Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

w32.crypt infection

Started by Maxihup , Jul 06 2011 01:13 PM

This topic is locked

#1
Maxihup

Posted 06 July 2011 - 01:13 PM

Member

Member
64 posts

Hi and thanks for this site and your help.

Got some officescan popups saying I have a w32.crypt infection. Also had a shopathome.com toolbar come up in IE a few days ago. I disabled that but computer is still slow and getting officescan alerts. Also having all kinds of Java errors. Please assist.

Here is the last virus found by officescan:

JS_OBFUSCA.SM

Also found this greyware:

ADW_YABECTOR

Here is my OTL scan log:

OTL logfile created on: 7/6/2011 1:47:50 PM - Run 1
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Documents and Settings\user1\Desktop\virus
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.54 Gb Available Physical Memory | 27.79% Memory free
3.78 Gb Paging File | 2.38 Gb Available in Paging File | 62.91% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 53.03 Gb Free Space | 35.58% Space Free | Partition Type: NTFS

Computer Name: Edited | User Name: user1 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/06 13:31:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user1\Desktop\virus\OTL.exe
PRC - [2011/05/25 15:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\user1\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/04/11 21:07:51 | 002,615,624 | ---- | M] (Immunet) -- C:\Program Files\Immunet Protect\2.0.17\iptray.exe
PRC - [2011/04/11 21:07:50 | 000,756,680 | ---- | M] (Immunet Corporation) -- C:\Program Files\Immunet Protect\2.0.17\agent.exe
PRC - [2010/12/30 05:23:20 | 000,874,832 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
PRC - [2010/12/21 13:05:52 | 000,548,864 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PrismXL.sys
PRC - [2010/12/16 20:14:52 | 001,597,120 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
PRC - [2010/12/16 20:09:54 | 001,509,312 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
PRC - [2010/12/15 02:54:24 | 000,445,048 | ---- | M] () -- C:\WINDOWS\Downloaded Program Files\TunnelServer.exe
PRC - [2010/12/01 14:49:56 | 001,589,208 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exe
PRC - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsSvc.exe
PRC - [2010/11/01 15:15:12 | 000,886,752 | ---- | M] () -- C:\Program Files\SelectRebates\SelectRebates.exe
PRC - [2010/10/06 06:56:16 | 002,002,728 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\Teamviewer\Version5\TeamViewer_Service.exe
PRC - [2010/10/06 06:56:12 | 006,265,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\Teamviewer\Version5\TeamViewer.exe
PRC - [2010/06/29 12:20:40 | 000,497,080 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
PRC - [2010/06/15 12:34:30 | 000,345,424 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2010/04/25 01:36:36 | 000,689,416 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
PRC - [2010/04/01 10:57:52 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exe
PRC - [2009/10/21 11:10:58 | 000,370,952 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe
PRC - [2009/03/19 03:53:02 | 000,098,304 | ---- | M] () -- C:\WINDOWS\system32\DTS.exe
PRC - [2009/03/19 03:48:34 | 001,680,632 | ---- | M] (AuthenTec, Inc.) -- C:\WINDOWS\system32\AtService.exe
PRC - [2008/10/17 09:32:35 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/08/28 12:36:22 | 000,081,920 | ---- | M] (PatchLink Corporation) -- C:\Program Files\PatchLink\Update Agent\GravitixService.exe
PRC - [2008/08/28 12:35:54 | 000,847,872 | ---- | M] (PatchLink Corporation) -- C:\Program Files\PatchLink\Update Agent\pddm.exe
PRC - [2008/08/18 17:45:42 | 000,346,720 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2008/07/03 22:17:00 | 000,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2008/06/15 14:34:20 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/01/07 15:35:08 | 000,049,152 | ---- | M] () -- C:\Program Files\gAlwaysIdle\gidle.exe
PRC - [2007/09/13 20:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2007/01/01 16:22:02 | 003,776,512 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006/11/06 19:33:56 | 000,035,880 | ---- | M] (International Business Machines Corporation) -- C:\Program Files\Quest Software\Toad for Data Analysis Trial 1.0\DB2 Client\BIN\db2mgmtsvc.exe
PRC - [2006/05/23 20:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/05/18 15:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2004/07/20 11:34:28 | 000,851,968 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter2\brctrcen.exe
PRC - [2003/12/12 19:50:34 | 000,033,792 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2003/05/05 21:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe

