:46:34

Bad processes: 1
[SUSP PATH] notepad.exe -- c:\windows\notepad.exe -> KILLED

Registry Entries: 2
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

HOSTS File:
ÿþ1

Finished : << RKreport[1].txt >>
RKreport[1].txt






aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-06-11 16:47:20
-----------------------------
16:47:20.869 OS Version: Windows 5.1.2600 Service Pack 3
16:47:20.869 Number of processors: 1 586 0xD06
16:47:20.869 ComputerName: AE8A865F7EC440A UserName: Administrator
16:47:21.450 Initialize success
16:47:23.172 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:47:23.172 Disk 0 Vendor: IC25N030ATMR04-0 MOAOAD0A Size: 28615MB BusType: 3
16:47:25.195 Disk 0 MBR read successfully
16:47:25.195 Disk 0 MBR scan
16:47:25.205 Disk 0 Windows XP default MBR code
16:47:27.208 Disk 0 scanning sectors +58589055
16:47:27.238 Disk 0 scanning C:\WINDOWS\system32\drivers
16:47:34.629 Service scanning
16:47:35.911 Disk 0 trace - called modules:
16:47:35.931 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8967c1ed]<<
16:47:35.941 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8974fab8]
16:47:35.941 3 CLASSPNP.SYS[f7667fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89787d98]
16:47:35.941 \Driver\atapi[0x896cdaa8] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x8967c1ed
16:47:35.951 Scan finished successfully
16:47:56.771 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
16:47:56.771 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"







OTL logfile created on: 6/11/2011 4:54:59 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 70.47% Memory free
2.98 Gb Paging File | 2.79 Gb Available in Paging File | 93.47% Paging File free
Paging file location(s): D:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.77 Gb Total Space | 0.55 Gb Free Space | 5.66% Space Free | Partition Type: NTFS
Drive D: | 18.11 Gb Total Space | 0.85 Gb Free Space | 4.68% Space Free | Partition Type: NTFS

Computer Name: AE8A865F7EC440A | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/11 16:03:46 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/05/25 18:09:26 | 000,289,792 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe
PRC - [2010/05/04 16:05:16 | 000,192,512 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
PRC - [2008/04/14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/11 16:03:46 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2010/08/23 18:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/05/04 16:05:16 | 000,192,512 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe -- (MacDrive8Service)


========== Driver Services (SafeList) ==========

DRV - [2010/09/22 21:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010/05/18 11:07:04 | 000,232,040 | ---- | M] (Mediafour Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\MDFSYSNT.SYS -- (MDFSYSNT)
DRV - [2010/04/28 17:36:56 | 000,028,512 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\MDPMGRNT.SYS -- (MDPMGRNT)
DRV - [2010/02/25 19:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/02/22 16:49:12 | 000,027,232 | ---- | M] (ESI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\romio.sys -- (ROMIO) Service for RoMI/O Driver(WDM)
DRV - [2010/01/13 14:15:52 | 000,057,800 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CBDisk.sys -- (CBDisk)
DRV - [2007/09/25 16:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2006/03/24 13:48:20 | 000,030,728 | ---- | M] (Eugene Muzychenko) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM)
DRV - [2005/02/28 10:36:50 | 000,662,400 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Intel®
DRV - [2004/11/15 17:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-790525478-1682526488-1343024091-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?rd=1
IE - HKU\S-1-5-21-790525478-1682526488-1343024091-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-790525478-1682526488-1343024091-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 0C C8 58 C6 1E CC 01 [binary data]
IE - HKU\S-1-5-21-790525478-1682526488-1343024091-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 10:36:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/30 02:48:47 | 000,000,000 | ---D | M]

[2011/03/17 01:48:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/03/17 01:48:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\MediaCoder
[2011/06/05 17:14:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions
[2011/02/12 11:58:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/05 17:14:47 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2011/02/10 16:56:57 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2011/03/16 21:58:15 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/05/17 14:01:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011/03/16 21:58:14 | 000,000,000 | ---D | M] (Element Hiding Helper for Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions\[email protected]
[2011/05/17 10:22:56 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions\staged(2)
[2011/05/17 14:01:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2011/05/19 14:40:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/21 02:09:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/05/19 14:40:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/04/30 10:36:01 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/06/23 13:34:24 | 002,156,280 | ---- | M] (Myriad Software.) -- C:\Program Files\Mozilla Firefox\plugins\NPMyrMus.dll
[2010/03/31 11:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\PDFNetC.dll
[2010/04/08 13:36:02 | 000,107,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/11 15:38:29 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [MacDrive 8 application] C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation)
O4 - HKU\S-1-5-19..\Run: [msnsc] File not found
O4 - HKU\S-1-5-20..\Run: [msnsc] File not found
O4 - HKU\S-1-5-21-790525478-1682526488-1343024091-500..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\.DEFAULT..\RunOnce: [nlsf] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [nlsf] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [nlsf] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [nlsf] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\bladieblub\Start Menu\Programs\Startup\Shortcut to FreeCommander.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\bladieblub\Start Menu\Programs\Startup\Shortcut to taskmgr.lnk.disabled ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-790525478-1682526488-1343024091-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-790525478-1682526488-1343024091-500\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-790525478-1682526488-1343024091-500\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-790525478-1682526488-1343024091-500\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-790525478-1682526488-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-790525478-1682526488-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKU\S-1-5-21-790525478-1682526488-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-790525478-1682526488-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.54.35.25 192.168.123.254
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2010/11/21 00:55:58 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{945f1fd2-44ff-11e0-87e8-000f1fcf6c31}\Shell\AutoRun\command - "" = G:\tanja/todorovic.exe
O33 - MountPoints2\{945f1fd2-44ff-11e0-87e8-000f1fcf6c31}\Shell\Explore\command - "" = G:\tanja/todorovic.exe
O33 - MountPoints2\{945f1fd2-44ff-11e0-87e8-000f1fcf6c31}\Shell\Open\command - "" = G:\tanja/todorovic.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/11 16:48:52 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/06/11 16:46:54 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2011/06/11 16:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\RK_Quarantine
[2011/06/11 15:59:27 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTM.exe
[2011/06/11 15:46:37 | 001,437,488 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2011/06/11 15:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\GooredFix Backups
[2011/06/11 15:44:51 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Administrator\Desktop\GooredFix.exe
[2011/06/11 15:31:23 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/06/11 15:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/06/11 14:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/11 13:34:01 | 000,000,000 | ---D | C] -- C:\Program Files\SumatraPDF
[2011/06/11 03:34:16 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/06/06 16:43:06 | 000,000,000 | ---D | C] -- C:\Program Files\OpenLibraries
[2011/06/06 16:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\jahPlayer
[2011/06/06 14:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\mp3DirectCut
[2011/06/03 14:14:30 | 000,000,000 | ---D | C] -- C:\Program Files\Lame For Audacity
[2011/06/01 14:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\vundo antimal
[2011/05/31 10:35:25 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2011/05/30 13:44:46 | 000,076,696 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2011/05/30 13:44:44 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx
[2011/05/30 13:44:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2011/05/30 13:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\Trojancheck 6
[2011/05/30 13:20:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trojancheck 6
[2011/05/30 12:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\HiJackThis
[2011/05/30 02:33:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
[2011/05/30 00:04:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/05/30 00:04:33 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/05/30 00:04:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/05/24 19:02:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GIMP
[2011/05/22 12:13:51 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/21 23:31:59 | 000,000,000 | ---D | C] -- C:\Program Files\PAP40
[2011/05/21 13:00:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
[2011/05/21 12:51:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.thumbnails
[2011/05/19 14:41:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/05/19 14:40:34 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/05/19 14:40:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/05/19 14:40:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/05/17 20:45:33 | 000,135,168 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2011/05/17 18:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\Vectorian Inc
[2011/05/17 14:44:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CreaToon 3.0
[2011/05/17 14:44:12 | 000,000,000 | ---D | C] -- C:\Program Files\ANDROME NV
[2011/05/17 14:39:09 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2011/05/17 13:39:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/05/17 12:58:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2011/05/14 21:09:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Octoshape
[2011/05/14 21:09:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Octoshape Streaming Services
[2011/05/14 21:09:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Octoshape
[1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/11 16:47:56 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/06/11 16:46:49 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2011/06/11 16:45:06 | 000,511,488 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe
[2011/06/11 16:03:46 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/06/11 15:43:44 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Administrator\Desktop\GooredFix.exe
[2011/06/11 15:40:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/11 15:38:29 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/11 15:37:05 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTM.exe
[2011/06/11 14:45:31 | 000,002,839 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2011/06/11 13:27:24 | 000,002,144 | ---- | M] () -- C:\WINDOWS\tefview.ini
[2011/06/11 03:36:07 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/10 16:41:28 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/09 20:26:07 | 000,076,240 | ---- | M] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2011/06/07 17:32:48 | 001,437,488 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2011/06/07 16:44:19 | 000,004,192 | ---- | M] () -- D:\^HEINER\cc_20110607_164416.reg
[2011/06/06 18:49:59 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/04 10:52:17 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/06/04 10:49:05 | 000,208,896 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/03 13:59:32 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/31 10:00:10 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/30 13:44:46 | 000,076,696 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2011/05/30 13:44:38 | 000,000,024 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/05/30 13:24:12 | 000,002,490 | ---- | M] () -- D:\^HEINER\cc_20110530_132406.reg
[2011/05/30 02:41:58 | 000,000,509 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/05/24 12:56:06 | 000,001,022 | ---- | M] () -- D:\^HEINER\cc_20110524_125604.reg
[2011/05/24 12:53:01 | 000,000,608 | ---- | M] () -- D:\^HEINER\cc_20110524_125258.reg
[2011/05/24 12:52:36 | 000,004,178 | ---- | M] () -- D:\^HEINER\cc_20110524_125230.reg
[2011/05/21 23:34:14 | 000,000,016 | ---- | M] () -- C:\Documents and Settings\Administrator\timecheck.bin
[2011/05/18 13:11:40 | 000,007,280 | ---- | M] () -- C:\Documents and Settings\Administrator\~temp.jpg
[2011/05/17 13:05:05 | 000,000,392 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\16899876
[2011/05/17 13:02:39 | 000,000,136 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~16899876r
[2011/05/17 13:02:39 | 000,000,112 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~16899876
[1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/11 16:47:56 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/06/11 16:45:11 | 000,511,488 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe
[2011/06/11 14:45:30 | 000,002,839 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2011/06/11 13:34:05 | 000,001,586 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\SumatraPDF.lnk
[2011/06/09 20:26:07 | 000,076,240 | ---- | C] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2011/06/07 16:44:18 | 000,004,192 | ---- | C] () -- D:\^HEINER\cc_20110607_164416.reg
[2011/05/31 10:00:10 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/31 10:00:10 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2011/05/30 13:44:38 | 000,000,024 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/05/30 13:24:09 | 000,002,490 | ---- | C] () -- D:\^HEINER\cc_20110530_132406.reg
[2011/05/30 02:41:58 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/30 02:41:58 | 000,000,509 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/05/24 12:56:05 | 000,001,022 | ---- | C] () -- D:\^HEINER\cc_20110524_125604.reg
[2011/05/24 12:53:00 | 000,000,608 | ---- | C] () -- D:\^HEINER\cc_20110524_125258.reg
[2011/05/24 12:52:33 | 000,004,178 | ---- | C] () -- D:\^HEINER\cc_20110524_125230.reg
[2011/05/21 23:34:14 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\Administrator\timecheck.bin
[2011/05/17 22:41:33 | 000,007,280 | ---- | C] () -- C:\Documents and Settings\Administrator\~temp.jpg
[2011/05/17 21:56:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/17 13:02:39 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~16899876r
[2011/05/17 13:02:39 | 000,000,112 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~16899876
[2011/05/17 13:02:17 | 000,000,392 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\16899876
[2011/04/20 16:13:09 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/04/17 19:38:32 | 000,117,760 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/15 03:39:00 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\cd.dat
[2011/02/14 08:04:56 | 000,000,122 | ---- | C] () -- C:\WINDOWS\msmmdx9.ini
[2011/01/29 20:25:24 | 000,000,107 | ---- | C] () -- C:\WINDOWS\MYOKENT.INI
[2011/01/24 19:35:30 | 000,000,724 | ---- | C] () -- C:\WINDOWS\wacam.ini
[2011/01/24 19:35:28 | 000,169,720 | ---- | C] () -- C:\WINDOWS\System32\MMPlugHostCtrl.dll
[2011/01/02 07:41:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\privatedata.dll
[2011/01/02 02:24:43 | 000,000,129 | ---- | C] () -- C:\WINDOWS\BeatBurner VSTi.INI
[2010/12/19 13:47:27 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/11/30 02:39:17 | 000,000,046 | -H-- | C] () -- C:\WINDOWS\System32\DonationCoder_urlsnooper_InstallInfo.dat
[2010/11/27 23:27:59 | 010,280,046 | ---- | C] () -- C:\Program Files\JAP.jar
[2010/11/21 04:51:07 | 000,002,144 | ---- | C] () -- C:\WINDOWS\tefview.ini
[2010/11/21 01:20:09 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2010/11/21 01:03:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/11/21 00:58:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/11/21 00:57:18 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2010/11/21 00:57:14 | 000,002,389 | -H-- | C] () -- C:\WINDOWS\mozver.dat
[2010/11/21 00:52:00 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/11/21 00:37:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/11/21 00:33:45 | 000,208,896 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/14 17:54:24 | 001,743,872 | ---- | C] () -- C:\WINDOWS\System32\libsndfile-1.dll
[2006/01/13 04:05:28 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/01/13 04:02:21 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/01/13 04:01:02 | 000,004,463 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/01/13 03:59:43 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/01/13 03:55:02 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2006/01/13 03:54:15 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\VCdControlTool.exe
[2006/01/13 03:52:59 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll
[2006/01/13 03:52:17 | 000,745,472 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/01/13 03:50:12 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/01/13 03:44:46 | 000,080,003 | -H-- | C] () -- C:\WINDOWS\System32\GSpot25.dat
[2006/01/13 03:44:08 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/01/13 03:40:44 | 001,163,264 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2006/01/13 03:40:28 | 001,040,384 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2006/01/13 03:39:44 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/01/13 03:39:43 | 000,067,714 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/01/13 03:39:41 | 000,432,924 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/01/13 03:39:41 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/01/13 03:39:33 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
[2006/01/13 03:38:40 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll
[2006/01/13 03:35:46 | 000,008,636 | ---- | C] () -- C:\WINDOWS\modifyPE.exe
[2006/01/13 03:33:47 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2006/01/13 03:33:47 | 000,000,609 | ---- | C] () -- C:\WINDOWS\System32\OEMinfo.ini
[2006/01/13 03:30:44 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\cmdow.exe
[2006/01/13 03:23:56 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/01/13 03:15:59 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/01/13 03:15:31 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\cabarc.exe
[2006/01/13 03:14:52 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat

========== LOP Check ==========

[2011/02/14 16:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ableton
[2011/06/05 13:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Audacity
[2011/04/30 20:38:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\avidemux
[2011/03/06 21:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Belastingdienst
[2011/03/17 01:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Broad Intelligence
[2011/02/12 02:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CDisplayEx
[2011/02/15 14:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Daichi
[2011/03/25 16:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FLV Extract
[2011/06/10 16:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\foobar2000
[2011/06/03 11:50:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
[2011/06/06 19:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HandBrake
[2011/02/15 14:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HybridReverb2
[2011/02/10 17:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InfraRecorder
[2011/02/11 15:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\inkscape
[2011/02/15 14:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\iZotope
[2011/05/14 21:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Octoshape
[2011/06/11 13:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SumatraPDF
[2011/05/21 15:55:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2011/02/24 01:51:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Voxengo
[2011/04/22 14:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Yamb
[2010/12/31 15:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2011/01/09 14:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Audio Damage
[2011/01/21 23:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Guitar and Bass
[2010/11/21 03:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mediafour
[2010/12/02 19:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/06/02 15:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2011/01/07 17:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Topten Software
[2010/12/31 15:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bladieblub\Application Data\Ableton
[2011/01/24 21:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bladieblub\Application Data\ACAMPREF
[2011/02/09 15:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bladieblub\Application Data\Audacity
[2011/02/08 19:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bladieblub\Application Data\AudioTuner
[2010/11/25 04:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bladieblub\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/12/19 13:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bladieblub\Application Data\CDisplayEx
[2011/01/02 16:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bladieblub\Application Data\Daichi
[2010/11/30 02:39:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bladieblub\Application Data\DonationCoder
[2011/01/17 15:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bladieblub\Application Data\foobar2000
[2010/12/31 20:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bladieblub\Application Data\gpdf2swf
[2011/02/05 16:33:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bladieblub\Application Data\gtk-2.0
[2011/01/15 02:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bladieblub\Application Data\HandBrake
[2011/01/07 17:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bladieblub\Application Data\HybridReverb2
[2011/01/23 03:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bladieblub\Application Data\InfraRecorder
[2010/11/21 12:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bladieblub\Application Data\inkscape
[2010/12/31 20:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bladieblub\Application Data\iZotope
[2010/12/02 19:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bladieblub\Application Data\NCH Swift Sound
[2011/01/30 22:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bladieblub\Application Data\PStill
[2011/01/02 07:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bladieblub\Application Data\Sonalksis
[2011/02/06 21:48:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bladieblub\Application Data\StreamTorrent
[2010/11/23 13:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bladieblub\Application Data\SumatraPDF
[2011/01/07 17:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bladieblub\Application Data\Topten Software
[2011/02/10 02:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bladieblub\Application Data\uTorrent

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006/01/13 03:46:46 | 001,075,200 | -H-- | M] (Microsoft Corporation) MD5=2DEACA71A7FD77205F59D48D76B2F565 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006/01/13 03:38:02 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/01/13 03:23:18 | 000,024,576 | -H-- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/01/13 04:01:00 | 000,502,272 | -H-- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/30 10:36:08 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/30 10:36:08 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/30 10:36:08 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/04/30 10:36:01 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/30 10:36:01 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/30 10:36:01 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 13:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 13:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 13:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 16:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 16:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/30 10:36:08 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/30 10:36:08 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/30 10:36:08 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/04/30 10:36:01 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/30 10:36:01 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/30 10:36:01 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 13:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 13:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 13:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 16:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 16:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WUDFx.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WudfSvc.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WudfPlatform.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WudfHost.exe:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WUDFCoinstaller.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wpdsp.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WPDShServiceObj.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wpdshextres.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wpdshextautoplay.exe:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WpdShext.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wpdmtpus.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wpdmtp.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wpdconns.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wpd_ci.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMVXENCD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMVSENCD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMVSDECD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMVENCOD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmvdmoe2.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmvdmod.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMVDECOD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMVADVE.DLL:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMVADVD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMSPDMOE.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmsdmoe2.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmsdmod.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmpsrcwp.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmpshell.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmpps.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmpmde.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmploc.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmpencen.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmpasf.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmidx.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmerror.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmdrmsdk.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmdrmnet.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmdrmdev.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmdmps.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmdmlog.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMADMOE.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMADMOD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wdfmgr.exe:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wdfapi.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\uwdf.exe:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\qasf.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\PortableDeviceWMDRM.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\PortableDeviceWiaCompat.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\PortableDeviceTypes.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\PortableDeviceClassExtension.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\PortableDeviceApi.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\mswmdm.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\mspmsp.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\mspmsnsv.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\msnetobj.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\msdelta.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\MPG4DMOD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\MPG4DECD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\MP4SDMOD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\MP43DMOD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\MP43DECD.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\MFPLAT.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\LAPRXY.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\l3codecp.acm:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\drmv2clt.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\drmupgds.exe:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\drivers\WudfRd.sys:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\drivers\WudfPf.sys:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\drivers\wpdusb.sys:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\drivers\vrtaucbl.sys:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\cewmdm.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\blackbox.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\asferror.dll:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Program Files\Windows Media Player\WMPNetwk.exe:AFP_AfpInfo

