Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

The Virus That Won't Quit...

Started by Lee07666 , Jun 16 2011 09:23 PM

Please log in to reply

#1
Lee07666

Posted 16 June 2011 - 09:23 PM

Member

Member
34 posts

I thought I had rid my PC of all its problems...I ran every program I could find, including RK Quarantine, IObit Security, QuickCare, SmartDeFrag, and Malwarebytes. BUT:

everytime i reboot, there's a loud BEEP just before I hit the desktop, which i'm pretty sure is indicating a virus

this virus randomly closes my browser whenever it feels like it.

when i try to open a program after it does this, everything freezes.

i can't find it, so i can't get rid of it! please help!!

thank you,
Lee

ps - i see that the google redirect virus just hit me as well! i tried following the removal instructions but when i enter the code into OTM and hit MoveIt! my computer stops and tells me that a problem has been detected and windows has been shut down. then i have to reboot.

OTL logfile created on: 6/16/2011 11:32:00 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Aliza\Desktop\VIRUS REMOVAL PROGRAMS
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 62.43% Memory free
3.84 Gb Paging File | 3.14 Gb Available in Paging File | 81.86% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 43.04 Gb Free Space | 28.89% Space Free | Partition Type: NTFS

Computer Name: FAMILY | User Name: Aliza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/16 10:20:29 | 000,182,272 | ---- | M] () -- C:\Documents and Settings\Aliza\Local Settings\Temp\csrss.exe
PRC - [2011/06/16 10:20:01 | 000,186,880 | ---- | M] () -- C:\Documents and Settings\Aliza\Application Data\dwm.exe
PRC - [2011/06/16 10:19:37 | 000,173,568 | ---- | M] () -- C:\Documents and Settings\Aliza\Application Data\Microsoft\conhost.exe
PRC - [2011/06/12 15:44:28 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2011/06/08 20:52:53 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aliza\desktop\VIRUS REMOVAL PROGRAMS\OTL.exe
PRC - [2011/06/01 14:10:00 | 000,821,080 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/05/28 14:46:56 | 000,412,560 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/05/12 09:34:34 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/04/27 14:20:43 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/04/19 02:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/04/19 02:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/10 17:29:14 | 001,646,936 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2011/03/16 17:29:26 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/05/14 13:59:44 | 000,455,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/11/08 23:17:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/25 12:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/11/10 14:03:52 | 000,241,775 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
PRC - [2005/11/10 14:03:52 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
PRC - [2003/04/06 01:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003/04/06 00:37:38 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
PRC - [2003/03/09 16:30:52 | 000,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

========== Modules (SafeList) ==========

MOD - [2011/06/12 15:44:50 | 000,043,520 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll
MOD - [2011/06/08 23:13:16 | 000,062,976 | ---- | M] () -- C:\WINDOWS\system32\atnw12.dll
MOD - [2011/06/08 20:52:53 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aliza\desktop\VIRUS REMOVAL PROGRAMS\OTL.exe
MOD - [2011/04/18 22:51:18 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
MOD - [2011/04/18 22:51:18 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NMSAccess)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/06/01 14:10:00 | 000,821,080 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/04/27 14:20:43 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/04/19 02:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/03/16 17:29:26 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/05/14 13:59:44 | 000,455,944 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/03 16:52:26 | 000,120,168 | ---- | M] (stumbleupon.com) [On_Demand | Stopped] -- C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe -- (StumbleUponUpdateService)
SRV - [2009/04/26 20:05:00 | 002,870,429 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/09 21:00:13 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/01/15 10:28:20 | 000,204,800 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2007/10/11 10:49:46 | 000,076,016 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe -- (DellAMBrokerService)
SRV - [2007/05/25 12:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2003/03/09 16:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2011/03/16 17:29:27 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/02/23 17:04:32 | 000,013,496 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/12/13 09:40:21 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/11/08 23:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/05/19 16:01:56 | 000,053,888 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\evserial.sys -- (evserial) Virtual Serial Ports Driver (Eltima Softwate)
DRV - [2008/05/19 16:01:50 | 000,027,904 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\evsbc.sys -- (VSBC) Virtual Serial Bus Enumerator (Eltima Software)
DRV - [2008/02/20 13:47:34 | 000,027,936 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2007/08/23 19:29:10 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\datunidr.sys -- (datunidr)
DRV - [2007/06/13 21:41:44 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/12/18 20:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys -- (PTproct)
DRV - [2006/08/18 14:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 14:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 14:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 14:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 14:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 14:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 14:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 14:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 11:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 11:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/03/26 11:55:12 | 000,091,241 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P1131Vid.sys -- (P1131VID) Creative WebCam NX Pro (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080415
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080415

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...?channel=us-smb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56283

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://uncyclopedia....ow_to_be_funny"
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.5
FF - prefs.js..extensions.enabledItems: [email protected]:0.4.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.0
FF - prefs.js..extensions.enabledItems: {21b88860-5e00-44dd-bdac-fca1f791837e}:0.2.0.7
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:1.6.1
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.31
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 56283
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/12 15:44:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/12 15:44:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/12 15:45:12 | 000,000,000 | ---D | M]

[2008/08/28 10:54:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aliza\Application Data\Mozilla\Extensions
[2011/06/16 09:59:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\extensions
[2009/09/02 13:26:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/16 09:59:18 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/04/26 14:23:15 | 000,000,000 | ---D | M] (InstantAction.com Game Launcher) -- C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\extensions\[email protected]
[2008/08/06 20:34:18 | 000,000,000 | ---D | M] (RealArcade V3 Plugin) -- C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\extensions\[email protected]
[2008/05/04 14:32:35 | 000,000,275 | ---- | M] () -- C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\searchplugins\search.xml
[2011/06/12 15:35:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2009/12/02 19:56:47 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\ALIZA\APPLICATION DATA\MOVE NETWORKS
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ALIZA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RGSVN09W.DEFAULT\EXTENSIONS\{21B88860-5E00-44DD-BDAC-FCA1F791837E}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ALIZA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RGSVN09W.DEFAULT\EXTENSIONS\{C50CA3C4-5656-43C2-A061-13E717F73FC8}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ALIZA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RGSVN09W.DEFAULT\EXTENSIONS\{D57C9FF1-6389-48FC-B770-F78BD89B6E8A}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ALIZA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RGSVN09W.DEFAULT\EXTENSIONS\[email protected]
[2011/06/12 15:44:51 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2008/05/04 14:32:39 | 000,000,368 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\search.xml