========== Modules (SafeList) ==========

MOD - [2011/07/06 13:31:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user1\Desktop\virus\OTL.exe
MOD - [2010/08/04 13:19:26 | 000,157,768 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\smum32.dll
MOD - [2008/04/14 04:42:52 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/01/09 05:40:18 | 000,065,536 | ---- | M] () -- C:\Program Files\gAlwaysIdle\gidle.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SessionLauncher)
SRV - File not found [Auto | Stopped] -- -- (r_server)
SRV - [2011/04/11 21:07:50 | 000,756,680 | ---- | M] (Immunet Corporation) [Auto | Running] -- C:\Program Files\Immunet Protect\2.0.17\agent.exe -- (ImmunetProtect)
SRV - [2011/04/04 10:04:39 | 000,326,224 | ---- | M] (Immunet) [On_Demand | Stopped] -- C:\Program Files\Immunet Protect\tetra\scan.dll -- (scan)
SRV - [2010/12/21 13:05:52 | 000,548,864 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PrismXL.sys -- (PrismXL)
SRV - [2010/12/16 20:14:52 | 001,597,120 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe -- (tmlisten)
SRV - [2010/12/16 20:09:54 | 001,509,312 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe -- (ntrtscan)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/10/06 06:56:16 | 002,002,728 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\Teamviewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/06/29 12:20:40 | 000,497,080 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe -- (TmPfw)
SRV - [2010/06/15 12:34:30 | 000,345,424 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\..\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2010/04/25 01:36:36 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/05/07 13:52:30 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/19 03:55:36 | 000,118,784 | ---- | M] (AuthenTec,Inc) [On_Demand | Stopped] -- C:\WINDOWS\system32\FpLogonServ.exe -- (FingerprintServer)
SRV - [2009/03/19 03:53:02 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\DTS.exe -- (dtsvc)
SRV - [2009/03/19 03:52:56 | 000,106,496 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\ADMonitor.exe -- (ADMonitor)
SRV - [2009/03/19 03:48:34 | 001,680,632 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\WINDOWS\system32\AtService.exe -- (ATService)
SRV - [2008/08/28 12:36:22 | 000,081,920 | ---- | M] (PatchLink Corporation) [Auto | Running] -- C:\Program Files\PatchLink\Update Agent\GravitixService.exe -- (PatchLink Update)
SRV - [2008/08/18 17:45:42 | 000,346,720 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2008/06/15 14:34:20 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/04/25 07:15:24 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/06 19:35:10 | 000,014,376 | ---- | M] (International Business Machines Corporation) [On_Demand | Stopped] -- C:\Program Files\Quest Software\Toad for Data Analysis Trial 1.0\DB2 Client\BIN\db2sec.exe -- (DB2NTSECSERVER_TAEVAL10) DB2 Security Server (TAEVAL10)
SRV - [2006/11/06 19:33:56 | 000,035,880 | ---- | M] (International Business Machines Corporation) [Auto | Running] -- C:\Program Files\Quest Software\Toad for Data Analysis Trial 1.0\DB2 Client\BIN\db2mgmtsvc.exe -- (DB2MGMTSVC_TAEVAL10) DB2 Management Service (TAEVAL10)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/05/23 20:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/03/03 19:11:32 | 000,466,944 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbtcoms.exe -- (dlbt_device)
SRV - [2003/05/05 21:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)