< End of report >










OTL Extras logfile created on: 6/11/2011 4:54:59 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 70.47% Memory free
2.98 Gb Paging File | 2.79 Gb Available in Paging File | 93.47% Paging File free
Paging file location(s): D:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.77 Gb Total Space | 0.55 Gb Free Space | 5.66% Space Free | Partition Type: NTFS
Drive D: | 18.11 Gb Total Space | 0.85 Gb Free Space | 4.68% Space Free | Partition Type: NTFS

Computer Name: AE8A865F7EC440A | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-790525478-1682526488-1343024091-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU networks)
"D:\TEMP\adchppd.exe" = D:\TEMP\adchppd.exe:*:Enabled:ADCH++
"C:\Program Files\DC++\DCPlusPlus.exe" = C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Disabled:Main program for Octoshape client -- (Octoshape ApS)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{10ABE49D-343A-463E-9753-C4C5A05ECEF9}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 24
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}" = msxml4
"{6774184C-2DB4-4B88-BDBE-4A8535F1693D}" = MacDrive 8
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9EBB34E3-C29E-49A8-A95F-C61F3108D37F}_is1" = HybridReverb2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{ABC52CF9-2D43-4278-A152-CB2CD3ED8FE9}" = MIDI-OX
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"2551-8692-3609-2406" = Impro-Visor 4.12
"7-Zip" = 7-Zip 9.20
"AcquaVox" = acustica AcquaVox
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ASIO4ALL" = ASIO4ALL
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Avidemux 2.5" = Avidemux 2.5
"CCleaner" = CCleaner
"CDisplayEx_is1" = CDisplayEx 1.8
"CreaToon 3.0" = CreaToon 3.0
"Defraggler" = Defraggler
"DjVuLibre+DjView" = DjVuLibre+DjView
"ERUNT_is1" = ERUNT 1.1j
"ESI - Romio MIDI Driver Setup" = ESI - Romio MIDI Driver
"ffdshow_is1" = ffdshow v1.1.3814 [2011-04-11]
"foobar2000" = foobar2000 v1.1.1
"FreeCommander_is1" = FreeCommander 2009.02b
"Frohmage VST2" = OhmForce Frohmage VST2
"GimpLqRPlugIn" = GIMP LqR Plug-In
"G'MIC for GIMP_is1" = G'MIC for GIMP version 1.4.9.3
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"GPStill" = PStill PostScript to PDF Converter (remove only)
"HandBrake" = HandBrake 0.9.5
"ie8" = Windows Internet Explorer 8
"InfraRecorder" = InfraRecorder
"Inkscape" = Inkscape 0.48.0
"iZotope Ozone 4_is1" = iZotope Ozone 4
"JDownloader" = JDownloader
"Kjaerhus Audio Spectra v1.10 VSTi" = Kjaerhus Audio Spectra v1.10 VSTi
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Live 8.2.1" = Live 8.2.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder" = MediaCoder 2011-RC3
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MKVtoolnix" = MKVtoolnix 4.7.0
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MultiFreekJunior" = MultiFreek Junior - Multichannel spectrum analyzer
"Ohmygod VST2" = OhmForce Ohmygod VST2
"OpenLibraries" = OpenLibraries
"PROSet" = Intel® PRO Network Connections Drivers
"PSP VintageWarmer 2.0.0" = PSP VintageWarmer 2.0.0
"PSP VintageWarmer2 2.3.1 32bit" = PSP VintageWarmer2 2.3.1 32bit
"QuicktimeAlt_is1" = QuickTime Alternative 1.67
"shortcircuit" = shortcircuit
"SopCast" = SopCast 3.2.9
"ST6UNST #1" = Tabwin43
"StreamTorrent 1.0" = StreamTorrent 1.0
"SumatraPDF" = SumatraPDF
"Symptohm PE VST2" = Ohm Force - Symptohm PE VST2
"TEFView_is1" = TEFView 2.69
"Trojancheck_is1" = Trojancheck 6
"TVUPlayer" = TVUPlayer 2.5.3.1
"UFRaw_is1" = UFRaw 0.18
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"Virtual Audio Cable 4.01" = Virtual Audio Cable 4.01
"virtualcreations 3LiT3 r3DuC3R >>1.2_is1" = virtualcreations 3LiT3 r3DuC3R >>1.2
"virtualcreations UltraPhazer_is1" = virtualcreations UltraPhazer 1.2
"VLC media player" = VLC media player 1.1.10
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.10
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YAMB" = YAMB
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-790525478-1682526488-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape Streaming Services" = Octoshape Streaming Services

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/16/2010 8:08:53 AM | Computer Name = AE8A865F7EC440A | Source = Application Error | ID = 1000
Description = Faulting application openvpnas.exe, version 0.0.0.0, faulting module
msvcrt.dll, version 7.0.2600.5512, fault address 0x00038a0b.

Error - 12/16/2010 8:09:07 AM | Computer Name = AE8A865F7EC440A | Source = Application Error | ID = 1000
Description = Faulting application openvpnas.exe, version 0.0.0.0, faulting module
msvcrt.dll, version 7.0.2600.5512, fault address 0x00038a0b.

Error - 12/16/2010 8:09:24 AM | Computer Name = AE8A865F7EC440A | Source = Application Error | ID = 1000
Description = Faulting application openvpnas.exe, version 0.0.0.0, faulting module
msvcrt.dll, version 7.0.2600.5512, fault address 0x00038a0b.

Error - 12/16/2010 8:24:16 AM | Computer Name = AE8A865F7EC440A | Source = Application Error | ID = 1000
Description = Faulting application openvpnas.exe, version 0.0.0.0, faulting module
msvcrt.dll, version 7.0.2600.5512, fault address 0x00038a0b.

Error - 12/16/2010 11:48:31 AM | Computer Name = AE8A865F7EC440A | Source = Application Error | ID = 1000
Description = Faulting application openvpnas.exe, version 0.0.0.0, faulting module
msvcrt.dll, version 7.0.2600.5512, fault address 0x00038a0b.

Error - 12/17/2010 1:57:05 PM | Computer Name = AE8A865F7EC440A | Source = Application Error | ID = 1000
Description = Faulting application openvpnas.exe, version 0.0.0.0, faulting module
msvcrt.dll, version 7.0.2600.5512, fault address 0x00038a0b.

Error - 1/6/2011 12:13:50 PM | Computer Name = AE8A865F7EC440A | Source = Application Error | ID = 1000
Description = Faulting application midilfo.exe, version 0.0.0.0, faulting module
midilfo.exe, version 0.0.0.0, fault address 0x0000c536.

Error - 1/6/2011 12:14:02 PM | Computer Name = AE8A865F7EC440A | Source = Application Error | ID = 1000
Description = Faulting application midilfo.exe, version 0.0.0.0, faulting module
midilfo.exe, version 0.0.0.0, fault address 0x0000c536.

Error - 1/14/2011 8:35:38 PM | Computer Name = AE8A865F7EC440A | Source = Application Error | ID = 1000
Description = Faulting application live 8.2.1.exe, version 1.0.0.1, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x000666c6.

Error - 1/22/2011 9:46:27 PM | Computer Name = AE8A865F7EC440A | Source = Application Error | ID = 1000
Description = Faulting application infrarecorder.exe, version 0.51.0.0, faulting
module , version 0.51.0.0, fault address 0x000a99cf.

[ System Events ]
Error - 6/9/2011 8:09:36 AM | Computer Name = AE8A865F7EC440A | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 6/9/2011 8:09:36 AM | Computer Name = AE8A865F7EC440A | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 6/9/2011 8:14:36 AM | Computer Name = AE8A865F7EC440A | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 6/9/2011 8:14:36 AM | Computer Name = AE8A865F7EC440A | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 6/9/2011 8:39:49 AM | Computer Name = AE8A865F7EC440A | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 6/9/2011 8:44:52 AM | Computer Name = AE8A865F7EC440A | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 6/9/2011 8:44:52 AM | Computer Name = AE8A865F7EC440A | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 6/9/2011 8:54:57 AM | Computer Name = AE8A865F7EC440A | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 6/9/2011 9:35:46 AM | Computer Name = AE8A865F7EC440A | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 6/9/2011 5:51:15 PM | Computer Name = AE8A865F7EC440A | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.


< End of report >

[Render]

• On your desktop should be a file MBR.dat.
• Right-click that file, point to Send To, and then click Compressed (zipped) Folder.
• A new compressed file is created.
• Please attach that file in your next reply.