O1 HOSTS File: ([2011/06/08 21:55:21 | 000,000,021 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [conhost] C:\Documents and Settings\Aliza\Application Data\Microsoft\conhost.exe ()
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
F3 - HKCU WinNT: Load - (C:\DOCUME~1\Aliza\LOCALS~1\Temp\csrss.exe) - C:\Documents and Settings\Aliza\Local Settings\Temp\csrss.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - File not found
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} http://www.blackberr...re/AxLoader.cab (AxLoaderPassword Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1266631313843 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} http://ll.g.gametap....pWebUpdater.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15111/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.130 167.206.245.129
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Aliza\Application Data\dwm.exe) - C:\Documents and Settings\Aliza\Application Data\dwm.exe ()
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/12 14:04:00 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6b7a0b51-756b-11dd-8a8d-001d09944c17}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: cisvfmon - (C:\WINDOWS\system32\atnw12.dll) - C:\WINDOWS\system32\atnw12.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/16 03:04:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/06/15 19:06:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 5
[2011/06/15 19:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IObit Security 360
[2011/06/13 19:20:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IObit Malware Fighter
[2011/06/12 16:47:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aliza\Local Settings\Application Data\SlimWare Utilities Inc
[2011/06/12 16:47:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SlimCleaner
[2011/06/12 16:47:30 | 000,000,000 | ---D | C] -- C:\Program Files\SlimCleaner
[2011/06/12 16:46:41 | 000,000,000 | ---D | C] -- C:\Program Files\Downloaded Installers
[2011/06/12 16:32:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/06/12 16:19:47 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/06/12 16:01:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 6
[2011/06/12 15:45:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2011/06/12 15:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/06/12 15:44:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2011/06/12 15:24:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aliza\Local Settings\Application Data\Secunia PSI
[2011/06/12 15:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/06/12 11:32:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/12 10:53:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/06/12 00:16:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aliza\Desktop\RK_Quarantine
[2011/06/12 00:13:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Aliza\Recent
[2011/06/11 17:42:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\STOPzilla
[2011/06/11 00:31:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 4
[2011/06/11 00:30:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/06/11 00:29:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aliza\Application Data\IObit
[2011/06/11 00:29:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Smart Defrag 2
[2011/06/11 00:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/06/11 00:14:21 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Aliza\Desktop\mbam-setup.exe
[2011/06/10 19:30:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aliza\Local Settings\Application Data\Wuala
[2011/06/10 19:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aliza\Application Data\Wuala
[2011/06/10 11:37:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aliza\Start Menu\Programs\Google Chrome
[2011/06/09 20:09:28 | 000,000,000 | ---D | C] -- C:\MGtools
[2011/06/08 23:46:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aliza\Application Data\bkbxxenlt
[2011/06/08 23:02:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aliza\Desktop\Gali Girls
[2011/06/08 21:03:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/08 20:14:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aliza\Application Data\Google Talk
[2011/06/08 19:49:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aliza\Start Menu\Programs\Windows XP Restore
[2011/06/05 00:14:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aliza\Desktop\CLEAN
[2011/06/04 13:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aliza\Desktop\WEDDING BIZ
[2011/05/29 11:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/05/29 11:55:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/05/26 23:32:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/05/26 23:28:30 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/05/26 23:18:44 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/05/26 23:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hitman Pro 3.5
[2011/05/26 23:17:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/05/26 01:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/05/26 01:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2011/05/25 21:11:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/05/25 20:22:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/05/25 20:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/05/21 21:56:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/05/21 21:56:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[25 C:\Documents and Settings\Aliza\My Documents\*.tmp files -> C:\Documents and Settings\Aliza\My Documents\*.tmp -> ]
[2 C:\Documents and Settings\Aliza\Desktop\*.tmp files -> C:\Documents and Settings\Aliza\Desktop\*.tmp -> ]
[15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/16 23:29:07 | 000,031,786 | ---- | M] () -- C:\Documents and Settings\Aliza\Application Data\EAFE.1FF
[2011/06/16 23:16:03 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3534371746-1935322057-1064774181-1006.job
[2011/06/16 23:16:03 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3534371746-1935322057-1064774181-1006.job
[2011/06/16 23:11:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3534371746-1935322057-1064774181-1006UA.job
[2011/06/16 23:09:23 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2011/06/16 23:08:38 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/06/16 23:08:29 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/16 23:08:29 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3534371746-1935322057-1064774181-1007.job
[2011/06/16 23:08:29 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2011/06/16 23:08:29 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2011/06/16 23:08:22 | 000,000,314 | --S- | M] () -- C:\WINDOWS\tasks\fuui.job
[2011/06/16 23:08:22 | 000,000,308 | --S- | M] () -- C:\WINDOWS\tasks\kozmz.job
[2011/06/16 23:08:22 | 000,000,306 | --S- | M] () -- C:\WINDOWS\tasks\PBBQDQYJFZ.job
[2011/06/16 23:08:22 | 000,000,304 | --S- | M] () -- C:\WINDOWS\tasks\ksjurhc.job
[2011/06/16 23:08:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/16 23:08:10 | 2136,129,536 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/16 22:50:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/16 20:11:01 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3534371746-1935322057-1064774181-1006Core.job
[2011/06/16 10:20:01 | 000,186,880 | ---- | M] () -- C:\Documents and Settings\Aliza\Application Data\dwm.exe
[2011/06/16 03:17:01 | 000,476,836 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/16 03:17:01 | 000,085,726 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/16 03:09:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/15 10:44:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/14 18:51:51 | 000,000,494 | ---- | M] () -- C:\hpfr5550.xml
[2011/06/13 23:10:09 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/06/13 20:59:53 | 000,000,083 | ---- | M] () -- C:\WINDOWS\wwp.INI
[2011/06/13 19:24:12 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2011/06/13 19:20:00 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IObit Malware Fighter.lnk
[2011/06/12 16:47:31 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SlimCleaner.lnk
[2011/06/12 16:32:06 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/06/12 16:01:06 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 6.lnk
[2011/06/12 15:45:47 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2011/06/12 15:45:07 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/06/12 15:44:29 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011/06/12 15:15:33 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/06/11 23:58:55 | 000,000,128 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~24829732r
[2011/06/11 23:58:55 | 000,000,112 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~24829732
[2011/06/11 23:58:50 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\24829732
[2011/06/11 00:15:22 | 000,709,456 | ---- | M] () -- C:\WINDOWS\is-B5FH3.exe
[2011/06/11 00:15:22 | 000,010,562 | ---- | M] () -- C:\WINDOWS\is-B5FH3.msg
[2011/06/11 00:15:22 | 000,000,346 | ---- | M] () -- C:\WINDOWS\is-B5FH3.lst
[2011/06/11 00:14:28 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Aliza\Desktop\mbam-setup.exe
[2011/06/11 00:03:53 | 001,007,120 | ---- | M] () -- C:\Documents and Settings\Aliza\Desktop\iExplore.exe
[2011/06/10 23:18:47 | 001,305,136 | ---- | M] () -- C:\Documents and Settings\Aliza\Desktop\tdsskiller.zip
[2011/06/10 08:59:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3534371746-1935322057-1064774181-1007.job
[2011/06/09 23:38:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\null
[2011/06/09 20:08:09 | 002,419,100 | ---- | M] () -- C:\MGtools.exe
[2011/06/09 20:00:25 | 000,019,286 | ---- | M] () -- C:\cleanup.exe
[2011/06/09 19:04:55 | 000,001,288 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/06/09 17:13:51 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Aliza\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/09 17:13:51 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/08 23:46:42 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/08 23:34:16 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malware Protection.lnk
[2011/06/08 23:13:16 | 000,062,976 | ---- | M] () -- C:\WINDOWS\System32\atnw12.dll
[2011/06/08 23:13:16 | 000,000,069 | ---- | M] () -- C:\WINDOWS\System32\4749859.bat
[2011/06/08 23:02:33 | 000,232,448 | -H-- | M] () -- C:\Documents and Settings\Aliza\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/08 21:55:21 | 000,000,021 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/08 19:49:30 | 000,000,144 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~17489700
[2011/06/08 19:49:29 | 000,000,160 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~17489700r
[2011/06/08 19:48:55 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\17489700
[2011/06/08 13:14:02 | 000,072,080 | ---- | M] () -- C:\Documents and Settings\Aliza\g2mdlhlpx.exe
[2011/06/05 22:12:48 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Aliza\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/26 23:28:30 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/05/26 23:18:45 | 000,017,480 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[25 C:\Documents and Settings\Aliza\My Documents\*.tmp files -> C:\Documents and Settings\Aliza\My Documents\*.tmp -> ]
[2 C:\Documents and Settings\Aliza\Desktop\*.tmp files -> C:\Documents and Settings\Aliza\Desktop\*.tmp -> ]
[15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/16 10:20:01 | 000,186,880 | ---- | C] () -- C:\Documents and Settings\Aliza\Application Data\dwm.exe
[2011/06/15 19:06:32 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2011/06/15 19:06:32 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2011/06/14 19:46:27 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3534371746-1935322057-1064774181-1006.job
[2011/06/13 19:20:00 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IObit Malware Fighter.lnk
[2011/06/13 19:16:42 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2011/06/13 19:16:42 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2011/06/12 16:47:31 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SlimCleaner.lnk
[2011/06/12 16:32:06 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/06/12 16:01:06 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 6.lnk
[2011/06/12 15:45:07 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/06/12 15:15:33 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/06/12 15:15:33 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2011/06/12 11:32:03 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malware Protection.lnk
[2011/06/11 23:58:55 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~24829732r
[2011/06/11 23:58:55 | 000,000,112 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~24829732
[2011/06/11 23:58:50 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\24829732
[2011/06/11 17:42:18 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/06/11 00:30:10 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2011/06/11 00:29:15 | 000,029,520 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/06/11 00:29:15 | 000,013,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2011/06/11 00:22:26 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Aliza\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/11 00:22:22 | 000,002,262 | ---- | C] () -- C:\Documents and Settings\Aliza\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/11 00:22:18 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/11 00:15:22 | 000,709,456 | ---- | C] () -- C:\WINDOWS\is-B5FH3.exe
[2011/06/11 00:15:22 | 000,010,562 | ---- | C] () -- C:\WINDOWS\is-B5FH3.msg
[2011/06/11 00:15:22 | 000,000,346 | ---- | C] () -- C:\WINDOWS\is-B5FH3.lst
[2011/06/11 00:03:52 | 001,007,120 | ---- | C] () -- C:\Documents and Settings\Aliza\Desktop\iExplore.exe
[2011/06/10 23:24:55 | 2136,129,536 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/10 23:18:34 | 001,305,136 | ---- | C] () -- C:\Documents and Settings\Aliza\Desktop\tdsskiller.zip
[2011/06/09 20:08:06 | 002,419,100 | ---- | C] () -- C:\MGtools.exe
[2011/06/09 20:00:25 | 000,019,286 | ---- | C] () -- C:\cleanup.exe
[2011/06/09 19:03:15 | 000,001,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/06/09 11:47:24 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/06/09 11:47:24 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/06/08 23:13:16 | 000,062,976 | ---- | C] () -- C:\WINDOWS\System32\atnw12.dll
[2011/06/08 23:13:16 | 000,000,069 | ---- | C] () -- C:\WINDOWS\System32\4749859.bat
[2011/06/08 21:38:47 | 000,002,695 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Music Rescue.lnk
[2011/06/08 21:38:47 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/06/08 21:38:47 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/06/08 21:38:47 | 000,001,665 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPER ©.lnk
[2011/06/08 21:38:47 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/06/08 21:38:47 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2011/06/08 21:38:47 | 000,000,851 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photo & Imaging.lnk
[2011/06/08 21:38:47 | 000,000,851 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Director.lnk
[2011/06/08 21:38:47 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FlipShare.lnk
[2011/06/08 21:38:47 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\Aliza\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/06/08 21:38:47 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/06/08 21:38:47 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Directory Submitter.lnk
[2011/06/08 21:38:47 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Box Shot 3D.lnk
[2011/06/08 21:38:47 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PowerISO.lnk
[2011/06/08 21:38:47 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\Aliza\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/06/08 21:38:47 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2011/06/08 21:38:47 | 000,000,477 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Worms World Party.lnk
[2011/06/08 21:38:46 | 000,001,562 | ---- | C] () -- C:\Documents and Settings\Aliza\Application Data\Microsoft\Internet Explorer\Quick Launch\RealArcade My Games.lnk
[2011/06/08 21:38:46 | 000,001,546 | ---- | C] () -- C:\Documents and Settings\Aliza\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/06/08 21:38:46 | 000,000,834 | ---- | C] () -- C:\Documents and Settings\Aliza\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Video Converter.lnk
[2011/06/08 21:38:46 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Aliza\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/08 21:38:46 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Aliza\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/08 21:38:46 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Aliza\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/06/08 21:38:46 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\Aliza\Application Data\Microsoft\Internet Explorer\Quick Launch\Traffic Travis.lnk
[2011/06/08 21:38:46 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Aliza\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/08 21:38:45 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/06/08 21:38:45 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/06/08 21:38:43 | 000,001,695 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPER © Uninstall.lnk
[2011/06/08 21:38:43 | 000,001,671 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPER ©.lnk
[2011/06/08 21:38:43 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/06/08 21:38:43 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Switch Sound File Converter.lnk
[2011/06/08 21:38:43 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk
[2011/06/08 21:38:43 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
[2011/06/08 21:38:41 | 000,001,890 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2011/06/08 21:38:41 | 000,001,717 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PowerDVD DX.lnk
[2011/06/08 21:38:41 | 000,000,841 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PhotoStage Slideshow Producer.lnk
[2011/06/08 21:38:36 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\FlipShare.lnk
[2011/06/08 21:38:32 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/06/08 21:38:32 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/08 21:38:32 | 000,001,100 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
[2011/06/08 21:38:32 | 000,000,976 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Flash CS3 Video Encoder.lnk
[2011/06/08 21:38:32 | 000,000,911 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Device Central CS3.lnk
[2011/06/08 21:38:32 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ImageReady 7.0.lnk
[2011/06/08 21:38:32 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge CS3.lnk
[2011/06/08 21:38:32 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Flash CS3 Professional.lnk
[2011/06/08 21:38:31 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat.com.lnk
[2011/06/08 19:49:29 | 000,000,160 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~17489700r
[2011/06/08 19:49:29 | 000,000,144 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~17489700
[2011/06/08 19:48:55 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\17489700
[2011/06/08 19:39:25 | 000,000,306 | --S- | C] () -- C:\WINDOWS\tasks\PBBQDQYJFZ.job
[2011/06/08 19:39:23 | 000,000,314 | --S- | C] () -- C:\WINDOWS\tasks\fuui.job
[2011/06/08 19:39:23 | 000,000,308 | --S- | C] () -- C:\WINDOWS\tasks\kozmz.job
[2011/06/08 19:39:23 | 000,000,304 | --S- | C] () -- C:\WINDOWS\tasks\ksjurhc.job
[2011/05/26 23:18:45 | 000,017,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/05/24 10:13:14 | 000,000,083 | ---- | C] () -- C:\WINDOWS\wwp.INI
[2011/03/24 15:18:42 | 000,104,552 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/02/25 19:19:58 | 000,020,454 | ---- | C] () -- C:\WINDOWS\hpoins01.dat.temp
[2011/02/25 19:19:58 | 000,016,618 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat.temp
[2011/01/20 18:45:34 | 000,031,786 | ---- | C] () -- C:\Documents and Settings\Aliza\Application Data\EAFE.1FF
[2010/08/10 11:57:55 | 000,335,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/24 10:28:28 | 000,005,097 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ojobkspa.ako
[2010/04/18 09:44:35 | 001,592,106 | ---- | C] () -- C:\WINDOWS\WANEUninstaller.exe
[2010/04/04 14:17:03 | 000,000,122 | ---- | C] () -- C:\WINDOWS\WA.INI
[2010/03/29 23:02:52 | 000,020,454 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2010/03/29 23:02:52 | 000,016,618 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2010/03/29 16:05:33 | 000,017,888 | --S- | C] () -- C:\Documents and Settings\All Users\Application Data\5lRk1
[2010/03/29 16:05:33 | 000,017,888 | --S- | C] () -- C:\Documents and Settings\Aliza\Local Settings\Application Data\5lRk1
[2010/02/28 18:54:12 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/08/28 10:22:22 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/08/28 10:12:36 | 000,006,940 | ---- | C] () -- C:\Documents and Settings\Aliza\Application Data\PrimoPDFSet.xml
[2009/08/28 10:11:01 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2009/06/07 22:23:31 | 001,820,358 | ---- | C] () -- C:\WINDOWS\XSitePro2 Resource Pack 1 Uninstaller.exe
[2009/06/07 22:15:21 | 000,831,422 | ---- | C] () -- C:\WINDOWS\XSitePro2 Uninstaller.exe
[2009/06/03 17:18:33 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/05/24 16:30:23 | 000,000,033 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2009/04/27 00:13:36 | 000,000,314 | -H-- | C] () -- C:\WINDOWS\primopdf.ini
[2009/04/07 22:09:31 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/04/07 22:09:31 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/02/14 11:53:20 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2008/11/22 18:53:18 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\mf.dll
[2008/11/06 22:41:12 | 000,000,228 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/10/17 12:35:32 | 000,018,790 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll
[2008/10/09 21:09:12 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/10/07 17:42:31 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/08/15 10:05:50 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/08/14 18:52:33 | 001,003,520 | ---- | C] () -- C:\WINDOWS\System32\ltmm_n.dll
[2008/08/06 18:25:23 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2008/08/06 16:05:34 | 000,265,833 | ---- | C] () -- C:\Documents and Settings\Aliza\Application Data\com.kennettnet.MusicRescue4.Profiles.plist
[2008/08/06 16:05:34 | 000,090,164 | ---- | C] () -- C:\Documents and Settings\Aliza\Application Data\com.kennettnet.MusicRescue4.plist
[2008/07/09 22:44:52 | 000,000,108 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2008/07/09 22:44:52 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2008/07/09 22:44:52 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2008/06/11 15:18:45 | 000,232,448 | -H-- | C] () -- C:\Documents and Settings\Aliza\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/06 20:29:17 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2008/06/06 17:58:40 | 001,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
[2008/05/28 22:30:14 | 000,001,292 | ---- | C] () -- C:\Documents and Settings\Aliza\Local Settings\Application Data\FASTWiz.html
[2008/05/28 21:51:26 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Aliza\Local Settings\Application Data\fusioncache.dat
[2008/05/25 14:00:34 | 000,000,021 | -H-- | C] () -- C:\WINDOWS\atid.ini
[2008/05/18 18:51:31 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/05/14 18:22:49 | 000,001,507 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/04/30 14:02:45 | 000,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2008/04/28 20:00:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/04/15 01:34:01 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2008/04/15 01:31:10 | 000,000,859 | -H-- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2008/04/15 01:29:41 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/04/15 01:29:41 | 000,000,120 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2008/04/15 01:09:57 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/04/15 01:09:49 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2008/04/15 01:08:26 | 000,001,124 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/10/18 17:36:54 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\deskMenu2.dll
[2007/08/06 11:07:30 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/03/09 03:12:32 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2006/11/07 05:25:58 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/08/10 14:12:05 | 000,000,780 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 14:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 14:01:18 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:57:15 | 000,482,720 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:51:20 | 000,476,836 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 13:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 13:51:20 | 000,085,726 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 13:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 13:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 13:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 13:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 13:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 13:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 13:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 13:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/09 15:27:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ddcvt.exe
[2003/09/23 08:14:42 | 001,099,264 | ---- | C] () -- C:\WINDOWS\System32\cygxml2-2.dll
[2003/08/10 10:59:20 | 000,980,992 | ---- | C] () -- C:\WINDOWS\System32\cygiconv-2.dll
[2003/08/08 20:28:16 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll

========== LOP Check ==========

[2009/08/30 00:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\215711
[2009/05/22 20:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\Affilorama
[2011/06/11 17:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\bkbxxenlt
[2009/02/06 16:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\DAEMON Tools
[2009/06/03 16:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\DAEMON Tools Lite
[2009/02/06 16:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\DAEMON Tools Pro
[2008/10/17 12:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\deskPDF
[2009/08/13 03:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\DNA
[2009/10/08 15:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\eBookPro6
[2008/06/20 01:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\Eltima Software
[2010/03/31 20:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\Facebook
[2011/05/19 22:05:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\FileZilla
[2011/02/22 19:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\FreeVideoConverter
[2009/04/26 14:30:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\GarageGames
[2010/07/18 12:20:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\GeoVid
[2008/06/06 17:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\GetRightToGo
[2008/05/04 18:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\GlarySoft
[2009/05/24 16:29:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\ijjigame
[2010/06/06 21:19:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\ImgBurn
[2011/06/13 19:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\IObit
[2008/07/23 21:38:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\Linksys
[2010/06/24 10:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\MOVAVI
[2010/04/27 15:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\NCH Swift Sound
[2010/07/18 13:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\Publish Providers
[2008/05/25 14:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\QQ Games Plugin
[2011/05/29 12:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\Research In Motion
[2011/04/12 22:25:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\Rovio
[2010/01/18 19:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\SmartDraw
[2010/07/18 13:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\Sony
[2009/07/11 15:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\StumbleUpon
[2010/05/13 16:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\SystemRequirementsLab
[2010/02/22 16:58:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\TeamViewer
[2008/06/06 20:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\Tunebite
[2011/06/16 23:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\uTorrent
[2008/05/25 14:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\Viewpoint
[2010/07/18 12:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\VisiFly
[2011/06/10 19:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\Wuala
[2008/11/07 01:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVSVideoBurner
[2009/08/19 22:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bryxen Software
[2009/02/06 16:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/06/12 14:09:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2008/08/06 18:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameTap
[2011/05/26 23:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/07/26 17:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ijjigame
[2011/06/11 00:30:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2008/07/23 21:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys
[2010/05/04 15:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/10/15 18:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2008/06/06 20:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2008/04/15 01:31:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SingleClick Systems
[2010/07/18 14:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2011/06/09 19:45:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2008/04/15 01:32:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/01/21 22:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/07/13 21:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/09/14 21:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/05/06 21:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/06/29 23:21:35 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1269919112.job
[2011/06/16 23:08:22 | 000,000,314 | --S- | M] () -- C:\WINDOWS\Tasks\fuui.job
[2011/06/16 23:08:38 | 000,000,312 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2011/06/16 23:08:22 | 000,000,308 | --S- | M] () -- C:\WINDOWS\Tasks\kozmz.job
[2011/06/16 23:08:22 | 000,000,304 | --S- | M] () -- C:\WINDOWS\Tasks\ksjurhc.job
[2011/06/16 23:08:22 | 000,000,306 | --S- | M] () -- C:\WINDOWS\Tasks\PBBQDQYJFZ.job
[2010/05/07 15:26:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\Tasks\photostageShakeIcon.job
[2011/06/16 23:09:23 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (TE).job
[2011/06/16 23:08:29 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag_Startup.job
[2011/02/02 19:17:00 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\switchDowngrade.job
[2010/12/14 16:32:00 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2010/06/02 19:13:28 | 000,010,225 | -H-- | M] ()(C:\Documents and Settings\Aliza\My Documents\???.kolachai.hebrewname.docx) -- C:\Documents and Settings\Aliza\My Documents\קול.kolachai.hebrewname.docx
[2010/06/02 19:13:28 | 000,010,225 | -H-- | C] ()(C:\Documents and Settings\Aliza\My Documents\???.kolachai.hebrewname.docx) -- C:\Documents and Settings\Aliza\My Documents\קול.kolachai.hebrewname.docx
[2007/06/19 22:56:49 | 000,139,776 | -H-- | C] ()(C:\Documents and Settings\Aliza\My Documents\??? ?????2.doc) -- C:\Documents and Settings\Aliza\My Documents\מתי היגיע2.doc
[2007/06/19 22:56:49 | 000,131,072 | -H-- | C] ()(C:\Documents and Settings\Aliza\My Documents\??? ??????.doc) -- C:\Documents and Settings\Aliza\My Documents\מתי היגיעו.doc
[2007/06/19 22:56:49 | 000,024,064 | -H-- | C] ()(C:\Documents and Settings\Aliza\My Documents\???? 1.doc) -- C:\Documents and Settings\Aliza\My Documents\עמוד 1.doc
[2007/06/19 22:54:11 | 000,090,624 | -H-- | C] ()(C:\Documents and Settings\Aliza\My Documents\4??? ?????1.doc) -- C:\Documents and Settings\Aliza\My Documents\4מתי היגיע1.doc
[2007/06/19 22:54:11 | 000,052,224 | -H-- | C] ()(C:\Documents and Settings\Aliza\My Documents\3??? ?????1.doc) -- C:\Documents and Settings\Aliza\My Documents\3מתי היגיע1.doc
[2007/06/19 22:54:11 | 000,028,672 | -H-- | C] ()(C:\Documents and Settings\Aliza\My Documents\5??? ?????1.doc) -- C:\Documents and Settings\Aliza\My Documents\5מתי היגיע1.doc
[2007/06/11 20:33:54 | 000,024,064 | -H-- | M] ()(C:\Documents and Settings\Aliza\My Documents\???? 1.doc) -- C:\Documents and Settings\Aliza\My Documents\עמוד 1.doc
[2007/06/11 20:26:51 | 000,028,672 | -H-- | M] ()(C:\Documents and Settings\Aliza\My Documents\5??? ?????1.doc) -- C:\Documents and Settings\Aliza\My Documents\5מתי היגיע1.doc
[2007/06/11 20:17:29 | 000,090,624 | -H-- | M] ()(C:\Documents and Settings\Aliza\My Documents\4??? ?????1.doc) -- C:\Documents and Settings\Aliza\My Documents\4מתי היגיע1.doc
[2007/06/11 19:13:24 | 000,052,224 | -H-- | M] ()(C:\Documents and Settings\Aliza\My Documents\3??? ?????1.doc) -- C:\Documents and Settings\Aliza\My Documents\3מתי היגיע1.doc
[2007/06/11 18:46:22 | 000,139,776 | -H-- | M] ()(C:\Documents and Settings\Aliza\My Documents\??? ?????2.doc) -- C:\Documents and Settings\Aliza\My Documents\מתי היגיע2.doc
[2007/06/11 18:33:36 | 000,131,072 | -H-- | M] ()(C:\Documents and Settings\Aliza\My Documents\??? ??????.doc) -- C:\Documents and Settings\Aliza\My Documents\מתי היגיעו.doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A11F741D
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794

< End of report >

Edited by Lee07666, 16 June 2011 - 09:56 PM.

#2
RKinner

Posted 17 June 2011 - 06:21 AM

Malware Expert

Expert
24,625 posts

Uninstall:

IObit Security
QuickCare
SmartDeFrag
Advanced SystemCare 4
uTorrent/BitTorrent
Yahoo toolbar
Yahoo Updater
DAEMON Tools (all versions)

1. Open Avira AntiVir Personal. (There is likely an icon on your desktop, or in your system tray by the clock.)
2. Click the "Configuration" link on the main screen. This opens the configuration panel.
3. Check the "Expert mode" option.
4. Click on General > Security.
5. *Uncheck* the option titled "Protect files and registry entries from manipulation".
6. Click the "OK" button.
7. Reboot your computer.

Copy the text in the code box by highlighting and Ctrl + c


:Services
NMSAccess
AppMgmt

:OTL
PRC - [2011/06/16 10:20:29 | 000,182,272 | ---- | M] () -- C:\Documents and Settings\Aliza\Local Settings\Temp\csrss.exe
PRC - [2011/06/16 10:20:01 | 000,186,880 | ---- | M] () -- C:\Documents and Settings\Aliza\Application Data\dwm.exe
PRC - [2011/06/16 10:19:37 | 000,173,568 | ---- | M] () -- C:\Documents and Settings\Aliza\Application Data\Microsoft\conhost.exe
MOD - [2011/06/08 23:13:16 | 000,062,976 | ---- | M] () -- C:\WINDOWS\system32\atnw12.dll
SRV - File not found [Auto | Stopped] -- -- (NMSAccess)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56283
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 56283
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
[2011/06/16 09:59:18 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ALIZA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RGSVN09W.DEFAULT\EXTENSIONS\{21B88860-5E00-44DD-BDAC-FCA1F791837E}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ALIZA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RGSVN09W.DEFAULT\EXTENSIONS\{C50CA3C4-5656-43C2-A061-13E717F73FC8}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ALIZA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RGSVN09W.DEFAULT\EXTENSIONS\{D57C9FF1-6389-48FC-B770-F78BD89B6E8A}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ALIZA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RGSVN09W.DEFAULT\EXTENSIONS\[email protected]
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
F3 - HKCU WinNT: Load - (C:\DOCUME~1\Aliza\LOCALS~1\Temp\csrss.exe) - C:\Documents and Settings\Aliza\Local Settings\Temp\csrss.exe ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} http://ll.g.gametap....pWebUpdater.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Aliza\Application Data\dwm.exe) - C:\Documents and Settings\Aliza\Application Data\dwm.exe ()
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O36 - AppCertDlls: cisvfmon - (C:\WINDOWS\system32\atnw12.dll) - C:\WINDOWS\system32\atnw12.dll ()
[2011/06/08 23:46:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aliza\Application Data\bkbxxenlt
[2011/06/16 23:29:07 | 000,031,786 | ---- | M] () -- C:\Documents and Settings\Aliza\Application Data\EAFE.1FF
[2011/06/16 23:16:03 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3534371746-1935322057-1064774181-1006.job
[2011/06/16 23:16:03 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3534371746-1935322057-1064774181-1006.job
[2011/06/16 23:11:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3534371746-1935322057-1064774181-1006UA.job
[2011/06/16 23:09:23 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2011/06/16 23:08:38 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/06/16 23:08:29 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2011/06/16 23:08:22 | 000,000,314 | --S- | M] () -- C:\WINDOWS\tasks\fuui.job
[2011/06/16 23:08:22 | 000,000,308 | --S- | M] () -- C:\WINDOWS\tasks\kozmz.job
[2011/06/16 23:08:22 | 000,000,306 | --S- | M] () -- C:\WINDOWS\tasks\PBBQDQYJFZ.job
[2011/06/16 23:08:22 | 000,000,304 | --S- | M] () -- C:\WINDOWS\tasks\ksjurhc.job
[2011/06/16 22:50:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/16 20:11:01 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3534371746-1935322057-1064774181-1006Core.job
[2011/06/16 10:20:01 | 000,186,880 | ---- | M] () -- C:\Documents and Settings\Aliza\Application Data\dwm.exe
[2011/06/13 19:24:12 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2011/06/11 23:58:55 | 000,000,128 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~24829732r
[2011/06/11 23:58:55 | 000,000,112 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~24829732
[2011/06/11 23:58:50 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\24829732
[2011/06/11 00:15:22 | 000,709,456 | ---- | M] () -- C:\WINDOWS\is-B5FH3.exe
[2011/06/11 00:15:22 | 000,010,562 | ---- | M] () -- C:\WINDOWS\is-B5FH3.msg
[2011/06/11 00:15:22 | 000,000,346 | ---- | M] () -- C:\WINDOWS\is-B5FH3.lst
[2011/06/10 08:59:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3534371746-1935322057-1064774181-1007.job
[2011/06/08 23:34:16 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malware Protection.lnk
[2011/06/08 23:13:16 | 000,062,976 | ---- | M] () -- C:\WINDOWS\System32\atnw12.dll
[2011/06/08 23:13:16 | 000,000,069 | ---- | M] () -- C:\WINDOWS\System32\4749859.bat
[2011/06/08 19:49:30 | 000,000,144 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~17489700
[2011/06/08 19:49:29 | 000,000,160 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~17489700r
[2011/06/08 19:48:55 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\17489700
[2011/06/11 00:03:52 | 001,007,120 | ---- | C] () -- C:\Documents and Settings\Aliza\Desktop\iExplore.exe
[2010/06/24 10:28:28 | 000,005,097 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ojobkspa.ako
[2010/03/29 16:05:33 | 000,017,888 | --S- | C] () -- C:\Documents and Settings\All Users\Application Data\5lRk1
[2010/03/29 16:05:33 | 000,017,888 | --S- | C] () -- C:\Documents and Settings\Aliza\Local Settings\Application Data\5lRk1
[2009/08/30 00:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\215711


:files
C:\Documents and Settings\Aliza\Application Data\Microsoft\conhost.exe
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"
     
:Commands
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus at this time :!:

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image

Ron

#3
Lee07666

Posted 17 June 2011 - 06:53 PM

Member

Topic Starter
Member
34 posts

Thanks Ron. I removed the programs you mentioned, but the same problem occurs when I enter code into OTL and hit the Fix button. My computer stops and tells me that a problem has been detected and windows has been shut down. then i have to reboot.

#4
RKinner

Posted 17 June 2011 - 08:53 PM

Malware Expert

Expert
24,625 posts

Try running it in Safe Mode. (Reboot and when you hear the beep, see the maker's logo or it mentions F8, start slowly tapping the F8 key. Keep tapping until you see the menu. Select Safe Mode. Then login with your usual login. Ignore the warnings.)

#5
Lee07666

Posted 17 June 2011 - 09:30 PM

Member

Topic Starter
Member
34 posts

same thing happened in safe mode. if it means anything, i copied the following under Data Information (on the screen that says windows encountered an error):

STOP: 0X000000F4, (0X00000003, 0X8A26C9E0, 0X8A26CB54, 0X8060577E)