========== Driver Services (SafeList) ==========

DRV - [2011/04/11 21:07:56 | 000,041,424 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ImmunetProtect.sys -- (ImmunetProtectDriver)
DRV - [2011/04/11 21:07:56 | 000,031,184 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ImmunetSelfProtect.sys -- (ImmunetSelfProtectDriver)
DRV - [2010/12/14 11:34:14 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/12/14 11:34:14 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/12/07 15:54:52 | 000,177,232 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/12/07 15:54:52 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/12/07 15:54:52 | 000,057,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/11/25 10:43:00 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/11/08 21:05:38 | 000,090,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010/10/20 19:45:16 | 000,249,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter)
DRV - [2010/10/20 19:45:06 | 000,036,432 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2010/10/20 19:30:02 | 001,331,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\VsapiNT.sys -- (VSApiNt)
DRV - [2010/07/21 16:47:00 | 000,341,584 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\user1\Local Settings\Temp\SAS_SelfExtract\saskutil.sys -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\user1\Local Settings\Temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/08/20 11:19:18 | 000,033,920 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\covpndrv.sys -- (urvpndrv)
DRV - [2009/08/20 11:19:15 | 000,010,752 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\urfltw2k.sys -- (f5ipfw)
DRV - [2009/07/07 19:53:02 | 000,028,160 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2009/03/19 20:09:40 | 000,482,176 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/09/25 06:22:02 | 003,634,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/09/24 23:49:52 | 000,031,680 | R--- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2008/09/19 22:29:54 | 000,243,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2008/08/19 20:15:06 | 000,991,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/08/19 20:15:04 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/06/12 16:38:52 | 000,764,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2008/04/09 18:16:48 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/04/09 18:16:48 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/04/09 18:16:48 | 000,210,560 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/03/26 13:21:06 | 000,013,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (tpm)
DRV - [2008/03/26 13:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2008/02/15 17:01:00 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/01/03 13:32:52 | 002,782,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/07/30 10:54:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 09:42:00 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@onlive.com/OlGameDetect,version=1.1.0.69034: C:\Program Files\OnLive\FirefoxPlugin\npolgdet.dll (OnLive)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2166.3772\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\user1\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\user1\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\user1\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/22 20:35:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/16 11:08:07 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/22 20:35:25 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/16 11:08:07 | 000,000,000 | ---D | M]