How to add an attachment to a new topic or reply

[JoeDownes]

Thanks.  MBR.zip   580bytes   98 downloadsHere it comes.

[Render]

Please follow these steps:

Step 1

We need to run an OTL Fix

• Please right click on on your desktop and click on Run as administrator.
• Under the Custom Scans/Fixes box copy and paste this in:
  
  :OTL
  O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O33 - MountPoints2\{945f1fd2-44ff-11e0-87e8-000f1fcf6c31}\Shell\AutoRun\command - "" = G:\tanja/todorovic.exe
  O33 - MountPoints2\{945f1fd2-44ff-11e0-87e8-000f1fcf6c31}\Shell\Explore\command - "" = G:\tanja/todorovic.exe
  O33 - MountPoints2\{945f1fd2-44ff-11e0-87e8-000f1fcf6c31}\Shell\Open\command - "" = G:\tanja/todorovic.exe
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WUDFx.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WudfSvc.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WudfPlatform.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WudfHost.exe:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WUDFCoinstaller.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wpdsp.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WPDShServiceObj.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wpdshextres.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wpdshextautoplay.exe:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WpdShext.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wpdmtpus.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wpdmtp.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wpdconns.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wpd_ci.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMVXENCD.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMVSENCD.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMVSDECD.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMVENCOD.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmvdmoe2.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmvdmod.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMVDECOD.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMVADVE.DLL:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMVADVD.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMSPDMOE.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmsdmoe2.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmsdmod.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmpsrcwp.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmpshell.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmpps.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmpmde.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmploc.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmpencen.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmpasf.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmidx.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmerror.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmdrmsdk.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmdrmnet.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmdrmdev.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmdmps.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wmdmlog.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMADMOE.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\WMADMOD.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wdfmgr.exe:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\wdfapi.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\uwdf.exe:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\qasf.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\PortableDeviceWMDRM.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\PortableDeviceWiaCompat.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\PortableDeviceTypes.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\PortableDeviceClassExtension.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\PortableDeviceApi.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\mswmdm.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\mspmsp.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\mspmsnsv.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\msnetobj.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\msdelta.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\MPG4DMOD.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\MPG4DECD.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\MP4SDMOD.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\MP43DMOD.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\MP43DECD.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\MFPLAT.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\LAPRXY.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\l3codecp.acm:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\drmv2clt.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\drmupgds.exe:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\drivers\WudfRd.sys:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\drivers\WudfPf.sys:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\drivers\wpdusb.sys:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\drivers\vrtaucbl.sys:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\cewmdm.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\blackbox.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\WINDOWS\System32\asferror.dll:AFP_AfpInfo
  @Alternate Data Stream - 60 bytes -> C:\Program Files\Windows Media Player\WMPNetwk.exe:AFP_AfpInfo
  
  :Files
  ipconfig /flushdns /c
  
  :Reg
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [emptyflash]
  [createrestorepoint]
  [reboot]
  
• Click on button.
• OTL may ask to reboot the machine. Please do so if asked.
• Click on button.
• A report will open. Copy and Paste that report in your next reply.
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Step 2

Now try to run TDSSKiller once again:

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
  
  
  
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
  
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
  
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
  
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 3

OTL Custom Scan

• Double click on the icon to run it.
• Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top, make sure Stadard output is selected.
• Select Scan all users
• Check the boxes beside LOP Check and Purity Check.
• Under the Custom Scans/Fixes box copy and paste this in:
  
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  volsnap.*
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  %systemroot%\*. /mp /s
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  CREATERESTOREPOINT
  
• Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open OTL.Txt in Notepad window.
• Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

When completed the above, please post back the following in the order asked for:

• OTL fix log
• TDK log
• OTL scan log
  

[JoeDownes]

I followed the instructions in step 1 and TDSSKiller still won't open. What now?

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{945f1fd2-44ff-11e0-87e8-000f1fcf6c31}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{945f1fd2-44ff-11e0-87e8-000f1fcf6c31}\ not found.
File G:\tanja/todorovic.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{945f1fd2-44ff-11e0-87e8-000f1fcf6c31}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{945f1fd2-44ff-11e0-87e8-000f1fcf6c31}\ not found.
File G:\tanja/todorovic.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{945f1fd2-44ff-11e0-87e8-000f1fcf6c31}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{945f1fd2-44ff-11e0-87e8-000f1fcf6c31}\ not found.
File G:\tanja/todorovic.exe not found.
ADS C:\WINDOWS\System32\WUDFx.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\WudfSvc.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\WudfPlatform.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\WudfHost.exe:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\WUDFCoinstaller.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\wpdsp.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\WPDShServiceObj.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\wpdshextres.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\wpdshextautoplay.exe:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\WpdShext.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\wpdmtpus.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\wpdmtp.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\wpdconns.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\wpd_ci.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\WMVXENCD.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\WMVSENCD.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\WMVSDECD.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\WMVENCOD.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\wmvdmoe2.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\wmvdmod.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\WMVDECOD.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\WMVADVE.DLL:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\WMVADVD.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\WMSPDMOE.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\wmsdmoe2.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\wmsdmod.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\wmpsrcwp.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\wmpshell.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\wmpps.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\wmpmde.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\wmploc.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\wmpencen.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\wmpasf.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\wmidx.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\wmerror.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\wmdrmsdk.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\wmdrmnet.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\wmdrmdev.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\wmdmps.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\wmdmlog.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\WMADMOE.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\WMADMOD.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\wdfmgr.exe:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\wdfapi.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\uwdf.exe:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\qasf.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\PortableDeviceWMDRM.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\PortableDeviceWiaCompat.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\PortableDeviceTypes.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\PortableDeviceClassExtension.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\PortableDeviceApi.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\mswmdm.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\mspmsp.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\mspmsnsv.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\msnetobj.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\msdelta.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\MPG4DMOD.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\MPG4DECD.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\MP4SDMOD.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\MP43DMOD.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\MP43DECD.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\MFPLAT.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\LAPRXY.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\l3codecp.acm:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\drmv2clt.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\drmupgds.exe:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\drivers\WudfRd.sys:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\drivers\WudfPf.sys:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\drivers\wpdusb.sys:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\drivers\vrtaucbl.sys:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\cewmdm.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\blackbox.dll:AFP_AfpInfo deleted successfully.
ADS C:\WINDOWS\System32\asferror.dll:AFP_AfpInfo deleted successfully.
ADS C:\Program Files\Windows Media Player\WMPNetwk.exe:AFP_AfpInfo deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1406363 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 65180599 bytes
->Flash cache emptied: 846 bytes

User: All Users

User: bladieblub
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Yamb

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
Session Manager Temp folder emptied: 83456 bytes
Session Manager Tmp folder emptied: 116224 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 64.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: bladieblub
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

User: Yamb

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.23.0 log created on 06112011_192742

Files\Folders moved on Reboot...
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5O0D48R0\search[2].htm moved successfully.
File\Folder D:\TEMP\~DF51C2.tmp not found!
File\Folder D:\TEMP\~DF51C9.tmp not found!
File\Folder D:\TEMP\~DF5204.tmp not found!
File\Folder D:\TEMP\~DF520B.tmp not found!
File\Folder D:\TEMP\~DF5237.tmp not found!
File\Folder D:\TEMP\~DF523E.tmp not found!
File\Folder D:\TEMP\~DF3961.tmp not found!
File\Folder D:\TEMP\~DF4651.tmp not found!

Registry entries deleted on Reboot...

[Render]

Please proceed with step 3 from my previous reply.

[JoeDownes]

Thanks. That's what I guessed. Here it is:

OTL logfile created on: 6/11/2011 7:51:56 PM - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 74.14% Memory free
2.98 Gb Paging File | 2.83 Gb Available in Paging File | 94.84% Paging File free
Paging file location(s): D:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.77 Gb Total Space | 0.49 Gb Free Space | 5.01% Space Free | Partition Type: NTFS
Drive D: | 18.11 Gb Total Space | 0.85 Gb Free Space | 4.68% Space Free | Partition Type: NTFS

Computer Name: AE8A865F7EC440A | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/11 16:03:46 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/05/25 18:09:26 | 000,289,792 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe
PRC - [2010/05/04 16:05:16 | 000,192,512 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
PRC - [2008/04/14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/11 16:03:46 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2010/08/23 18:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/05/04 16:05:16 | 000,192,512 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe -- (MacDrive8Service)


========== Driver Services (SafeList) ==========

DRV - [2010/09/22 21:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010/05/18 11:07:04 | 000,232,040 | ---- | M] (Mediafour Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\MDFSYSNT.SYS -- (MDFSYSNT)
DRV - [2010/04/28 17:36:56 | 000,028,512 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\MDPMGRNT.SYS -- (MDPMGRNT)
DRV - [2010/02/25 19:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/02/22 16:49:12 | 000,027,232 | ---- | M] (ESI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\romio.sys -- (ROMIO) Service for RoMI/O Driver(WDM)
DRV - [2010/01/13 14:15:52 | 000,057,800 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CBDisk.sys -- (CBDisk)
DRV - [2007/09/25 16:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2006/03/24 13:48:20 | 000,030,728 | ---- | M] (Eugene Muzychenko) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM)
DRV - [2005/02/28 10:36:50 | 000,662,400 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Intel®
DRV - [2004/11/15 17:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 0C C8 58 C6 1E CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 10:36:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/30 02:48:47 | 000,000,000 | ---D | M]