#6
RKinner

Posted 17 June 2011 - 10:02 PM

Malware Expert

Expert
24,625 posts

:OTL
SRV - File not found [Auto | Stopped] -- -- (NMSAccess)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56283
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 56283
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
[2011/06/16 09:59:18 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ALIZA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RGSVN09W.DEFAULT\EXTENSIONS\{21B88860-5E00-44DD-BDAC-FCA1F791837E}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ALIZA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RGSVN09W.DEFAULT\EXTENSIONS\{C50CA3C4-5656-43C2-A061-13E717F73FC8}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ALIZA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RGSVN09W.DEFAULT\EXTENSIONS\{D57C9FF1-6389-48FC-B770-F78BD89B6E8A}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ALIZA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RGSVN09W.DEFAULT\EXTENSIONS\[email protected]
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
F3 - HKCU WinNT: Load - (C:\DOCUME~1\Aliza\LOCALS~1\Temp\csrss.exe) - C:\Documents and Settings\Aliza\Local Settings\Temp\csrss.exe ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} http://ll.g.gametap....pWebUpdater.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Aliza\Application Data\dwm.exe) - C:\Documents and Settings\Aliza\Application Data\dwm.exe ()
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O36 - AppCertDlls: cisvfmon - (C:\WINDOWS\system32\atnw12.dll) - C:\WINDOWS\system32\atnw12.dll ()
[2011/06/08 23:46:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aliza\Application Data\bkbxxenlt
[2011/06/16 23:29:07 | 000,031,786 | ---- | M] () -- C:\Documents and Settings\Aliza\Application Data\EAFE.1FF
[2011/06/16 23:16:03 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3534371746-1935322057-1064774181-1006.job
[2011/06/16 23:16:03 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3534371746-1935322057-1064774181-1006.job
[2011/06/16 23:11:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3534371746-1935322057-1064774181-1006UA.job
[2011/06/16 23:09:23 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2011/06/16 23:08:38 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/06/16 23:08:29 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2011/06/16 23:08:22 | 000,000,314 | --S- | M] () -- C:\WINDOWS\tasks\fuui.job
[2011/06/16 23:08:22 | 000,000,308 | --S- | M] () -- C:\WINDOWS\tasks\kozmz.job
[2011/06/16 23:08:22 | 000,000,306 | --S- | M] () -- C:\WINDOWS\tasks\PBBQDQYJFZ.job
[2011/06/16 23:08:22 | 000,000,304 | --S- | M] () -- C:\WINDOWS\tasks\ksjurhc.job
[2011/06/16 22:50:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/16 20:11:01 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3534371746-1935322057-1064774181-1006Core.job
[2011/06/16 10:20:01 | 000,186,880 | ---- | M] () -- C:\Documents and Settings\Aliza\Application Data\dwm.exe
[2011/06/13 19:24:12 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2011/06/11 23:58:55 | 000,000,128 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~24829732r
[2011/06/11 23:58:55 | 000,000,112 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~24829732
[2011/06/11 23:58:50 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\24829732
[2011/06/11 00:15:22 | 000,709,456 | ---- | M] () -- C:\WINDOWS\is-B5FH3.exe
[2011/06/11 00:15:22 | 000,010,562 | ---- | M] () -- C:\WINDOWS\is-B5FH3.msg
[2011/06/11 00:15:22 | 000,000,346 | ---- | M] () -- C:\WINDOWS\is-B5FH3.lst
[2011/06/10 08:59:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3534371746-1935322057-1064774181-1007.job
[2011/06/08 23:34:16 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malware Protection.lnk
[2011/06/08 23:13:16 | 000,062,976 | ---- | M] () -- C:\WINDOWS\System32\atnw12.dll
[2011/06/08 23:13:16 | 000,000,069 | ---- | M] () -- C:\WINDOWS\System32\4749859.bat
[2011/06/08 19:49:30 | 000,000,144 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~17489700
[2011/06/08 19:49:29 | 000,000,160 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~17489700r
[2011/06/08 19:48:55 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\17489700
[2011/06/11 00:03:52 | 001,007,120 | ---- | C] () -- C:\Documents and Settings\Aliza\Desktop\iExplore.exe
[2010/06/24 10:28:28 | 000,005,097 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ojobkspa.ako
[2010/03/29 16:05:33 | 000,017,888 | --S- | C] () -- C:\Documents and Settings\All Users\Application Data\5lRk1
[2010/03/29 16:05:33 | 000,017,888 | --S- | C] () -- C:\Documents and Settings\Aliza\Local Settings\Application Data\5lRk1
[2009/08/30 00:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aliza\Application Data\215711

:files
C:\Documents and Settings\Aliza\Application Data\Microsoft\conhost.exe
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"

:Commands
[purity]
[Reboot]

Try the above. See if we have better luck.

Ron

#7
Lee07666

Posted 18 June 2011 - 10:30 AM

Member

Topic Starter
Member
34 posts

i am doing these steps one by one, so first OTL:

OTL Extras logfile created on: 6/18/2011 12:23:38 PM - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Aliza\Desktop\VIRUS REMOVAL PROGRAMS
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 67.88% Memory free
3.84 Gb Paging File | 3.30 Gb Available in Paging File | 85.91% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 43.29 Gb Free Space | 29.06% Space Free | Partition Type: NTFS

Computer Name: FAMILY | User Name: Aliza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"10421:UDP" = 10421:UDP:*:Enabled:SingleClick Discovery Protocol
"10426:UDP" = 10426:UDP:*:Enabled:SingleClick ICC
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe" = C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant -- (SingleClick Systems)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
"C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager -- (Intuit, Inc.)
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client
"C:\Program Files\Team17 Software Ltd\Worms 4 Mayhem\Worms4Mayhem.exe" = C:\Program Files\Team17 Software Ltd\Worms 4 Mayhem\Worms4Mayhem.exe:*:Enabled:Worms 4 Mayhem
"C:\Documents and Settings\Aliza\desktop\Worms Armageddon\wa.exe" = C:\Documents and Settings\Aliza\desktop\Worms Armageddon\wa.exe:*:Enabled:Worms Armageddon
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Documents and Settings\Aliza\Local Settings\Temp\Rar$EX00.797\WORMS 4 MAYHEM.EXE" = C:\Documents and Settings\Aliza\Local Settings\Temp\Rar$EX00.797\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem
"C:\Documents and Settings\Aliza\Local Settings\Temp\Rar$EX00.703\WORMS 4 MAYHEM.EXE" = C:\Documents and Settings\Aliza\Local Settings\Temp\Rar$EX00.703\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem
"C:\Documents and Settings\Aliza\Local Settings\Temp\Rar$EX04.672\WORMS 4 MAYHEM.EXE" = C:\Documents and Settings\Aliza\Local Settings\Temp\Rar$EX04.672\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem
"C:\Documents and Settings\Aliza\Local Settings\Temp\Rar$EX02.532\WORMS 4 MAYHEM.EXE" = C:\Documents and Settings\Aliza\Local Settings\Temp\Rar$EX02.532\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem
"C:\Documents and Settings\Aliza\Local Settings\Temp\Rar$EX00.453\WORMS 4 MAYHEM.EXE" = C:\Documents and Settings\Aliza\Local Settings\Temp\Rar$EX00.453\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem
"C:\Documents and Settings\Aliza\Local Settings\Temp\Rar$EX12.891\WORMS 4 MAYHEM.EXE" = C:\Documents and Settings\Aliza\Local Settings\Temp\Rar$EX12.891\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem
"C:\Documents and Settings\Aliza\Local Settings\Temp\Rar$EX00.344\WORMS 4 MAYHEM.EXE" = C:\Documents and Settings\Aliza\Local Settings\Temp\Rar$EX00.344\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem
"C:\Program Files\Microsoft Games\Halo\halo.exe" = C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo
"C:\Documents and Settings\Aliza\desktop\utorrent.exe" = C:\Documents and Settings\Aliza\desktop\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\TVersity\Media Server\MediaServer.exe" = C:\Program Files\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Team17\Worms World Party\wwp.exe" = C:\Team17\Worms World Party\wwp.exe:*:Enabled:Worms World Party -- (Team17 Software Ltd)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{12BB7942-1E1F-43D9-B441-4668C1629425}" = hp officejet 6100 series
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3364BD16-5A28-4862-86A1-A8FF5FD23919}" = Music Rescue
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}" = PixiePack Codec Pack
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69B02159-7622-4DBB-B9EE-F933039830AD}" = QuickBooks Pro 2006
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.8.0
"{82CA0A0C-A3EC-4167-B694-909205B2EDEC}" = muvee Plugin 1.0
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA6C33AF-8650-4E49-993A-D5701B783012}" = SlimCleaner
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B1C0D829-FE30-059E-E93F-CDC7A48235C0}" = FlipShare
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C15B6175-689A-4D97-A42C-7225353F60A7}" = Linksys Updater
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE34691C-4298-4667-9758-D7F534DD0B94}" = Dell Automated PC TuneUp
"{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Box Shot 3D" = Box Shot 3D
"CCleaner" = CCleaner
"Creative PC-CAM Center" = Creative PC-CAM Center
"Creative PD1131" = Creative WebCam NX Pro Driver (1.03.03.0326)
"Creative WebCam Monitor" = Creative WebCam Monitor
"Creative WebCam NX Pro User's Guide English" = Creative WebCam NX Pro User's Guide (English)
"CutePDF Writer Installation" = CutePDF Writer 2.7
"deskPDF 2.5 Professional_is1" = deskPDF 2.5 Professional Edition
"Directory Submitter_is1" = Directory Submitter 1.0.29
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"ffdshow_is1" = ffdshow [rev 3285] [2010-02-25]
"FileZilla Client" = FileZilla Client 3.3.2.1
"Free Video Converter_is1" = Free Video Converter V 2.91
"Glary Utilities_is1" = Glary Utilities 2.5.1
"Google Desktop" = Google Desktop
"GPL Ghostscript_is1" = Docudesk GPL Ghostscript 8.15
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HaaliMkx" = Haali Media Splitter
"HDMI" = Intel® Graphics Media Accelerator Driver
"Health Secrets_is1" = Health Secrets
"HitmanPro35" = Hitman Pro 3.5
"HP OfficeJet 6100 Series" = HP Photo and Imaging 2.0 - hp officejet 6100 series
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PhotoPad" = PhotoPad Image Editor
"PhotoStage" = PhotoStage Slideshow Producer
"Pixillion" = Pixillion Image Converter
"PowerISO" = PowerISO
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"RealArcade" = RealArcade
"RealPlayer 12.0" = RealPlayer
"Recover Files_is1" = Recover Files 3.21
"Replay_Converter_1" = Replay Converter 2.8
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"StumbleUponIEToolbar" = StumbleUpon IE Toolbar
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"Switch" = Switch Sound File Converter
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 6" = TeamViewer 6
"The Best-Seller Secret_is1" = The Best-Seller Secret
"Traffic Travis_is1" = Traffic Travis 3.1.14
"Ultra QuickTime Converter_is1" = Ultra QuickTime Converter 2.4.1127
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Worms Armageddon - New Edition" = Worms Armageddon - New Edition
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XSitePro2" = XSitePro2
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.8.0.723
"Move Media Player" = Move Media Player
"SmartDraw 2010" = SmartDraw 2010

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/14/2011 11:06:18 PM | Computer Name = FAMILY | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 12.0.6545.5000, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/15/2011 12:39:01 PM | Computer Name = FAMILY | Source = MsiInstaller | ID = 11714
Description = Product: QuickTime -- Error 1714. The older version of QuickTime cannot
be removed. Contact your technical support group. System Error 1612.

Error - 6/15/2011 5:45:07 PM | Computer Name = FAMILY | Source = MsiInstaller | ID = 11714
Description = Product: Bonjour -- Error 1714. The older version of Bonjour cannot
be removed. Contact your technical support group. System Error 1612.

Error - 6/16/2011 11:05:52 PM | Computer Name = FAMILY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/17/2011 9:29:58 PM | Computer Name = FAMILY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/17/2011 9:30:00 PM | Computer Name = FAMILY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/17/2011 11:26:21 PM | Computer Name = FAMILY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 6/18/2011 10:34:15 AM | Computer Name = FAMILY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/18/2011 10:34:15 AM | Computer Name = FAMILY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 28406390

Error - 6/18/2011 10:34:15 AM | Computer Name = FAMILY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 28406390

[ OSession Events ]
Error - 4/30/2008 1:08:04 AM | Computer Name = D7WHV1G1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 620
seconds with 180 seconds of active time. This session ended with a crash.

Error - 10/26/2009 10:16:39 AM | Computer Name = D7WHV1G1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 243080
seconds with 4380 seconds of active time. This session ended with a crash.

Error - 1/13/2010 1:18:16 AM | Computer Name = D7WHV1G1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 23666
seconds with 1920 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/17/2011 11:21:29 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio avipbb Fips intelppm SCDEmu ssmdrv szkg5 szkgfs

Error - 6/17/2011 11:26:08 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate) service to connect.

Error - 6/17/2011 11:26:08 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%1053

Error - 6/17/2011 11:26:08 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
szkg5 szkgfs

Error - 6/17/2011 11:26:08 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7034
Description = The Linksys Updater service terminated unexpectedly. It has done
this 1 time(s).

Error - 6/17/2011 11:26:59 PM | Computer Name = FAMILY | Source = System Error | ID = 1003
Description = Error code 000000f4, parameter1 00000003, parameter2 8a26c9e0, parameter3
8a26cb54, parameter4 8060577e.

Error - 6/18/2011 12:19:59 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate) service to connect.

Error - 6/18/2011 12:19:59 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%1053

Error - 6/18/2011 12:19:59 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
szkg5 szkgfs

Error - 6/18/2011 12:19:59 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7034
Description = The Linksys Updater service terminated unexpectedly. It has done
this 1 time(s).

< End of report >

OTL Extras logfile created on: 6/18/2011 12:23:38 PM - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Aliza\Desktop\VIRUS REMOVAL PROGRAMS
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 67.88% Memory free
3.84 Gb Paging File | 3.30 Gb Available in Paging File | 85.91% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 43.29 Gb Free Space | 29.06% Space Free | Partition Type: NTFS