[2011/03/17 01:48:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/03/17 01:48:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\MediaCoder
[2011/06/05 17:14:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions
[2011/02/12 11:58:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/05 17:14:47 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2011/02/10 16:56:57 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2011/03/16 21:58:15 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/05/17 14:01:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011/03/16 21:58:14 | 000,000,000 | ---D | M] (Element Hiding Helper for Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions\[email protected]
[2011/05/17 10:22:56 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions\staged(2)
[2011/05/17 14:01:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2011/05/19 14:40:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/21 02:09:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/05/19 14:40:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/04/30 10:36:01 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/06/23 13:34:24 | 002,156,280 | ---- | M] (Myriad Software.) -- C:\Program Files\Mozilla Firefox\plugins\NPMyrMus.dll
[2010/03/31 11:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\PDFNetC.dll
[2010/04/08 13:36:02 | 000,107,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/11 19:27:58 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [MacDrive 8 application] C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.54.35.25 192.168.123.254
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2010/11/21 00:55:58 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/11 19:27:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/11 16:48:52 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/06/11 16:46:54 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2011/06/11 16:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\RK_Quarantine
[2011/06/11 15:59:27 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTM.exe
[2011/06/11 15:46:37 | 001,437,488 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2011/06/11 15:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\GooredFix Backups
[2011/06/11 15:44:51 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Administrator\Desktop\GooredFix.exe
[2011/06/11 15:31:23 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/06/11 15:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/06/11 14:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/11 13:34:01 | 000,000,000 | ---D | C] -- C:\Program Files\SumatraPDF
[2011/06/11 03:34:16 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/06/06 16:43:06 | 000,000,000 | ---D | C] -- C:\Program Files\OpenLibraries
[2011/06/06 16:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\jahPlayer
[2011/06/06 14:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\mp3DirectCut
[2011/06/03 14:14:30 | 000,000,000 | ---D | C] -- C:\Program Files\Lame For Audacity
[2011/06/01 14:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\vundo antimal
[2011/05/31 10:35:25 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2011/05/30 13:44:46 | 000,076,696 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2011/05/30 13:44:44 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx
[2011/05/30 13:44:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2011/05/30 13:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\Trojancheck 6
[2011/05/30 13:20:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trojancheck 6
[2011/05/30 12:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\HiJackThis
[2011/05/30 02:33:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
[2011/05/30 00:04:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/05/30 00:04:33 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/05/30 00:04:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/05/24 19:02:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GIMP
[2011/05/22 12:13:51 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/21 23:31:59 | 000,000,000 | ---D | C] -- C:\Program Files\PAP40
[2011/05/21 13:00:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
[2011/05/21 12:51:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.thumbnails
[2011/05/19 14:41:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/05/19 14:40:34 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/05/19 14:40:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/05/19 14:40:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/05/17 20:45:33 | 000,135,168 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2011/05/17 18:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\Vectorian Inc
[2011/05/17 14:44:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CreaToon 3.0
[2011/05/17 14:44:12 | 000,000,000 | ---D | C] -- C:\Program Files\ANDROME NV
[2011/05/17 14:39:09 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2011/05/17 13:39:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/05/17 12:58:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2011/05/14 21:09:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Octoshape
[2011/05/14 21:09:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Octoshape Streaming Services
[2011/05/14 21:09:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Octoshape
[1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/11 19:35:15 | 001,305,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.zip
[2011/06/11 19:29:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/11 19:29:29 | 000,208,896 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/11 19:27:58 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/11 19:19:58 | 000,002,140 | ---- | M] () -- C:\WINDOWS\tefview.ini
[2011/06/11 18:20:28 | 000,000,580 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.zip
[2011/06/11 16:47:56 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/06/11 16:46:49 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2011/06/11 16:45:06 | 000,511,488 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe
[2011/06/11 16:03:46 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/06/11 15:43:44 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Administrator\Desktop\GooredFix.exe
[2011/06/11 15:37:05 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTM.exe
[2011/06/11 14:45:31 | 000,002,839 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2011/06/11 03:36:07 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/10 16:41:28 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/09 20:26:07 | 000,076,240 | ---- | M] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2011/06/07 17:32:48 | 001,437,488 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2011/06/07 16:44:19 | 000,004,192 | ---- | M] () -- D:\^HEINER\cc_20110607_164416.reg
[2011/06/06 18:49:59 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/04 10:52:17 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/06/03 13:59:32 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/31 10:00:10 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/30 13:44:46 | 000,076,696 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2011/05/30 13:44:38 | 000,000,024 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/05/30 13:24:12 | 000,002,490 | ---- | M] () -- D:\^HEINER\cc_20110530_132406.reg
[2011/05/30 02:41:58 | 000,000,509 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/05/24 12:56:06 | 000,001,022 | ---- | M] () -- D:\^HEINER\cc_20110524_125604.reg
[2011/05/24 12:53:01 | 000,000,608 | ---- | M] () -- D:\^HEINER\cc_20110524_125258.reg
[2011/05/24 12:52:36 | 000,004,178 | ---- | M] () -- D:\^HEINER\cc_20110524_125230.reg
[2011/05/21 23:34:14 | 000,000,016 | ---- | M] () -- C:\Documents and Settings\Administrator\timecheck.bin
[2011/05/18 13:11:40 | 000,007,280 | ---- | M] () -- C:\Documents and Settings\Administrator\~temp.jpg
[2011/05/17 13:05:05 | 000,000,392 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\16899876
[2011/05/17 13:02:39 | 000,000,136 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~16899876r
[2011/05/17 13:02:39 | 000,000,112 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~16899876
[1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/11 19:35:49 | 001,305,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.zip
[2011/06/11 18:20:28 | 000,000,580 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.zip
[2011/06/11 16:47:56 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/06/11 16:45:11 | 000,511,488 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe
[2011/06/11 14:45:30 | 000,002,839 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2011/06/11 13:34:05 | 000,001,586 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\SumatraPDF.lnk
[2011/06/09 20:26:07 | 000,076,240 | ---- | C] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2011/06/07 16:44:18 | 000,004,192 | ---- | C] () -- D:\^HEINER\cc_20110607_164416.reg
[2011/05/31 10:00:10 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/31 10:00:10 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2011/05/30 13:44:38 | 000,000,024 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/05/30 13:24:09 | 000,002,490 | ---- | C] () -- D:\^HEINER\cc_20110530_132406.reg
[2011/05/30 02:41:58 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/30 02:41:58 | 000,000,509 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/05/24 12:56:05 | 000,001,022 | ---- | C] () -- D:\^HEINER\cc_20110524_125604.reg
[2011/05/24 12:53:00 | 000,000,608 | ---- | C] () -- D:\^HEINER\cc_20110524_125258.reg
[2011/05/24 12:52:33 | 000,004,178 | ---- | C] () -- D:\^HEINER\cc_20110524_125230.reg
[2011/05/21 23:34:14 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\Administrator\timecheck.bin
[2011/05/17 22:41:33 | 000,007,280 | ---- | C] () -- C:\Documents and Settings\Administrator\~temp.jpg
[2011/05/17 21:56:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/17 13:02:39 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~16899876r
[2011/05/17 13:02:39 | 000,000,112 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~16899876
[2011/05/17 13:02:17 | 000,000,392 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\16899876
[2011/04/20 16:13:09 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/04/17 19:38:32 | 000,117,760 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/15 03:39:00 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\cd.dat
[2011/02/14 08:04:56 | 000,000,122 | ---- | C] () -- C:\WINDOWS\msmmdx9.ini
[2011/01/29 20:25:24 | 000,000,107 | ---- | C] () -- C:\WINDOWS\MYOKENT.INI
[2011/01/24 19:35:30 | 000,000,724 | ---- | C] () -- C:\WINDOWS\wacam.ini
[2011/01/24 19:35:28 | 000,169,720 | ---- | C] () -- C:\WINDOWS\System32\MMPlugHostCtrl.dll
[2011/01/02 07:41:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\privatedata.dll
[2011/01/02 02:24:43 | 000,000,129 | ---- | C] () -- C:\WINDOWS\BeatBurner VSTi.INI
[2010/12/19 13:47:27 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/11/30 02:39:17 | 000,000,046 | -H-- | C] () -- C:\WINDOWS\System32\DonationCoder_urlsnooper_InstallInfo.dat
[2010/11/27 23:27:59 | 010,280,046 | ---- | C] () -- C:\Program Files\JAP.jar
[2010/11/21 04:51:07 | 000,002,140 | ---- | C] () -- C:\WINDOWS\tefview.ini
[2010/11/21 01:20:09 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2010/11/21 01:03:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/11/21 00:58:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/11/21 00:57:18 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2010/11/21 00:57:14 | 000,002,389 | -H-- | C] () -- C:\WINDOWS\mozver.dat
[2010/11/21 00:52:00 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/11/21 00:37:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/11/21 00:33:45 | 000,208,896 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/14 17:54:24 | 001,743,872 | ---- | C] () -- C:\WINDOWS\System32\libsndfile-1.dll
[2006/01/13 04:05:28 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/01/13 04:02:21 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/01/13 04:01:02 | 000,004,463 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/01/13 03:59:43 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/01/13 03:55:02 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2006/01/13 03:54:15 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\VCdControlTool.exe
[2006/01/13 03:52:59 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll
[2006/01/13 03:52:17 | 000,745,472 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/01/13 03:50:12 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/01/13 03:44:46 | 000,080,003 | -H-- | C] () -- C:\WINDOWS\System32\GSpot25.dat
[2006/01/13 03:44:08 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/01/13 03:40:44 | 001,163,264 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2006/01/13 03:40:28 | 001,040,384 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2006/01/13 03:39:44 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/01/13 03:39:43 | 000,067,714 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/01/13 03:39:41 | 000,432,924 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/01/13 03:39:41 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/01/13 03:39:33 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
[2006/01/13 03:38:40 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll
[2006/01/13 03:35:46 | 000,008,636 | ---- | C] () -- C:\WINDOWS\modifyPE.exe
[2006/01/13 03:33:47 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2006/01/13 03:33:47 | 000,000,609 | ---- | C] () -- C:\WINDOWS\System32\OEMinfo.ini
[2006/01/13 03:30:44 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\cmdow.exe
[2006/01/13 03:23:56 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/01/13 03:15:59 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/01/13 03:15:31 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\cabarc.exe
[2006/01/13 03:14:52 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006/01/13 03:46:46 | 001,075,200 | -H-- | M] (Microsoft Corporation) MD5=2DEACA71A7FD77205F59D48D76B2F565 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006/01/13 03:38:02 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/01/13 03:23:18 | 000,024,576 | -H-- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VOLSNAP.INF >
[2006/01/13 03:57:32 | 000,001,095 | ---- | M] () MD5=1C43F4D998567C9D2463E18669F33A3C -- C:\WINDOWS\inf\volsnap.inf

< MD5 for: VOLSNAP.PNF >
[2011/01/29 20:34:16 | 000,004,964 | ---- | M] () MD5=E00670590E3DF5EEDCB5C4E6A8ECBF39 -- C:\WINDOWS\inf\volsnap.PNF

< MD5 for: VOLSNAP.SYS >
[2008/04/13 20:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2006/01/13 03:57:32 | 000,052,352 | -H-- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys
[2008/04/13 20:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2006/01/13 04:01:00 | 000,502,272 | -H-- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/30 10:36:08 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/30 10:36:08 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/30 10:36:08 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/04/30 10:36:01 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/30 10:36:01 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/30 10:36:01 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 13:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 13:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 13:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 16:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 16:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/30 10:36:08 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/30 10:36:08 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/30 10:36:08 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/04/30 10:36:01 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/30 10:36:01 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/30 10:36:01 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 13:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 13:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 13:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 16:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 16:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< End of report >

[Render]

Please tell me if you have your original Windows XP CD/DVD available.

[JoeDownes]

No. Do I need to reinstall xp? Set the laptop on fire? Thanks.

Edited by JoeDownes, 11 June 2011 - 12:30 PM.

[Render]

No. We have to replace some system file. You will need some blank CD-R for this.

Please follow the steps below:

Step 1

Please download ARCDC from Artellos.com to your desktop.

• Double click ARCDC.exe
• Follow the dialog until you see 6 options. Please pick: Windows Professional SP2 & SP3
• You will be prompted with a Terms of Use by Microsoft, please accept.
• You will see a few dos screens flash by, this is normal.
• Next you will be able to choose to add extra files. Select the Default Files.
• The last window will allow you to burn the disk using BurnCDCC

Note; Click on the Burn button before inserting a disk.

Once the disk is burned boot the system from that CD just as you would with a Windows XP disk.
At the Welcome to Setup screen, press R to enter the Recovery Console.
Choose the installation to be repaired by number (usually 1) and press Enter.
When you are asked for the Administrator password, enter the password or leave it blank (default) and press Enter.

At the C:\Windows> prompt, type the following commands pressing Enter after each one. Note: Watch the spaces.

cd system32\drivers
ren volsnap.sys volsnap.old
copy C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
exit

Now take out the CD and reboot your computer to normal mode.

Step 2

OTL Custom Scan

• Double click on the icon to run it.
• Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top, make sure Stadard output is selected.
• Select Scan all users
• Check the boxes beside LOP Check and Purity Check.
• Under the Custom Scans/Fixes box copy and paste this in:
  
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  volsnap.*
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  %systemroot%\*. /mp /s
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  CREATERESTOREPOINT
  
  
• Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open OTL.Txt in Notepad window.
• Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

[JoeDownes]

All went as expected, no problem. Here's the new log.

OTL logfile created on: 6/11/2011 9:18:23 PM - Run 4
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.73 Gb Available Physical Memory | 58.10% Memory free
2.98 Gb Paging File | 2.64 Gb Available in Paging File | 88.56% Paging File free
Paging file location(s): D:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.77 Gb Total Space | 0.51 Gb Free Space | 5.27% Space Free | Partition Type: NTFS
Drive D: | 18.11 Gb Total Space | 0.83 Gb Free Space | 4.60% Space Free | Partition Type: NTFS
Drive E: | 7.89 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: AE8A865F7EC440A | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/11 16:03:46 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2011/04/30 10:36:01 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/05/25 18:09:26 | 000,289,792 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe
PRC - [2010/05/04 16:05:16 | 000,192,512 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/11 16:03:46 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2010/08/23 18:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/05/04 16:05:16 | 000,192,512 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe -- (MacDrive8Service)


========== Driver Services (SafeList) ==========

DRV - [2010/09/22 21:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010/05/18 11:07:04 | 000,232,040 | ---- | M] (Mediafour Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\MDFSYSNT.SYS -- (MDFSYSNT)
DRV - [2010/04/28 17:36:56 | 000,028,512 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\MDPMGRNT.SYS -- (MDPMGRNT)
DRV - [2010/02/25 19:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/02/22 16:49:12 | 000,027,232 | ---- | M] (ESI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\romio.sys -- (ROMIO) Service for RoMI/O Driver(WDM)
DRV - [2010/01/13 14:15:52 | 000,057,800 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CBDisk.sys -- (CBDisk)
DRV - [2008/04/13 20:41:01 | 000,052,352 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\volsnap.old -- (VolSnap)
DRV - [2007/09/25 16:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2006/03/24 13:48:20 | 000,030,728 | ---- | M] (Eugene Muzychenko) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM)
DRV - [2005/02/28 10:36:50 | 000,662,400 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Intel®
DRV - [2004/11/15 17:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 0C C8 58 C6 1E CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 10:36:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/30 02:48:47 | 000,000,000 | ---D | M]