Computer Name: FAMILY | User Name: Aliza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"10421:UDP" = 10421:UDP:*:Enabled:SingleClick Discovery Protocol
"10426:UDP" = 10426:UDP:*:Enabled:SingleClick ICC
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe" = C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant -- (SingleClick Systems)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
"C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager -- (Intuit, Inc.)
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client
"C:\Program Files\Team17 Software Ltd\Worms 4 Mayhem\Worms4Mayhem.exe" = C:\Program Files\Team17 Software Ltd\Worms 4 Mayhem\Worms4Mayhem.exe:*:Enabled:Worms 4 Mayhem
"C:\Documents and Settings\Aliza\desktop\Worms Armageddon\wa.exe" = C:\Documents and Settings\Aliza\desktop\Worms Armageddon\wa.exe:*:Enabled:Worms Armageddon
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Documents and Settings\Aliza\Local Settings\Temp\Rar$EX00.797\WORMS 4 MAYHEM.EXE" = C:\Documents and Settings\Aliza\Local Settings\Temp\Rar$EX00.797\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem
"C:\Documents and Settings\Aliza\Local Settings\Temp\Rar$EX00.703\WORMS 4 MAYHEM.EXE" = C:\Documents and Settings\Aliza\Local Settings\Temp\Rar$EX00.703\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem
"C:\Documents and Settings\Aliza\Local Settings\Temp\Rar$EX04.672\WORMS 4 MAYHEM.EXE" = C:\Documents and Settings\Aliza\Local Settings\Temp\Rar$EX04.672\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem
"C:\Documents and Settings\Aliza\Local Settings\Temp\Rar$EX02.532\WORMS 4 MAYHEM.EXE" = C:\Documents and Settings\Aliza\Local Settings\Temp\Rar$EX02.532\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem
"C:\Documents and Settings\Aliza\Local Settings\Temp\Rar$EX00.453\WORMS 4 MAYHEM.EXE" = C:\Documents and Settings\Aliza\Local Settings\Temp\Rar$EX00.453\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem
"C:\Documents and Settings\Aliza\Local Settings\Temp\Rar$EX12.891\WORMS 4 MAYHEM.EXE" = C:\Documents and Settings\Aliza\Local Settings\Temp\Rar$EX12.891\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem
"C:\Documents and Settings\Aliza\Local Settings\Temp\Rar$EX00.344\WORMS 4 MAYHEM.EXE" = C:\Documents and Settings\Aliza\Local Settings\Temp\Rar$EX00.344\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem
"C:\Program Files\Microsoft Games\Halo\halo.exe" = C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo
"C:\Documents and Settings\Aliza\desktop\utorrent.exe" = C:\Documents and Settings\Aliza\desktop\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\TVersity\Media Server\MediaServer.exe" = C:\Program Files\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Team17\Worms World Party\wwp.exe" = C:\Team17\Worms World Party\wwp.exe:*:Enabled:Worms World Party -- (Team17 Software Ltd)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{12BB7942-1E1F-43D9-B441-4668C1629425}" = hp officejet 6100 series
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3364BD16-5A28-4862-86A1-A8FF5FD23919}" = Music Rescue
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}" = PixiePack Codec Pack
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69B02159-7622-4DBB-B9EE-F933039830AD}" = QuickBooks Pro 2006
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.8.0
"{82CA0A0C-A3EC-4167-B694-909205B2EDEC}" = muvee Plugin 1.0
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA6C33AF-8650-4E49-993A-D5701B783012}" = SlimCleaner
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B1C0D829-FE30-059E-E93F-CDC7A48235C0}" = FlipShare
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C15B6175-689A-4D97-A42C-7225353F60A7}" = Linksys Updater
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE34691C-4298-4667-9758-D7F534DD0B94}" = Dell Automated PC TuneUp
"{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Box Shot 3D" = Box Shot 3D
"CCleaner" = CCleaner
"Creative PC-CAM Center" = Creative PC-CAM Center
"Creative PD1131" = Creative WebCam NX Pro Driver (1.03.03.0326)
"Creative WebCam Monitor" = Creative WebCam Monitor
"Creative WebCam NX Pro User's Guide English" = Creative WebCam NX Pro User's Guide (English)
"CutePDF Writer Installation" = CutePDF Writer 2.7
"deskPDF 2.5 Professional_is1" = deskPDF 2.5 Professional Edition
"Directory Submitter_is1" = Directory Submitter 1.0.29
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"ffdshow_is1" = ffdshow [rev 3285] [2010-02-25]
"FileZilla Client" = FileZilla Client 3.3.2.1
"Free Video Converter_is1" = Free Video Converter V 2.91
"Glary Utilities_is1" = Glary Utilities 2.5.1
"Google Desktop" = Google Desktop
"GPL Ghostscript_is1" = Docudesk GPL Ghostscript 8.15
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HaaliMkx" = Haali Media Splitter
"HDMI" = Intel® Graphics Media Accelerator Driver
"Health Secrets_is1" = Health Secrets
"HitmanPro35" = Hitman Pro 3.5
"HP OfficeJet 6100 Series" = HP Photo and Imaging 2.0 - hp officejet 6100 series
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PhotoPad" = PhotoPad Image Editor
"PhotoStage" = PhotoStage Slideshow Producer
"Pixillion" = Pixillion Image Converter
"PowerISO" = PowerISO
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"RealArcade" = RealArcade
"RealPlayer 12.0" = RealPlayer
"Recover Files_is1" = Recover Files 3.21
"Replay_Converter_1" = Replay Converter 2.8
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"StumbleUponIEToolbar" = StumbleUpon IE Toolbar
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"Switch" = Switch Sound File Converter
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 6" = TeamViewer 6
"The Best-Seller Secret_is1" = The Best-Seller Secret
"Traffic Travis_is1" = Traffic Travis 3.1.14
"Ultra QuickTime Converter_is1" = Ultra QuickTime Converter 2.4.1127
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Worms Armageddon - New Edition" = Worms Armageddon - New Edition
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XSitePro2" = XSitePro2
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.8.0.723
"Move Media Player" = Move Media Player
"SmartDraw 2010" = SmartDraw 2010

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/14/2011 11:06:18 PM | Computer Name = FAMILY | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 12.0.6545.5000, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/15/2011 12:39:01 PM | Computer Name = FAMILY | Source = MsiInstaller | ID = 11714
Description = Product: QuickTime -- Error 1714. The older version of QuickTime cannot
be removed. Contact your technical support group. System Error 1612.

Error - 6/15/2011 5:45:07 PM | Computer Name = FAMILY | Source = MsiInstaller | ID = 11714
Description = Product: Bonjour -- Error 1714. The older version of Bonjour cannot
be removed. Contact your technical support group. System Error 1612.

Error - 6/16/2011 11:05:52 PM | Computer Name = FAMILY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/17/2011 9:29:58 PM | Computer Name = FAMILY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/17/2011 9:30:00 PM | Computer Name = FAMILY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/17/2011 11:26:21 PM | Computer Name = FAMILY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 6/18/2011 10:34:15 AM | Computer Name = FAMILY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/18/2011 10:34:15 AM | Computer Name = FAMILY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 28406390

Error - 6/18/2011 10:34:15 AM | Computer Name = FAMILY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 28406390

[ OSession Events ]
Error - 4/30/2008 1:08:04 AM | Computer Name = D7WHV1G1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 620
seconds with 180 seconds of active time. This session ended with a crash.

Error - 10/26/2009 10:16:39 AM | Computer Name = D7WHV1G1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 243080
seconds with 4380 seconds of active time. This session ended with a crash.

Error - 1/13/2010 1:18:16 AM | Computer Name = D7WHV1G1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 23666
seconds with 1920 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/17/2011 11:21:29 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio avipbb Fips intelppm SCDEmu ssmdrv szkg5 szkgfs

Error - 6/17/2011 11:26:08 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate) service to connect.

Error - 6/17/2011 11:26:08 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%1053

Error - 6/17/2011 11:26:08 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
szkg5 szkgfs

Error - 6/17/2011 11:26:08 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7034
Description = The Linksys Updater service terminated unexpectedly. It has done
this 1 time(s).

Error - 6/17/2011 11:26:59 PM | Computer Name = FAMILY | Source = System Error | ID = 1003
Description = Error code 000000f4, parameter1 00000003, parameter2 8a26c9e0, parameter3
8a26cb54, parameter4 8060577e.

Error - 6/18/2011 12:19:59 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate) service to connect.

Error - 6/18/2011 12:19:59 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%1053

Error - 6/18/2011 12:19:59 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
szkg5 szkgfs

Error - 6/18/2011 12:19:59 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7034
Description = The Linksys Updater service terminated unexpectedly. It has done
this 1 time(s).

< End of report >

#8
Lee07666

Posted 18 June 2011 - 10:51 AM

Member

Topic Starter
Member
34 posts

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6887

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/18/2011 12:50:59 PM
mbam-log-2011-06-18 (12-50-59).txt

Scan type: Quick scan
Objects scanned: 200750
Time elapsed: 10 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Value: conhost -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Aliza\local settings\Temp\24350343.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.

#9
RKinner

Posted 18 June 2011 - 12:10 PM

Malware Expert

Expert
24,625 posts

You posted two Extra logs. Can I see the OTL log? Or just run it again and hit QuickScan

Ron

#10
Lee07666

Posted 18 June 2011 - 12:22 PM

Member

Topic Starter
Member
34 posts

sorry! here's the OTL text

OTL logfile created on: 6/18/2011 12:23:38 PM - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Aliza\Desktop\VIRUS REMOVAL PROGRAMS
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 67.88% Memory free
3.84 Gb Paging File | 3.30 Gb Available in Paging File | 85.91% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 43.29 Gb Free Space | 29.06% Space Free | Partition Type: NTFS

Computer Name: FAMILY | User Name: Aliza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/12 15:44:28 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2011/06/08 20:52:53 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aliza\desktop\VIRUS REMOVAL PROGRAMS\OTL.exe
PRC - [2011/04/27 14:20:43 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/04/19 02:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/04/19 02:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2011/03/16 17:29:26 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/05/14 13:59:44 | 000,455,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/11/08 23:17:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/25 12:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/11/10 14:03:52 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
PRC - [2003/04/06 01:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003/04/06 00:37:38 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
PRC - [2003/03/09 16:30:52 | 000,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

========== Modules (SafeList) ==========

MOD - [2011/06/12 15:44:50 | 000,043,520 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll
MOD - [2011/06/08 20:52:53 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aliza\desktop\VIRUS REMOVAL PROGRAMS\OTL.exe
MOD - [2011/04/18 22:51:18 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
MOD - [2011/04/18 22:51:18 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/04/27 14:20:43 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/04/19 02:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/03/16 17:29:26 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/05/14 13:59:44 | 000,455,944 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/03 16:52:26 | 000,120,168 | ---- | M] (stumbleupon.com) [On_Demand | Stopped] -- C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe -- (StumbleUponUpdateService)
SRV - [2009/04/26 20:05:00 | 002,870,429 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2008/10/09 21:00:13 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/01/15 10:28:20 | 000,204,800 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2007/10/11 10:49:46 | 000,076,016 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe -- (DellAMBrokerService)
SRV - [2007/05/25 12:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2003/03/09 16:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2011/03/16 17:29:27 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/12/13 09:40:21 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/11/08 23:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/05/19 16:01:56 | 000,053,888 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\evserial.sys -- (evserial) Virtual Serial Ports Driver (Eltima Softwate)
DRV - [2008/05/19 16:01:50 | 000,027,904 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\evsbc.sys -- (VSBC) Virtual Serial Bus Enumerator (Eltima Software)
DRV - [2008/02/20 13:47:34 | 000,027,936 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2007/08/23 19:29:10 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\datunidr.sys -- (datunidr)
DRV - [2007/06/13 21:41:44 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/12/18 20:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys -- (PTproct)
DRV - [2006/08/18 14:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 14:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 14:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 14:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 14:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 14:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 14:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 14:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 11:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 11:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/03/26 11:55:12 | 000,091,241 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P1131Vid.sys -- (P1131VID) Creative WebCam NX Pro (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080415
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080415

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...?channel=us-smb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://uncyclopedia....ow_to_be_funny"
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.5
FF - prefs.js..extensions.enabledItems: [email protected]:0.4.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.0
FF - prefs.js..extensions.enabledItems: {21b88860-5e00-44dd-bdac-fca1f791837e}:0.2.0.7
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:1.6.1
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.31
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.type: ""

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/12 15:44:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/12 15:44:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/12 15:45:12 | 000,000,000 | ---D | M]

[2008/08/28 10:54:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aliza\Application Data\Mozilla\Extensions
[2011/06/16 09:59:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\extensions
[2009/09/02 13:26:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/04/26 14:23:15 | 000,000,000 | ---D | M] (InstantAction.com Game Launcher) -- C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\extensions\[email protected]
[2008/08/06 20:34:18 | 000,000,000 | ---D | M] (RealArcade V3 Plugin) -- C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\extensions\[email protected]
[2008/05/04 14:32:35 | 000,000,275 | ---- | M] () -- C:\Documents and Settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\searchplugins\search.xml
[2011/06/12 15:35:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2009/12/02 19:56:47 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\ALIZA\APPLICATION DATA\MOVE NETWORKS
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ALIZA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RGSVN09W.DEFAULT\EXTENSIONS\{21B88860-5E00-44DD-BDAC-FCA1F791837E}.XPI
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ALIZA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RGSVN09W.DEFAULT\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ALIZA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RGSVN09W.DEFAULT\EXTENSIONS\{C50CA3C4-5656-43C2-A061-13E717F73FC8}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ALIZA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RGSVN09W.DEFAULT\EXTENSIONS\{D57C9FF1-6389-48FC-B770-F78BD89B6E8A}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ALIZA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RGSVN09W.DEFAULT\EXTENSIONS\[email protected]
[2011/06/12 15:44:51 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2008/05/04 14:32:39 | 000,000,368 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\search.xml

O1 HOSTS File: ([2011/06/08 21:55:21 | 000,000,021 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [conhost] File not found
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - File not found
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} http://www.blackberr...re/AxLoader.cab (AxLoaderPassword Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1266631313843 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15111/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.130 167.206.245.129
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/12 14:04:00 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6b7a0b51-756b-11dd-8a8d-001d09944c17}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/18 12:16:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Smart Defrag 2
[2011/06/18 12:16:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 4
[2011/06/16 23:41:01 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/06/16 03:04:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/06/15 19:06:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 5
[2011/06/15 19:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IObit Security 360
[2011/06/15 15:06:13 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/06/12 16:47:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aliza\Local Settings\Application Data\SlimWare Utilities Inc
[2011/06/12 16:47:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SlimCleaner
[2011/06/12 16:47:30 | 000,000,000 | ---D | C] -- C:\Program Files\SlimCleaner
[2011/06/12 16:46:41 | 000,000,000 | ---D | C] -- C:\Program Files\Downloaded Installers
[2011/06/12 16:32:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/06/12 16:19:47 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/06/12 16:01:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 6
[2011/06/12 15:45:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2011/06/12 15:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/06/12 15:44:30 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/06/12 15:44:30 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/06/12 15:44:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2011/06/12 15:36:31 | 000,049,248 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/06/12 15:35:49 | 000,049,265 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\jpicpl32.cpl
[2011/06/12 15:24:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aliza\Local Settings\Application Data\Secunia PSI
[2011/06/12 15:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/06/12 11:32:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/12 10:53:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/06/12 00:16:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aliza\Desktop\RK_Quarantine
[2011/06/12 00:13:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Aliza\Recent
[2011/06/11 17:42:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\STOPzilla
[2011/06/11 00:30:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/06/11 00:29:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aliza\Application Data\IObit
[2011/06/11 00:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/06/11 00:14:21 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Aliza\Desktop\mbam-setup.exe
[2011/06/10 19:30:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aliza\Local Settings\Application Data\Wuala
[2011/06/10 19:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aliza\Application Data\Wuala
[2011/06/10 11:37:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aliza\Start Menu\Programs\Google Chrome
[2011/06/09 20:09:28 | 000,000,000 | ---D | C] -- C:\MGtools
[2011/06/09 17:12:40 | 012,521,992 | ---- | C] (Mozilla) -- C:\Documents and Settings\Aliza\Desktop\Firefox Setup 4.0.1.exe
[2011/06/08 23:02:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aliza\Desktop\Gali Girls
[2011/06/08 21:03:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/08 20:14:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aliza\Application Data\Google Talk
[2011/06/08 19:49:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aliza\Start Menu\Programs\Windows XP Restore
[2011/06/05 00:14:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aliza\Desktop\CLEAN
[2011/06/04 13:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aliza\Desktop\WEDDING BIZ
[2011/05/29 11:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/05/29 11:55:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/05/26 23:32:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/05/26 23:28:30 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/05/26 23:18:44 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/05/26 23:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hitman Pro 3.5
[2011/05/26 23:17:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/05/26 01:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/05/26 01:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2011/05/25 21:11:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/05/25 20:22:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/05/25 20:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/05/21 21:56:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/05/21 21:56:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/05/21 21:54:39 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[25 C:\Documents and Settings\Aliza\My Documents\*.tmp files -> C:\Documents and Settings\Aliza\My Documents\*.tmp -> ]
[2 C:\Documents and Settings\Aliza\Desktop\*.tmp files -> C:\Documents and Settings\Aliza\Desktop\*.tmp -> ]
[15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/18 12:20:26 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/06/18 12:19:24 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/18 12:19:23 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3534371746-1935322057-1064774181-1007.job
[2011/06/18 12:19:23 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2011/06/18 12:19:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/18 12:19:07 | 2136,129,536 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/18 12:17:51 | 000,000,300 | ---- | M] () -- C:\Documents and Settings\Aliza\Application Data\EAFE.1FF
[2011/06/17 21:13:38 | 000,000,494 | ---- | M] () -- C:\hpfr5550.xml
[2011/06/16 23:38:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\null
[2011/06/16 03:17:01 | 000,476,836 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/16 03:17:01 | 000,085,726 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/16 03:09:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/15 10:44:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/13 20:59:53 | 000,000,083 | ---- | M] () -- C:\WINDOWS\wwp.INI
[2011/06/12 16:47:31 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SlimCleaner.lnk
[2011/06/12 16:32:06 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/06/12 16:01:06 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 6.lnk
[2011/06/12 15:45:07 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/06/12 15:44:43 | 000,198,848 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011/06/12 15:44:30 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/06/12 15:44:30 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/06/12 15:44:29 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011/06/12 15:40:14 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/12 15:15:33 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/06/11 00:14:28 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Aliza\Desktop\mbam-setup.exe
[2011/06/10 23:18:47 | 001,305,136 | ---- | M] () -- C:\Documents and Settings\Aliza\Desktop\tdsskiller.zip
[2011/06/09 20:08:09 | 002,419,100 | ---- | M] () -- C:\MGtools.exe
[2011/06/09 20:00:25 | 000,019,286 | ---- | M] () -- C:\cleanup.exe
[2011/06/09 19:04:55 | 000,001,288 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/06/09 17:13:51 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Aliza\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/09 17:13:51 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/09 17:13:02 | 012,521,992 | ---- | M] (Mozilla) -- C:\Documents and Settings\Aliza\Desktop\Firefox Setup 4.0.1.exe
[2011/06/08 23:46:42 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/08 23:34:16 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malware Protection.lnk
[2011/06/08 23:02:33 | 000,232,448 | -H-- | M] () -- C:\Documents and Settings\Aliza\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/08 21:55:21 | 000,000,021 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/08 13:14:02 | 000,072,080 | ---- | M] () -- C:\Documents and Settings\Aliza\g2mdlhlpx.exe
[2011/06/05 22:12:48 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Aliza\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/30 18:19:48 | 005,964,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/26 23:28:30 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/05/26 23:18:45 | 000,017,480 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[25 C:\Documents and Settings\Aliza\My Documents\*.tmp files -> C:\Documents and Settings\Aliza\My Documents\*.tmp -> ]
[2 C:\Documents and Settings\Aliza\Desktop\*.tmp files -> C:\Documents and Settings\Aliza\Desktop\*.tmp -> ]
[15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/18 12:17:51 | 000,000,300 | ---- | C] () -- C:\Documents and Settings\Aliza\Application Data\EAFE.1FF
[2011/06/18 12:16:48 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2011/06/18 12:16:47 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malware Protection.lnk
[2011/06/18 12:16:46 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\Aliza\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/06/17 23:24:54 | 2136,129,536 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/15 19:06:32 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2011/06/15 19:06:32 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2011/06/12 16:47:31 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SlimCleaner.lnk
[2011/06/12 16:32:06 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/06/12 16:01:06 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 6.lnk
[2011/06/12 15:45:07 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/06/12 15:15:33 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/06/12 15:15:33 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2011/06/11 17:42:18 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/06/11 00:30:10 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2011/06/11 00:22:26 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Aliza\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/11 00:22:22 | 000,002,262 | ---- | C] () -- C:\Documents and Settings\Aliza\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/11 00:22:18 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/10 23:18:34 | 001,305,136 | ---- | C] () -- C:\Documents and Settings\Aliza\Desktop\tdsskiller.zip
[2011/06/09 20:08:06 | 002,419,100 | ---- | C] () -- C:\MGtools.exe
[2011/06/09 20:00:25 | 000,019,286 | ---- | C] () -- C:\cleanup.exe
[2011/06/09 19:03:15 | 000,001,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/06/09 11:47:24 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/06/09 11:47:24 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/06/08 21:38:47 | 000,002,695 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Music Rescue.lnk
[2011/06/08 21:38:47 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/06/08 21:38:47 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/06/08 21:38:47 | 000,001,665 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPER ©.lnk
[2011/06/08 21:38:47 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/06/08 21:38:47 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2011/06/08 21:38:47 | 000,000,851 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photo & Imaging.lnk
[2011/06/08 21:38:47 | 000,000,851 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Director.lnk
[2011/06/08 21:38:47 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FlipShare.lnk
[2011/06/08 21:38:47 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\Aliza\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/06/08 21:38:47 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/06/08 21:38:47 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Directory Submitter.lnk
[2011/06/08 21:38:47 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Box Shot 3D.lnk
[2011/06/08 21:38:47 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PowerISO.lnk
[2011/06/08 21:38:47 | 000,000,477 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Worms World Party.lnk
[2011/06/08 21:38:46 | 000,001,562 | ---- | C] () -- C:\Documents and Settings\Aliza\Application Data\Microsoft\Internet Explorer\Quick Launch\RealArcade My Games.lnk
[2011/06/08 21:38:46 | 000,001,546 | ---- | C] () -- C:\Documents and Settings\Aliza\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/06/08 21:38:46 | 000,000,834 | ---- | C] () -- C:\Documents and Settings\Aliza\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Video Converter.lnk
[2011/06/08 21:38:46 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Aliza\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/08 21:38:46 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Aliza\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/08 21:38:46 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Aliza\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/06/08 21:38:46 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\Aliza\Application Data\Microsoft\Internet Explorer\Quick Launch\Traffic Travis.lnk
[2011/06/08 21:38:46 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Aliza\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/08 21:38:45 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/06/08 21:38:45 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/06/08 21:38:43 | 000,001,695 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPER © Uninstall.lnk
[2011/06/08 21:38:43 | 000,001,671 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPER ©.lnk
[2011/06/08 21:38:43 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/06/08 21:38:43 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Switch Sound File Converter.lnk
[2011/06/08 21:38:43 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk
[2011/06/08 21:38:43 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
[2011/06/08 21:38:41 | 000,001,890 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2011/06/08 21:38:41 | 000,001,717 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PowerDVD DX.lnk
[2011/06/08 21:38:41 | 000,000,841 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PhotoStage Slideshow Producer.lnk
[2011/06/08 21:38:36 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\FlipShare.lnk
[2011/06/08 21:38:32 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/06/08 21:38:32 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/08 21:38:32 | 000,001,100 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
[2011/06/08 21:38:32 | 000,000,976 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Flash CS3 Video Encoder.lnk
[2011/06/08 21:38:32 | 000,000,911 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Device Central CS3.lnk
[2011/06/08 21:38:32 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ImageReady 7.0.lnk
[2011/06/08 21:38:32 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge CS3.lnk
[2011/06/08 21:38:32 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Flash CS3 Professional.lnk
[2011/06/08 21:38:31 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat.com.lnk
[2011/05/26 23:18:45 | 000,017,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/05/24 10:13:14 | 000,000,083 | ---- | C] () -- C:\WINDOWS\wwp.INI
[2011/03/24 15:18:42 | 000,104,552 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/02/25 19:19:58 | 000,020,454 | ---- | C] () -- C:\WINDOWS\hpoins01.dat.temp
[2011/02/25 19:19:58 | 000,016,618 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat.temp
[2010/08/10 11:57:55 | 000,335,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/18 09:44:35 | 001,592,106 | ---- | C] () -- C:\WINDOWS\WANEUninstaller.exe
[2010/04/04 14:17:03 | 000,000,122 | ---- | C] () -- C:\WINDOWS\WA.INI
[2010/03/29 23:02:52 | 000,020,454 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2010/03/29 23:02:52 | 000,016,618 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2010/02/28 18:54:12 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/08/28 10:22:22 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/08/28 10:12:36 | 000,006,940 | ---- | C] () -- C:\Documents and Settings\Aliza\Application Data\PrimoPDFSet.xml
[2009/08/28 10:11:01 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2009/06/07 22:23:31 | 001,820,358 | ---- | C] () -- C:\WINDOWS\XSitePro2 Resource Pack 1 Uninstaller.exe
[2009/06/07 22:15:21 | 000,831,422 | ---- | C] () -- C:\WINDOWS\XSitePro2 Uninstaller.exe
[2009/06/03 17:18:33 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/05/24 16:30:23 | 000,000,033 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2009/04/27 00:13:36 | 000,000,314 | -H-- | C] () -- C:\WINDOWS\primopdf.ini
[2009/04/07 22:09:31 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/04/07 22:09:31 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/02/14 11:53:20 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2008/11/22 18:53:18 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\mf.dll
[2008/11/06 22:41:12 | 000,000,228 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/10/17 12:35:32 | 000,018,790 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll
[2008/10/09 21:09:12 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/10/07 17:42:31 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/08/15 10:05:50 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/08/14 18:52:33 | 001,003,520 | ---- | C] () -- C:\WINDOWS\System32\ltmm_n.dll
[2008/08/06 18:25:23 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2008/08/06 16:05:34 | 000,265,833 | ---- | C] () -- C:\Documents and Settings\Aliza\Application Data\com.kennettnet.MusicRescue4.Profiles.plist
[2008/08/06 16:05:34 | 000,090,164 | ---- | C] () -- C:\Documents and Settings\Aliza\Application Data\com.kennettnet.MusicRescue4.plist
[2008/07/09 22:44:52 | 000,000,108 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2008/07/09 22:44:52 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2008/07/09 22:44:52 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2008/06/11 15:18:45 | 000,232,448 | -H-- | C] () -- C:\Documents and Settings\Aliza\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/06 20:29:17 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2008/06/06 17:58:40 | 001,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
[2008/05/28 22:30:14 | 000,001,292 | ---- | C] () -- C:\Documents and Settings\Aliza\Local Settings\Application Data\FASTWiz.html
[2008/05/28 21:51:26 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Aliza\Local Settings\Application Data\fusioncache.dat
[2008/05/25 14:00:34 | 000,000,021 | -H-- | C] () -- C:\WINDOWS\atid.ini
[2008/05/18 18:51:31 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/05/14 18:22:49 | 000,001,507 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/04/30 14:02:45 | 000,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2008/04/28 20:00:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/04/15 01:34:01 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2008/04/15 01:31:10 | 000,000,859 | -H-- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2008/04/15 01:29:41 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/04/15 01:29:41 | 000,000,120 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2008/04/15 01:09:57 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/04/15 01:09:49 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2008/04/15 01:08:26 | 000,001,124 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/10/18 17:36:54 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\deskMenu2.dll
[2007/08/06 11:07:30 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/03/09 03:12:32 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2006/11/07 05:25:58 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/08/10 14:12:05 | 000,000,780 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 14:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 14:01:18 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:57:15 | 000,482,720 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:51:20 | 000,476,836 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 13:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 13:51:20 | 000,085,726 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 13:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 13:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 13:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 13:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 13:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 13:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 13:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 13:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/09 15:27:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ddcvt.exe
[2003/09/23 08:14:42 | 001,099,264 | ---- | C] () -- C:\WINDOWS\System32\cygxml2-2.dll
[2003/08/10 10:59:20 | 000,980,992 | ---- | C] () -- C:\WINDOWS\System32\cygiconv-2.dll
[2003/08/08 20:28:16 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll

========== Files - Unicode (All) ==========
[2010/06/02 19:13:28 | 000,010,225 | -H-- | M] ()(C:\Documents and Settings\Aliza\My Documents\???.kolachai.hebrewname.docx) -- C:\Documents and Settings\Aliza\My Documents\קול.kolachai.hebrewname.docx
[2010/06/02 19:13:28 | 000,010,225 | -H-- | C] ()(C:\Documents and Settings\Aliza\My Documents\???.kolachai.hebrewname.docx) -- C:\Documents and Settings\Aliza\My Documents\קול.kolachai.hebrewname.docx
[2007/06/19 22:56:49 | 000,139,776 | -H-- | C] ()(C:\Documents and Settings\Aliza\My Documents\??? ?????2.doc) -- C:\Documents and Settings\Aliza\My Documents\מתי היגיע2.doc
[2007/06/19 22:56:49 | 000,131,072 | -H-- | C] ()(C:\Documents and Settings\Aliza\My Documents\??? ??????.doc) -- C:\Documents and Settings\Aliza\My Documents\מתי היגיעו.doc
[2007/06/19 22:56:49 | 000,024,064 | -H-- | C] ()(C:\Documents and Settings\Aliza\My Documents\???? 1.doc) -- C:\Documents and Settings\Aliza\My Documents\עמוד 1.doc
[2007/06/19 22:54:11 | 000,090,624 | -H-- | C] ()(C:\Documents and Settings\Aliza\My Documents\4??? ?????1.doc) -- C:\Documents and Settings\Aliza\My Documents\4מתי היגיע1.doc
[2007/06/19 22:54:11 | 000,052,224 | -H-- | C] ()(C:\Documents and Settings\Aliza\My Documents\3??? ?????1.doc) -- C:\Documents and Settings\Aliza\My Documents\3מתי היגיע1.doc
[2007/06/19 22:54:11 | 000,028,672 | -H-- | C] ()(C:\Documents and Settings\Aliza\My Documents\5??? ?????1.doc) -- C:\Documents and Settings\Aliza\My Documents\5מתי היגיע1.doc
[2007/06/11 20:33:54 | 000,024,064 | -H-- | M] ()(C:\Documents and Settings\Aliza\My Documents\???? 1.doc) -- C:\Documents and Settings\Aliza\My Documents\עמוד 1.doc
[2007/06/11 20:26:51 | 000,028,672 | -H-- | M] ()(C:\Documents and Settings\Aliza\My Documents\5??? ?????1.doc) -- C:\Documents and Settings\Aliza\My Documents\5מתי היגיע1.doc
[2007/06/11 20:17:29 | 000,090,624 | -H-- | M] ()(C:\Documents and Settings\Aliza\My Documents\4??? ?????1.doc) -- C:\Documents and Settings\Aliza\My Documents\4מתי היגיע1.doc
[2007/06/11 19:13:24 | 000,052,224 | -H-- | M] ()(C:\Documents and Settings\Aliza\My Documents\3??? ?????1.doc) -- C:\Documents and Settings\Aliza\My Documents\3מתי היגיע1.doc
[2007/06/11 18:46:22 | 000,139,776 | -H-- | M] ()(C:\Documents and Settings\Aliza\My Documents\??? ?????2.doc) -- C:\Documents and Settings\Aliza\My Documents\מתי היגיע2.doc
[2007/06/11 18:33:36 | 000,131,072 | -H-- | M] ()(C:\Documents and Settings\Aliza\My Documents\??? ??????.doc) -- C:\Documents and Settings\Aliza\My Documents\מתי היגיעו.doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A11F741D
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794

< End of report >

#11
Lee07666

Posted 18 June 2011 - 12:23 PM

Member

Topic Starter
Member
34 posts

here's the combo fix log:

ComboFix 11-06-17.04 - Aliza 06/18/2011 14:05:28.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1417 [GMT -4:00]
Running from: c:\documents and settings\Aliza\Desktop\VIRUS REMOVAL PROGRAMS\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\cleanup.exe
c:\documents and settings\Aliza\Application Data\Sun\mnj.dat
c:\documents and settings\Aliza\Application Data\Sun\mxd1.txt
c:\documents and settings\Aliza\Application Data\Sun\ppkk.dat
c:\documents and settings\Aliza\Application Data\Sun\uuoo.dat
c:\documents and settings\Aliza\g2mdlhlpx.exe
c:\documents and settings\Aliza\GoToAssistDownloadHelper.exe
c:\documents and settings\Aliza\System
c:\documents and settings\Aliza\System\win_qs8.jqx
c:\documents and settings\Aliza\WINDOWS
c:\documents and settings\All Users\Desktop\Malware Protection.lnk
c:\documents and settings\All Users\VCREDI~3.EXE
c:\program files\alexa toolbar
c:\program files\alexa toolbar\AlxTB2.9.39.dll
c:\program files\alexa toolbar\Uninstall9.exe
c:\program files\Downloaded Installers
c:\program files\Downloaded Installers\{aa6c33af-8650-4e49-993a-d5701b783012}\setup.msi
c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\bszip.dll
c:\windows\system32\favicon.ico
c:\windows\system32\Ijl11.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-05-18 to 2011-06-18 )))))))))))))))))))))))))))))))
.
.
2011-06-18 16:38 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-18 16:38 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-17 03:41 . 2011-06-17 03:41 -------- d-----w- C:\_OTM
2011-06-16 07:04 . 2011-06-16 07:34 -------- d-----w- c:\windows\SxsCaPendDel
2011-06-15 19:06 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-06-12 20:47 . 2011-06-12 20:47 -------- d-----w- c:\documents and settings\Aliza\Local Settings\Application Data\SlimWare Utilities Inc
2011-06-12 20:47 . 2011-06-12 20:48 -------- d-----w- c:\program files\SlimCleaner
2011-06-12 20:19 . 2011-06-12 20:19 -------- d-----w- c:\program files\Apple Software Update
2011-06-12 19:45 . 2011-06-12 19:45 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2011-06-12 19:44 . 2011-06-12 19:44 -------- d-----w- c:\program files\Common Files\xing shared
2011-06-12 19:44 . 2011-06-12 19:44 150712 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2011-06-12 19:44 . 2011-06-12 19:44 105472 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2011-06-12 19:35 . 2005-11-10 18:03 49265 ----a-w- c:\windows\system32\jpicpl32.cpl
2011-06-12 19:24 . 2011-06-12 19:24 -------- d-----w- c:\documents and settings\Aliza\Local Settings\Application Data\Secunia PSI
2011-06-12 19:15 . 2011-06-12 19:15 -------- d-----w- c:\program files\Secunia
2011-06-12 14:53 . 2011-06-12 14:53 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2011-06-11 04:30 . 2011-06-11 04:30 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2011-06-11 04:29 . 2011-06-13 23:19 -------- d-----w- c:\documents and settings\Aliza\Application Data\IObit
2011-06-11 04:29 . 2011-06-13 23:19 -------- d-----w- c:\program files\IObit
2011-06-11 03:54 . 2011-06-11 03:54 711728 ----a-w- c:\windows\isRS-000.tmp
2011-06-10 23:30 . 2011-06-10 23:30 -------- d-----w- c:\documents and settings\Aliza\Local Settings\Application Data\Wuala
2011-06-10 23:30 . 2011-06-10 23:30 -------- d-----w- c:\documents and settings\Aliza\Application Data\Wuala
2011-06-10 00:09 . 2011-06-10 00:09 -------- d-----w- C:\MGtools
2011-06-09 21:13 . 2011-04-14 16:26 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-06-09 21:13 . 2011-04-14 16:25 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-06-09 21:13 . 2011-04-14 16:25 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-06-09 21:13 . 2011-04-14 16:25 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-06-09 21:13 . 2011-04-14 16:25 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-06-09 21:13 . 2011-04-14 16:25 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-06-09 21:13 . 2011-04-14 16:25 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-06-09 21:13 . 2011-04-14 16:25 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-06-09 21:13 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-06-09 21:13 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-06-09 01:03 . 2011-06-09 01:03 -------- d-----w- C:\_OTL
2011-06-09 00:14 . 2011-06-11 21:24 -------- d-----w- c:\documents and settings\Aliza\Application Data\Google Talk
2011-05-29 15:55 . 2011-05-29 15:55 -------- d-----w- c:\program files\Common Files\iS3
2011-05-29 15:55 . 2011-06-09 23:45 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-05-27 03:28 . 2011-05-27 03:28 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-05-27 03:18 . 2011-05-27 03:18 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-05-27 03:18 . 2011-05-27 03:18 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-05-27 03:17 . 2011-05-27 03:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-05-26 05:13 . 2011-05-26 05:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-05-26 05:13 . 2011-05-26 05:13 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2011-05-22 01:56 . 2011-05-22 01:56 -------- d-----w- c:\program files\Common Files\Skype
2011-05-22 01:54 . 2011-06-12 19:40 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-02 15:31 . 2004-08-10 18:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2004-08-10 17:51 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-10 17:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-10 17:51 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-14 16:26 . 2011-06-09 21:13 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-15 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-14 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-14 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-14 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-14 16132608]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-03-09 188416]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-12 273544]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2003-4-6 147456]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
backup=c:\windows\pss\Dell Network Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^officejet 6100.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk
backup=c:\windows\pss\officejet 6100.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-06-13 00:01 318272 ----a-w- c:\program files\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 15:13 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-02-14 00:21 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2008-01-18 01:41 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-04-15 05:30 1838592 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2003-03-09 20:30 188416 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 21:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 21:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 06:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 14:17 5252408 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2007-09-17 16:56 124200 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 14:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-04-18 21:30 15146376 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-15 05:30 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"BuildBU"=c:\dell\bldbubg.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\DNA\\btdna.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Aliza\\desktop\\utorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Team17\\Worms World Party\\wwp.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2/11/2010 11:42 AM 136360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [4/19/2011 2:44 AM 399416]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/25/2008 2:00 PM 24652]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys --> c:\windows\system32\DRIVERS\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2010 7:28 PM 135664]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [1/15/2008 10:28 AM 204800]
S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:\windows\system32\drivers\evserial.sys [6/30/2008 6:53 PM 53888]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/18/2011 12:38 PM 39984]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 NVIDIAHWAccess;NVIDIAHWAccess;\??\c:\documents and settings\Aliza\Application Data\NVIDIA\HWAccess.sys --> c:\documents and settings\Aliza\Application Data\NVIDIA\HWAccess.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 4:30 AM 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/19/2011 2:44 AM 993848]
S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\StumbleUpon\StumbleUponUpdateService.exe [6/3/2009 4:52 PM 120168]
S3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:\windows\system32\drivers\evsbc.sys [6/30/2008 6:53 PM 27904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
2008-02-25 15:55 7680 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2010-06-30 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p officejet 6100 series5E771253C1676EBED677BF361FDFC537825E15B8269919112.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 04:52]
.
2011-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 23:28]
.
2010-05-07 c:\windows\Tasks\photostageShakeIcon.job
- c:\program files\NCH Software\PhotoStage\photostage.exe [2010-04-27 19:25]
.
2011-06-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3534371746-1935322057-1064774181-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-02-02 c:\windows\Tasks\switchDowngrade.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-04-27 19:25]
.
2010-12-14 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-04-27 19:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cnn.com/
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm
Trusted Zone: aol.com\free
TCP: DhcpNameServer = 167.206.245.130 167.206.245.129
TCP: Interfaces\{81749764-0BDE-48AC-86FD-B10569284C3E}: NameServer = 192.168.1.1,4.2.2.2
FF - ProfilePath - c:\documents and settings\Aliza\Application Data\Mozilla\Firefox\Profiles\rgsvn09w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://uncyclopedia.wikia.com/wiki/How_to_be_funny
FF - prefs.js: network.proxy.http -
FF - prefs.js: network.proxy.http_port -
FF - prefs.js: network.proxy.type -
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-84242869.sys
MSConfigStartUp-3DBoxShot - c:\progra~1\3DBOXS~1\3DBoxShot.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-CSmileys - c:\progra~1\Crawler\Smileys\CSmileysIM.exe
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe
MSConfigStartUp-PSPVideo9 - c:\program files\pspvideo9\pspVideo9.exe
MSConfigStartUp-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-Tunebite - c:\program files\RapidSolution\Tunebite\Tunebite.exe
MSConfigStartUp-Veoh - c:\program files\Veoh Networks\Veoh\VeohClient.exe
HKLM_ActiveSetup-{8E3184CF-172F-4493-BA30-298AEEF1DE49} - o only be available on a friday night
AddRemove-{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\Google\Google Toolbar\Component\GoogleToolbarManager_223E2B8E7BAD9544.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-18 14:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,96,85,ea,10,cd,45,6a,47,81,b5,6e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,96,85,ea,10,cd,45,6a,47,81,b5,6e,\
.
[HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters]
@DACL=(02 0000)
@SACL=
"WinSock_Registry_Version"="2.0"
"Current_NameSpace_Catalog"="NameSpace_Catalog5"
"Current_Protocol_Catalog"="Protocol_Catalog9"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2568)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2011-06-18 14:21:07 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-18 18:21
.
Pre-Run: 46,552,875,008 bytes free
Post-Run: 48,654,327,808 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS=""
.
- - End Of File - - 2E0DAC460EA698E98E10A1A97B90BF43

#12
Lee07666

Posted 18 June 2011 - 12:26 PM

Member

Topic Starter
Member
34 posts

i ran tdsskiller but it found no infections. i clicked on report just in case you need it!