[2011/03/17 01:48:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/03/17 01:48:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\MediaCoder
[2011/06/05 17:14:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions
[2011/02/12 11:58:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/05 17:14:47 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2011/02/10 16:56:57 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2011/03/16 21:58:15 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/05/17 14:01:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011/03/16 21:58:14 | 000,000,000 | ---D | M] (Element Hiding Helper for Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions\[email protected]
[2011/05/17 10:22:56 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions\staged(2)
[2011/05/17 14:01:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dvo8q6ze.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2011/05/19 14:40:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/21 02:09:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/05/19 14:40:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/04/30 10:36:01 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/06/23 13:34:24 | 002,156,280 | ---- | M] (Myriad Software.) -- C:\Program Files\Mozilla Firefox\plugins\NPMyrMus.dll
[2010/03/31 11:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\PDFNetC.dll
[2010/04/08 13:36:02 | 000,107,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/11 19:27:58 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [MacDrive 8 application] C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.54.35.25 192.168.123.254
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2010/11/21 00:55:58 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/11 21:11:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/06/11 19:27:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/11 16:48:52 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/06/11 16:46:54 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2011/06/11 16:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\RK_Quarantine
[2011/06/11 15:59:27 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTM.exe
[2011/06/11 15:46:37 | 001,437,488 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2011/06/11 15:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\GooredFix Backups
[2011/06/11 15:44:51 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Administrator\Desktop\GooredFix.exe
[2011/06/11 15:31:23 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/06/11 15:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/06/11 14:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/11 13:34:01 | 000,000,000 | ---D | C] -- C:\Program Files\SumatraPDF
[2011/06/06 16:43:06 | 000,000,000 | ---D | C] -- C:\Program Files\OpenLibraries
[2011/06/06 16:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\jahPlayer
[2011/06/06 14:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\mp3DirectCut
[2011/06/03 14:14:30 | 000,000,000 | ---D | C] -- C:\Program Files\Lame For Audacity
[2011/06/01 14:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\vundo antimal
[2011/05/31 10:35:25 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2011/05/30 13:44:46 | 000,076,696 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2011/05/30 13:44:44 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx
[2011/05/30 13:44:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2011/05/30 13:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\Trojancheck 6
[2011/05/30 13:20:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trojancheck 6
[2011/05/30 12:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\HiJackThis
[2011/05/30 02:33:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
[2011/05/30 00:04:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/05/30 00:04:33 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/05/30 00:04:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/05/24 19:02:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GIMP
[2011/05/22 12:13:51 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/21 23:31:59 | 000,000,000 | ---D | C] -- C:\Program Files\PAP40
[2011/05/21 13:00:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
[2011/05/21 12:51:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.thumbnails
[2011/05/19 14:41:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/05/19 14:40:34 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/05/19 14:40:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/05/19 14:40:34 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/05/17 20:45:33 | 000,135,168 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2011/05/17 18:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\Vectorian Inc
[2011/05/17 14:44:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CreaToon 3.0
[2011/05/17 14:44:12 | 000,000,000 | ---D | C] -- C:\Program Files\ANDROME NV
[2011/05/17 14:39:09 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2011/05/17 13:39:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/05/17 12:58:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2011/05/14 21:09:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Octoshape
[2011/05/14 21:09:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Octoshape Streaming Services
[2011/05/14 21:09:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Octoshape
[1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/11 21:15:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/11 21:03:40 | 000,002,146 | ---- | M] () -- C:\WINDOWS\tefview.ini
[2011/06/11 20:55:24 | 008,273,920 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\XPRC.iso
[2011/06/11 20:52:01 | 003,219,648 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ARCDC.exe
[2011/06/11 19:35:15 | 001,305,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.zip
[2011/06/11 19:29:29 | 000,208,896 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/11 19:27:58 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/11 18:20:28 | 000,000,580 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.zip
[2011/06/11 16:47:56 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/06/11 16:46:49 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2011/06/11 16:45:06 | 000,511,488 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe
[2011/06/11 16:03:46 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/06/11 15:43:44 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Administrator\Desktop\GooredFix.exe
[2011/06/11 15:37:05 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTM.exe
[2011/06/11 14:45:31 | 000,002,839 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2011/06/11 03:36:07 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/10 16:41:28 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/09 20:26:07 | 000,076,240 | ---- | M] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2011/06/07 17:32:48 | 001,437,488 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2011/06/07 16:44:19 | 000,004,192 | ---- | M] () -- D:\^HEINER\cc_20110607_164416.reg
[2011/06/06 18:49:59 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/04 10:52:17 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/06/03 13:59:32 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/31 10:00:10 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/30 13:44:46 | 000,076,696 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2011/05/30 13:44:38 | 000,000,024 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/05/30 13:24:12 | 000,002,490 | ---- | M] () -- D:\^HEINER\cc_20110530_132406.reg
[2011/05/30 02:41:58 | 000,000,509 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/05/24 12:56:06 | 000,001,022 | ---- | M] () -- D:\^HEINER\cc_20110524_125604.reg
[2011/05/24 12:53:01 | 000,000,608 | ---- | M] () -- D:\^HEINER\cc_20110524_125258.reg
[2011/05/24 12:52:36 | 000,004,178 | ---- | M] () -- D:\^HEINER\cc_20110524_125230.reg
[2011/05/21 23:34:14 | 000,000,016 | ---- | M] () -- C:\Documents and Settings\Administrator\timecheck.bin
[2011/05/18 13:11:40 | 000,007,280 | ---- | M] () -- C:\Documents and Settings\Administrator\~temp.jpg
[2011/05/17 13:05:05 | 000,000,392 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\16899876
[2011/05/17 13:02:39 | 000,000,136 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~16899876r
[2011/05/17 13:02:39 | 000,000,112 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~16899876
[1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/11 20:55:24 | 008,273,920 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\XPRC.iso
[2011/06/11 20:51:52 | 003,219,648 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ARCDC.exe
[2011/06/11 19:35:49 | 001,305,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.zip
[2011/06/11 18:20:28 | 000,000,580 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.zip
[2011/06/11 16:47:56 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/06/11 16:45:11 | 000,511,488 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe
[2011/06/11 14:45:30 | 000,002,839 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2011/06/11 13:34:05 | 000,001,586 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\SumatraPDF.lnk
[2011/06/09 20:26:07 | 000,076,240 | ---- | C] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2011/06/07 16:44:18 | 000,004,192 | ---- | C] () -- D:\^HEINER\cc_20110607_164416.reg
[2011/05/31 10:00:10 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/31 10:00:10 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2011/05/30 13:44:38 | 000,000,024 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/05/30 13:24:09 | 000,002,490 | ---- | C] () -- D:\^HEINER\cc_20110530_132406.reg
[2011/05/30 02:41:58 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/30 02:41:58 | 000,000,509 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/05/24 12:56:05 | 000,001,022 | ---- | C] () -- D:\^HEINER\cc_20110524_125604.reg
[2011/05/24 12:53:00 | 000,000,608 | ---- | C] () -- D:\^HEINER\cc_20110524_125258.reg
[2011/05/24 12:52:33 | 000,004,178 | ---- | C] () -- D:\^HEINER\cc_20110524_125230.reg
[2011/05/21 23:34:14 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\Administrator\timecheck.bin
[2011/05/17 22:41:33 | 000,007,280 | ---- | C] () -- C:\Documents and Settings\Administrator\~temp.jpg
[2011/05/17 21:56:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/17 13:02:39 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~16899876r
[2011/05/17 13:02:39 | 000,000,112 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~16899876
[2011/05/17 13:02:17 | 000,000,392 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\16899876
[2011/04/20 16:13:09 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/04/17 19:38:32 | 000,117,760 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/15 03:39:00 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\cd.dat
[2011/02/14 08:04:56 | 000,000,122 | ---- | C] () -- C:\WINDOWS\msmmdx9.ini
[2011/01/29 20:25:24 | 000,000,107 | ---- | C] () -- C:\WINDOWS\MYOKENT.INI
[2011/01/24 19:35:30 | 000,000,724 | ---- | C] () -- C:\WINDOWS\wacam.ini
[2011/01/24 19:35:28 | 000,169,720 | ---- | C] () -- C:\WINDOWS\System32\MMPlugHostCtrl.dll
[2011/01/02 07:41:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\privatedata.dll
[2011/01/02 02:24:43 | 000,000,129 | ---- | C] () -- C:\WINDOWS\BeatBurner VSTi.INI
[2010/12/19 13:47:27 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/11/30 02:39:17 | 000,000,046 | -H-- | C] () -- C:\WINDOWS\System32\DonationCoder_urlsnooper_InstallInfo.dat
[2010/11/27 23:27:59 | 010,280,046 | ---- | C] () -- C:\Program Files\JAP.jar
[2010/11/21 04:51:07 | 000,002,146 | ---- | C] () -- C:\WINDOWS\tefview.ini
[2010/11/21 01:20:09 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2010/11/21 01:03:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/11/21 00:58:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/11/21 00:57:18 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2010/11/21 00:57:14 | 000,002,389 | -H-- | C] () -- C:\WINDOWS\mozver.dat
[2010/11/21 00:52:00 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/11/21 00:37:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/11/21 00:33:45 | 000,208,896 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/14 17:54:24 | 001,743,872 | ---- | C] () -- C:\WINDOWS\System32\libsndfile-1.dll
[2006/01/13 04:05:28 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/01/13 04:02:21 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/01/13 04:01:02 | 000,004,463 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/01/13 03:59:43 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/01/13 03:55:02 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2006/01/13 03:54:15 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\VCdControlTool.exe
[2006/01/13 03:52:59 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll
[2006/01/13 03:52:17 | 000,745,472 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/01/13 03:50:12 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/01/13 03:44:46 | 000,080,003 | -H-- | C] () -- C:\WINDOWS\System32\GSpot25.dat
[2006/01/13 03:44:08 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/01/13 03:40:44 | 001,163,264 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2006/01/13 03:40:28 | 001,040,384 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2006/01/13 03:39:44 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/01/13 03:39:43 | 000,067,714 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/01/13 03:39:41 | 000,432,924 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/01/13 03:39:41 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/01/13 03:39:33 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
[2006/01/13 03:38:40 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll
[2006/01/13 03:35:46 | 000,008,636 | ---- | C] () -- C:\WINDOWS\modifyPE.exe
[2006/01/13 03:33:47 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2006/01/13 03:33:47 | 000,000,609 | ---- | C] () -- C:\WINDOWS\System32\OEMinfo.ini
[2006/01/13 03:30:44 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\cmdow.exe
[2006/01/13 03:23:56 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/01/13 03:15:59 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/01/13 03:15:31 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\cabarc.exe
[2006/01/13 03:14:52 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006/01/13 03:46:46 | 001,075,200 | -H-- | M] (Microsoft Corporation) MD5=2DEACA71A7FD77205F59D48D76B2F565 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006/01/13 03:38:02 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/01/13 03:23:18 | 000,024,576 | -H-- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VOLSNAP.INF >
[2006/01/13 03:57:32 | 000,001,095 | ---- | M] () MD5=1C43F4D998567C9D2463E18669F33A3C -- C:\WINDOWS\inf\volsnap.inf

< MD5 for: VOLSNAP.OLD >
[2008/04/13 20:41:01 | 000,052,352 | ---- | M] () MD5=7C38F81F40D61D1607DDB62FE5817BB9 -- C:\WINDOWS\system32\drivers\volsnap.old

< MD5 for: VOLSNAP.PNF >
[2011/01/29 20:34:16 | 000,004,964 | ---- | M] () MD5=E00670590E3DF5EEDCB5C4E6A8ECBF39 -- C:\WINDOWS\inf\volsnap.PNF

< MD5 for: VOLSNAP.SYS >
[2008/04/13 20:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/13 20:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\VOLSNAP.SYS
[2006/01/13 03:57:32 | 000,052,352 | -H-- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2006/01/13 04:01:00 | 000,502,272 | -H-- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/30 10:36:08 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/30 10:36:08 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/30 10:36:08 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/04/30 10:36:01 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/30 10:36:01 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/30 10:36:01 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 13:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 13:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 13:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 16:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 16:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/30 10:36:08 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/30 10:36:08 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/30 10:36:08 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/04/30 10:36:01 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/30 10:36:01 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/30 10:36:01 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 13:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 13:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 13:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 16:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 16:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< End of report >

[JoeDownes]

TDSSKiller works allright now that the system file was restored. I scanned the system and TDSSKiller found no infection. Is this it?

Edit: here's the report of TDSSkiller's scan:


2011/06/12 00:18:25.0379 3388 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/12 00:18:25.0610 3388 ================================================================================
2011/06/12 00:18:25.0610 3388 SystemInfo:
2011/06/12 00:18:25.0610 3388
2011/06/12 00:18:25.0610 3388 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/12 00:18:25.0610 3388 Product type: Workstation
2011/06/12 00:18:25.0610 3388 ComputerName: AE8A865F7EC440A
2011/06/12 00:18:25.0620 3388 UserName: Administrator
2011/06/12 00:18:25.0620 3388 Windows directory: C:\WINDOWS
2011/06/12 00:18:25.0620 3388 System windows directory: C:\WINDOWS
2011/06/12 00:18:25.0620 3388 Processor architecture: Intel x86
2011/06/12 00:18:25.0620 3388 Number of processors: 1
2011/06/12 00:18:25.0620 3388 Page size: 0x1000
2011/06/12 00:18:25.0620 3388 Boot type: Normal boot
2011/06/12 00:18:25.0620 3388 ================================================================================
2011/06/12 00:18:27.0603 3388 Initialize success
2011/06/12 00:18:30.0477 3704 ================================================================================
2011/06/12 00:18:30.0477 3704 Scan started
2011/06/12 00:18:30.0477 3704 Mode: Manual;
2011/06/12 00:18:30.0477 3704 ================================================================================
2011/06/12 00:18:32.0870 3704 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/12 00:18:33.0111 3704 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/12 00:18:33.0311 3704 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/12 00:18:33.0471 3704 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/12 00:18:33.0832 3704 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/12 00:18:34.0112 3704 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/12 00:18:34.0272 3704 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/12 00:18:34.0473 3704 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/12 00:18:34.0633 3704 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/12 00:18:34.0713 3704 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/12 00:18:34.0913 3704 CBDisk (93c568904e116607df2389907a9d8899) C:\WINDOWS\system32\drivers\CBDisk.sys
2011/06/12 00:18:35.0073 3704 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/12 00:18:35.0224 3704 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/12 00:18:35.0404 3704 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/12 00:18:35.0554 3704 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/12 00:18:35.0714 3704 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/12 00:18:35.0895 3704 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/06/12 00:18:35.0985 3704 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/06/12 00:18:36.0205 3704 CrystalSysInfo (f054744f67576a01139885173392502b) C:\Program Files\MediaCoder\SysInfo.sys
2011/06/12 00:18:36.0385 3704 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/12 00:18:36.0566 3704 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/12 00:18:36.0716 3704 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/12 00:18:36.0886 3704 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/12 00:18:37.0026 3704 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/12 00:18:37.0136 3704 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/12 00:18:37.0277 3704 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/06/12 00:18:37.0367 3704 EuMusDesignVirtualAudioCableWdm (a316812da9807346aa4f7de73b8b6166) C:\WINDOWS\system32\DRIVERS\vrtaucbl.sys
2011/06/12 00:18:37.0527 3704 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/12 00:18:37.0687 3704 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/06/12 00:18:37.0837 3704 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/12 00:18:38.0038 3704 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/12 00:18:38.0218 3704 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/12 00:18:38.0378 3704 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/12 00:18:38.0438 3704 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/12 00:18:38.0608 3704 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/12 00:18:38.0759 3704 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/12 00:18:38.0899 3704 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/12 00:18:39.0129 3704 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/12 00:18:39.0370 3704 ialm (da91f5385cfc8ba0f110f2fde112b563) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/06/12 00:18:39.0560 3704 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/12 00:18:39.0790 3704 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/12 00:18:39.0950 3704 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/12 00:18:40.0111 3704 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/12 00:18:40.0181 3704 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/12 00:18:40.0321 3704 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/12 00:18:40.0461 3704 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/12 00:18:40.0601 3704 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/12 00:18:40.0812 3704 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/12 00:18:41.0162 3704 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/12 00:18:41.0332 3704 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/12 00:18:41.0493 3704 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/12 00:18:41.0763 3704 MDFSYSNT (e763e272ac8ddf62f50ffa1750f255da) C:\WINDOWS\system32\drivers\MDFSYSNT.sys
2011/06/12 00:18:41.0943 3704 MDPMGRNT (2e4abb4a374d49e665fe1b61c3b2dc7b) C:\WINDOWS\system32\drivers\MDPMGRNT.sys
2011/06/12 00:18:42.0113 3704 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/12 00:18:42.0264 3704 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/12 00:18:42.0424 3704 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/12 00:18:42.0484 3704 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/12 00:18:42.0634 3704 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/12 00:18:42.0814 3704 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/12 00:18:43.0005 3704 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/12 00:18:43.0205 3704 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/12 00:18:43.0365 3704 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/12 00:18:43.0526 3704 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/12 00:18:43.0676 3704 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/12 00:18:43.0816 3704 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/12 00:18:43.0986 3704 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/12 00:18:44.0156 3704 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/12 00:18:44.0317 3704 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/12 00:18:44.0487 3704 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/12 00:18:44.0637 3704 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/12 00:18:44.0787 3704 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/12 00:18:44.0988 3704 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/12 00:18:45.0148 3704 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/12 00:18:45.0278 3704 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/12 00:18:45.0448 3704 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/12 00:18:45.0599 3704 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/12 00:18:45.0819 3704 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/12 00:18:46.0029 3704 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/12 00:18:46.0229 3704 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/12 00:18:46.0410 3704 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/12 00:18:46.0490 3704 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/12 00:18:46.0640 3704 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/12 00:18:46.0720 3704 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/12 00:18:46.0940 3704 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/12 00:18:47.0101 3704 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/12 00:18:47.0251 3704 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/12 00:18:47.0411 3704 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/12 00:18:47.0571 3704 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/12 00:18:47.0732 3704 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/06/12 00:18:48.0232 3704 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/12 00:18:48.0403 3704 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/12 00:18:48.0553 3704 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/12 00:18:48.0893 3704 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/12 00:18:49.0053 3704 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/12 00:18:49.0234 3704 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/12 00:18:49.0384 3704 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/12 00:18:49.0544 3704 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/12 00:18:49.0694 3704 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/12 00:18:49.0795 3704 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/12 00:18:49.0975 3704 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/12 00:18:50.0145 3704 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/12 00:18:50.0345 3704 ROMIO (44ce5c16798e89bdd7e3fe472fbd480a) C:\WINDOWS\system32\drivers\romio.sys
2011/06/12 00:18:50.0536 3704 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
2011/06/12 00:18:50.0716 3704 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/12 00:18:50.0786 3704 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/12 00:18:50.0956 3704 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/12 00:18:51.0136 3704 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/12 00:18:51.0337 3704 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/12 00:18:51.0537 3704 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/12 00:18:51.0677 3704 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/12 00:18:51.0868 3704 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/12 00:18:52.0038 3704 STAC97 (5813d453ef8ce49d607c255cf128aceb) C:\WINDOWS\system32\drivers\stac97.sys
2011/06/12 00:18:52.0198 3704 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/12 00:18:52.0348 3704 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/12 00:18:52.0508 3704 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/12 00:18:52.0839 3704 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/12 00:18:52.0999 3704 tap0901 (1e89de7a4fb7a854ebb241d0aa8996dd) C:\WINDOWS\system32\DRIVERS\tap0901.sys
2011/06/12 00:18:53.0069 3704 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
2011/06/12 00:18:53.0250 3704 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/12 00:18:53.0410 3704 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/12 00:18:53.0560 3704 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/12 00:18:53.0710 3704 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/12 00:18:53.0961 3704 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/12 00:18:54.0191 3704 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/12 00:18:54.0371 3704 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/06/12 00:18:54.0521 3704 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/12 00:18:54.0672 3704 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/12 00:18:54.0822 3704 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/12 00:18:54.0992 3704 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/12 00:18:55.0132 3704 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/12 00:18:55.0282 3704 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/06/12 00:18:55.0443 3704 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\WINDOWS\system32\DRIVERS\VClone.sys
2011/06/12 00:18:55.0583 3704 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/12 00:18:55.0673 3704 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/12 00:18:55.0913 3704 w70n51 (fb4d7a34ef3b49c2b5439e330b785313) C:\WINDOWS\system32\DRIVERS\w70n51.sys
2011/06/12 00:18:56.0074 3704 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/12 00:18:56.0264 3704 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/12 00:18:56.0554 3704 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/12 00:18:56.0614 3704 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/12 00:18:56.0755 3704 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/12 00:18:56.0825 3704 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/06/12 00:18:57.0065 3704 ================================================================================
2011/06/12 00:18:57.0065 3704 Scan finished
2011/06/12 00:18:57.0065 3704 ================================================================================
2011/06/12 00:18:57.0105 3768 Detected object count: 0
2011/06/12 00:18:57.0105 3768 Actual detected object count: 0

Edited by JoeDownes, 11 June 2011 - 04:21 PM.

[Render]

Please proceed with this:

Please download AVP Tool by Kaspersky. Save it to your desktop, and reboot your computer into SafeMode.

• You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
• Use your up arrow key to highlight SafeMode then hit enter.
• Double click the setup file to run it.
• Click Next to continue.
• It will by default install it to your desktop folder.Click Next.
• Hit OK at the prompt for scanning in Safe Mode.
• It will then open a box. There will be a tab that says Automatic scan.
• Under Automatic scan make sure these are checked:
  
  Hidden Startup Objects
  System Memory
  Disk Boot Sectors.
  My Computer.
  Also any other drives (Removable that you may have)
  
• Leave the rest of the settings as they appear as default.
• Then click on Scan at the to right hand corner.
• It will automatically Neutralize any objects found.
• If some objects are left un-neutralized then click the button that says Neutralize all.
• If it says it cannot be Neutralized then choose the delete option when prompted.
• After that is done click on the Reports button at the bottom and save it to file name it Kas.
• Save it somewhere convenient like your desktop and post it in your next reply.

Note: This scan could take a couple of hours.
This tool will self uninstall when you close it so please save the log before closing it.