2011/06/18 14:25:36.0203 0524 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/18 14:25:36.0640 0524 ================================================================================
2011/06/18 14:25:36.0640 0524 SystemInfo:
2011/06/18 14:25:36.0640 0524
2011/06/18 14:25:36.0640 0524 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/18 14:25:36.0640 0524 Product type: Workstation
2011/06/18 14:25:36.0640 0524 ComputerName: FAMILY
2011/06/18 14:25:36.0640 0524 UserName: Aliza
2011/06/18 14:25:36.0640 0524 Windows directory: C:\WINDOWS
2011/06/18 14:25:36.0640 0524 System windows directory: C:\WINDOWS
2011/06/18 14:25:36.0640 0524 Processor architecture: Intel x86
2011/06/18 14:25:36.0640 0524 Number of processors: 2
2011/06/18 14:25:36.0640 0524 Page size: 0x1000
2011/06/18 14:25:36.0640 0524 Boot type: Normal boot
2011/06/18 14:25:36.0640 0524 ================================================================================
2011/06/18 14:25:37.0671 0524 Initialize success
2011/06/18 14:25:40.0546 0236 ================================================================================
2011/06/18 14:25:40.0546 0236 Scan started
2011/06/18 14:25:40.0546 0236 Mode: Manual;
2011/06/18 14:25:40.0546 0236 ================================================================================
2011/06/18 14:25:41.0734 0236 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/06/18 14:25:41.0781 0236 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/18 14:25:41.0828 0236 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/18 14:25:41.0890 0236 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/06/18 14:25:41.0953 0236 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/18 14:25:41.0984 0236 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/06/18 14:25:42.0031 0236 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/06/18 14:25:42.0093 0236 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/06/18 14:25:42.0109 0236 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/06/18 14:25:42.0171 0236 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/06/18 14:25:42.0203 0236 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/06/18 14:25:42.0234 0236 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/06/18 14:25:42.0281 0236 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/06/18 14:25:42.0359 0236 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/06/18 14:25:42.0421 0236 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/06/18 14:25:42.0453 0236 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/06/18 14:25:42.0796 0236 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/06/18 14:25:42.0906 0236 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/06/18 14:25:43.0031 0236 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/06/18 14:25:43.0109 0236 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/18 14:25:43.0156 0236 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/18 14:25:43.0265 0236 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/18 14:25:43.0328 0236 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/18 14:25:43.0421 0236 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/06/18 14:25:43.0578 0236 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/06/18 14:25:43.0625 0236 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/06/18 14:25:43.0671 0236 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/18 14:25:43.0765 0236 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/06/18 14:25:43.0796 0236 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/18 14:25:43.0843 0236 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/18 14:25:43.0890 0236 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/06/18 14:25:43.0921 0236 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/18 14:25:43.0968 0236 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/18 14:25:44.0000 0236 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/18 14:25:44.0109 0236 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/06/18 14:25:44.0156 0236 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/06/18 14:25:44.0312 0236 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/06/18 14:25:44.0375 0236 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/06/18 14:25:44.0437 0236 datunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\datunidr.sys
2011/06/18 14:25:44.0515 0236 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/18 14:25:44.0578 0236 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
2011/06/18 14:25:44.0609 0236 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/06/18 14:25:44.0625 0236 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/06/18 14:25:44.0656 0236 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS
2011/06/18 14:25:44.0687 0236 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/06/18 14:25:44.0734 0236 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/06/18 14:25:44.0750 0236 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/06/18 14:25:44.0781 0236 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2011/06/18 14:25:44.0812 0236 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/06/18 14:25:44.0828 0236 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/06/18 14:25:44.0906 0236 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/18 14:25:45.0000 0236 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/18 14:25:45.0046 0236 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/18 14:25:45.0125 0236 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/18 14:25:45.0203 0236 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/06/18 14:25:45.0234 0236 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/18 14:25:45.0296 0236 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/06/18 14:25:45.0312 0236 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/06/18 14:25:45.0375 0236 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/06/18 14:25:45.0421 0236 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/06/18 14:25:45.0562 0236 evserial (ea2bee20e81c36c36fe2c29fda145552) C:\WINDOWS\system32\DRIVERS\evserial.sys
2011/06/18 14:25:45.0640 0236 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/18 14:25:45.0703 0236 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/18 14:25:45.0750 0236 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/18 14:25:45.0812 0236 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/18 14:25:45.0875 0236 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/18 14:25:45.0937 0236 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/18 14:25:46.0000 0236 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/18 14:25:46.0078 0236 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/06/18 14:25:46.0125 0236 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/18 14:25:46.0187 0236 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/18 14:25:46.0234 0236 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/18 14:25:46.0343 0236 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/06/18 14:25:46.0421 0236 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/06/18 14:25:46.0468 0236 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/06/18 14:25:46.0562 0236 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/06/18 14:25:46.0640 0236 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/18 14:25:46.0687 0236 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/06/18 14:25:46.0718 0236 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/06/18 14:25:46.0765 0236 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/18 14:25:47.0000 0236 ialm (28423512370705aeda6a652fedb25468) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/06/18 14:25:47.0281 0236 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\drivers\iaStor.sys
2011/06/18 14:25:47.0375 0236 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/18 14:25:47.0453 0236 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/06/18 14:25:47.0656 0236 IntcAzAudAddService (17bbbabb21f86b650b2626045a9d016c) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/06/18 14:25:47.0781 0236 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/18 14:25:47.0843 0236 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/18 14:25:47.0875 0236 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/18 14:25:47.0937 0236 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/18 14:25:47.0968 0236 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/18 14:25:48.0000 0236 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/18 14:25:48.0062 0236 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/18 14:25:48.0093 0236 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/18 14:25:48.0203 0236 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/18 14:25:48.0218 0236 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/18 14:25:48.0250 0236 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/18 14:25:48.0281 0236 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/18 14:25:48.0328 0236 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/18 14:25:48.0437 0236 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/06/18 14:25:48.0484 0236 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/18 14:25:48.0546 0236 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/18 14:25:48.0593 0236 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/18 14:25:48.0640 0236 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/18 14:25:48.0703 0236 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/18 14:25:48.0750 0236 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/06/18 14:25:48.0796 0236 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/18 14:25:48.0875 0236 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/18 14:25:49.0015 0236 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/18 14:25:49.0062 0236 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/18 14:25:49.0109 0236 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/18 14:25:49.0171 0236 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/18 14:25:49.0234 0236 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/18 14:25:49.0265 0236 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/18 14:25:49.0312 0236 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/18 14:25:49.0375 0236 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/18 14:25:49.0687 0236 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/18 14:25:49.0781 0236 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/18 14:25:49.0828 0236 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/18 14:25:49.0859 0236 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/18 14:25:49.0890 0236 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/18 14:25:49.0921 0236 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/18 14:25:49.0984 0236 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/18 14:25:50.0015 0236 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/18 14:25:50.0109 0236 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/18 14:25:50.0156 0236 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/18 14:25:50.0218 0236 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/18 14:25:50.0312 0236 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/18 14:25:50.0625 0236 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/18 14:25:50.0671 0236 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/18 14:25:50.0765 0236 P1131VID (ef3b8896ad48325c60d3a63513cd0c4d) C:\WINDOWS\system32\DRIVERS\P1131Vid.sys
2011/06/18 14:25:50.0828 0236 Packet (8f856dae19383bd69db444004d5d4f50) C:\WINDOWS\system32\DRIVERS\packet.sys
2011/06/18 14:25:50.0875 0236 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/18 14:25:50.0906 0236 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/18 14:25:50.0937 0236 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/18 14:25:50.0968 0236 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/18 14:25:51.0046 0236 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/18 14:25:51.0078 0236 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/18 14:25:51.0203 0236 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/06/18 14:25:51.0234 0236 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/06/18 14:25:51.0359 0236 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/18 14:25:51.0390 0236 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/18 14:25:51.0437 0236 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
2011/06/18 14:25:51.0500 0236 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/18 14:25:51.0687 0236 PTproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys
2011/06/18 14:25:51.0828 0236 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/18 14:25:51.0921 0236 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/06/18 14:25:51.0953 0236 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/06/18 14:25:51.0968 0236 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/06/18 14:25:52.0000 0236 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/06/18 14:25:52.0031 0236 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/06/18 14:25:52.0093 0236 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/18 14:25:52.0156 0236 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/18 14:25:52.0171 0236 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/18 14:25:52.0187 0236 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/18 14:25:52.0218 0236 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/18 14:25:52.0296 0236 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/18 14:25:52.0359 0236 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/18 14:25:52.0406 0236 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/18 14:25:52.0468 0236 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/18 14:25:52.0546 0236 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/06/18 14:25:52.0578 0236 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/06/18 14:25:52.0656 0236 SCDEmu (16b1abe7f3e35f21dac57592b6c5d464) C:\WINDOWS\system32\drivers\SCDEmu.sys
2011/06/18 14:25:52.0812 0236 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/18 14:25:52.0890 0236 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/18 14:25:52.0937 0236 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/18 14:25:53.0000 0236 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/18 14:25:53.0093 0236 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/06/18 14:25:53.0156 0236 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/18 14:25:53.0234 0236 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/06/18 14:25:53.0296 0236 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/18 14:25:53.0343 0236 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/18 14:25:53.0390 0236 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/18 14:25:53.0484 0236 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/06/18 14:25:53.0531 0236 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/18 14:25:53.0593 0236 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/18 14:25:53.0625 0236 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/18 14:25:53.0703 0236 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/06/18 14:25:53.0750 0236 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/06/18 14:25:53.0796 0236 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/06/18 14:25:53.0843 0236 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/06/18 14:25:53.0921 0236 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/18 14:25:54.0046 0236 tbhsd (0a396237c3c4164de12d7c26450bd69c) C:\WINDOWS\system32\drivers\tbhsd.sys
2011/06/18 14:25:54.0109 0236 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/18 14:25:54.0156 0236 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/18 14:25:54.0203 0236 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/18 14:25:54.0265 0236 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/18 14:25:54.0359 0236 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/06/18 14:25:54.0406 0236 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/18 14:25:54.0484 0236 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/06/18 14:25:54.0546 0236 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/18 14:25:54.0640 0236 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/06/18 14:25:54.0734 0236 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/18 14:25:54.0812 0236 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/18 14:25:54.0859 0236 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/18 14:25:54.0921 0236 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/18 14:25:54.0953 0236 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/18 14:25:54.0984 0236 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/18 14:25:55.0000 0236 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/18 14:25:55.0031 0236 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/18 14:25:55.0078 0236 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/06/18 14:25:55.0156 0236 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/06/18 14:25:55.0187 0236 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/18 14:25:55.0218 0236 VSBC (ed93e2b7fd5aeb89c924f175824a4d6d) C:\WINDOWS\system32\DRIVERS\evsbc.sys
2011/06/18 14:25:55.0296 0236 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/18 14:25:55.0390 0236 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/18 14:25:55.0500 0236 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/18 14:25:55.0593 0236 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/18 14:25:55.0625 0236 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/18 14:25:55.0687 0236 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/06/18 14:25:55.0812 0236 ================================================================================
2011/06/18 14:25:55.0812 0236 Scan finished
2011/06/18 14:25:55.0812 0236 ================================================================================
2011/06/18 14:25:55.0828 2080 Detected object count: 0
2011/06/18 14:25:55.0828 2080 Actual detected object count: 0

#13
Lee07666

Posted 18 June 2011 - 12:29 PM

Member

Topic Starter
Member
34 posts

aswMBR - the fix it button is enabled (one of the lines of code is highlighted in red) and here is the text. i have left the code box open in case you want me to "fix it"

aswMBR version 0.9.6.399 Copyright© 2011 AVAST Software
Run date: 2011-06-18 14:27:27
-----------------------------
14:27:27.531 OS Version: Windows 5.1.2600 Service Pack 3
14:27:27.531 Number of processors: 2 586 0xF0D
14:27:27.531 ComputerName: FAMILY UserName: Aliza
14:27:28.562 Initialize success
14:27:36.546 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
14:27:36.562 Disk 0 Vendor: ST3160815AS 4.ADA Size: 152587MB BusType: 3
14:27:38.593 Disk 0 MBR read successfully
14:27:38.593 Disk 0 MBR scan
14:27:38.593 Disk 0 Windows XP default MBR code
14:27:40.609 Disk 0 scanning sectors +312496380
14:27:40.625 Disk 0 scanning C:\WINDOWS\system32\drivers
14:27:49.390 Service scanning
14:27:50.843 Disk 0 trace - called modules:
14:27:50.859 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x895b63c0]<<
14:27:50.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5b3ab8]
14:27:50.875 Scan finished successfully
14:28:26.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Aliza\Desktop\MBR.dat"
14:28:26.109 The log file has been saved successfully to "C:\Documents and Settings\Aliza\Desktop\aswMBR.txt"

#14
RKinner

Posted 18 June 2011 - 12:44 PM

Malware Expert

Expert
24,625 posts

Run aswMBR again and press the FIX button (Not the FixMBR button) then post the log you get.

One more pass with OTL to clean up a bit of deadwood:
Copy the text in the code box by highlighting and Ctrl + c


:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
O4 - HKLM..\Run: [conhost] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - File not found
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - File not found

:Commands
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Run OTL again. Quickscan and post the log.

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You do not have the latest Java.
First go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see: J2SE Runtime Environment 5.0 Update 6
Get the latest at:

http://javadl.sun.co...?BundleId=41723

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.

Follow Jim's procedure here:

http://aumha.net/vie...581099691bf108f

to clean up System Restore

Now let's look for other problems:

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear Log or Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, Run, sfc /scannow, OK

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

#15
Lee07666

Posted 18 June 2011 - 03:29 PM

Member

Topic Starter
Member
34 posts

ok, first things first: ran asw again, no fix button enabled, here is the log:

aswMBR version 0.9.6.399 Copyright© 2011 AVAST Software
Run date: 2011-06-18 14:27:27
-----------------------------
14:27:27.531 OS Version: Windows 5.1.2600 Service Pack 3
14:27:27.531 Number of processors: 2 586 0xF0D
14:27:27.531 ComputerName: FAMILY UserName: Aliza
14:27:28.562 Initialize success
14:27:36.546 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
14:27:36.562 Disk 0 Vendor: ST3160815AS 4.ADA Size: 152587MB BusType: 3
14:27:38.593 Disk 0 MBR read successfully
14:27:38.593 Disk 0 MBR scan
14:27:38.593 Disk 0 Windows XP default MBR code
14:27:40.609 Disk 0 scanning sectors +312496380
14:27:40.625 Disk 0 scanning C:\WINDOWS\system32\drivers
14:27:49.390 Service scanning
14:27:50.843 Disk 0 trace - called modules:
14:27:50.859 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x895b63c0]<<
14:27:50.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5b3ab8]
14:27:50.875 Scan finished successfully
14:28:26.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Aliza\Desktop\MBR.dat"
14:28:26.109 The log file has been saved successfully to "C:\Documents and Settings\Aliza\Desktop\aswMBR.txt"

aswMBR version 0.9.6.399 Copyright© 2011 AVAST Software
Run date: 2011-06-18 17:20:21
-----------------------------
17:20:21.609 OS Version: Windows 5.1.2600 Service Pack 3
17:20:21.609 Number of processors: 2 586 0xF0D
17:20:21.609 ComputerName: FAMILY UserName: Aliza
17:20:22.218 Initialize success
17:20:44.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:20:44.796 Disk 0 Vendor: ST3160815AS 4.ADA Size: 152587MB BusType: 3
17:20:46.828 Disk 0 MBR read successfully
17:20:46.828 Disk 0 MBR scan
17:20:46.843 Disk 0 Windows XP default MBR code
17:20:48.843 Disk 0 scanning sectors +312496380
17:20:48.875 Disk 0 scanning C:\WINDOWS\system32\drivers
17:20:56.265 Service scanning
17:20:57.140 Disk 0 trace - called modules:
17:20:57.156 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:20:57.156 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5b3ab8]
17:20:57.156 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000066[0x8a612810]
17:20:57.156 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a5c9940]
17:20:57.171 Scan finished successfully
17:27:18.171 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Aliza\Desktop\MBR.dat"
17:27:18.187 The log file has been saved successfully to "C:\Documents and Settings\Aliza\Desktop\aswMBR.txt"