[2009/06/01 17:23:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user1\Application Data\Mozilla\Extensions
[2011/07/02 15:37:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\slul1wop.default\extensions
[2011/07/02 15:37:46 | 000,000,000 | ---D | M] (ShopAtHome.com Intelligent Shopping Toolbar) -- C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\slul1wop.default\extensions\[email protected]
[2011/03/29 09:37:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/06/22 20:35:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/07/06 10:34:12 | 000,305,837 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 10528 more lines...
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DLBTCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.DLL ()
O4 - HKLM..\Run: [gidle] C:\Program Files\gAlwaysIdle\gidle.exe ()
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [Immunet Protect] C:\Program Files\Immunet Protect\2.0.17\iptray.exe (Immunet)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PDDM] C:\Program Files\PatchLink\Update Agent\pddm.exe (PatchLink Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [sealmon.exe] C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe (Oracle Corporation)
O4 - HKLM..\Run: [SelectRebates] C:\Program Files\SelectRebates\SelectRebates.exe ()
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK = C:\Program Files\New Boundary\Client\LocalClient.EXE (New Boundary Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\user1\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\user1\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanne...yerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
OO16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://freetrial.we...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O18 - Protocol\Handler\qrev {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - C:\Program Files\Quest Software\Toad for Oracle\RNetPin.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ATFUS: DllName - C:\WINDOWS\system32\FpWinLogonNp.dll - C:\WINDOWS\system32\FpWinlogonNp.dll (AuthenTec,Inc)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/17 22:01:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2c52f558-81e7-11de-9e82-0022fa93e9b0}\Shell\AutoRun\command - "" = E:\DRIVE\file.exe
O33 - MountPoints2\{2c52f558-81e7-11de-9e82-0022fa93e9b0}\Shell\open\command - "" = E:\DRIVE\file.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/06 13:28:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Desktop\virus
[2011/07/02 15:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\SelectRebates
[2011/06/29 11:19:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\PINCodes
[2011/06/27 11:27:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\My Documents\Oak Tree Market
[2011/06/15 11:02:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/06/10 14:39:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Star Trek - Armada
[2011/06/10 14:32:23 | 000,000,000 | ---D | C] -- C:\Program Files\Activision
[2011/06/08 17:06:58 | 000,000,000 | ---D | C] -- C:\StarTopia Demo
[2011/06/07 13:49:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Desktop\Coursesmart 0611
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/06 13:24:00 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4027829005-1107895287-290554039-19765UA.job
[2011/07/06 13:18:01 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/06 13:08:26 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Excel 2007.lnk
[2011/07/06 12:40:12 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/07/06 12:04:47 | 000,000,155 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2011/07/06 10:35:27 | 000,009,446 | ---- | M] () -- C:\WINDOWS\cfgall.ini
[2011/07/05 21:18:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/05 18:31:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/05 16:24:02 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4027829005-1107895287-290554039-19765Core.job
[2011/07/03 20:57:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/03 20:52:03 | 000,466,930 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/03 20:52:03 | 000,087,172 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/03 20:46:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/20 12:24:56 | 007,565,285 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\slow-blues-A-dolphinstreet.mp3
[2011/06/18 12:23:09 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Word 2007.lnk
[2011/06/15 11:02:53 | 000,001,924 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/06/10 12:39:38 | 000,067,858 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\OLD HM access process card(rebranded).pdf
[2011/06/08 17:08:10 | 000,000,403 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\StarTopia Demo.lnk
[2011/06/08 17:06:07 | 088,725,504 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\startopiademo1.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/20 12:24:05 | 007,565,285 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\slow-blues-A-dolphinstreet.mp3
[2011/06/15 11:02:53 | 000,001,924 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/06/10 12:39:38 | 000,067,858 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\OLD HM access process card(rebranded).pdf
[2011/06/08 17:08:10 | 000,000,403 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\StarTopia Demo.lnk
[2011/06/08 17:05:54 | 088,725,504 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\startopiademo1.exe
[2011/03/25 11:24:44 | 000,186,616 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/22 21:45:27 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\user1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/30 14:55:52 | 000,314,070 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/12/14 11:34:14 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010/12/14 11:34:14 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010/12/01 14:21:43 | 000,010,579 | ---- | C] () -- C:\WINDOWS\cfgwtp.ini
[2010/07/16 15:30:12 | 000,000,205 | ---- | C] () -- C:\WINDOWS\Hop.ini
[2010/07/14 12:49:55 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\user1\Application Data\winscp.rnd
[2010/07/09 14:55:03 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2010/06/15 14:52:41 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/05/18 13:44:31 | 000,000,067 | ---- | C] () -- C:\WINDOWS\ERK.INI
[2010/04/05 13:57:37 | 000,499,200 | ---- | C] () -- C:\WINDOWS\System32\WZDPlay.dll
[2010/03/29 09:12:32 | 000,003,530 | ---- | C] () -- C:\Documents and Settings\user1\Local Settings\Application Data\springsettings.cfg
[2010/01/22 15:19:21 | 000,000,571 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2010/01/22 15:15:32 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsb.dll
[2010/01/22 15:15:32 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dlbtcub.dll
[2010/01/22 15:15:31 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlbtins.dll
[2010/01/22 15:15:31 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsr.dll
[2010/01/22 15:15:31 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
[2010/01/22 15:15:29 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2010/01/22 15:15:29 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2010/01/22 15:15:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll
[2010/01/22 15:15:28 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll
[2010/01/22 15:15:27 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2010/01/22 15:15:22 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2009/12/31 16:07:02 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/12/31 16:07:02 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2009/12/10 19:47:59 | 000,065,612 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/06/27 14:50:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2009/06/27 14:47:28 | 000,000,236 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/06/27 14:47:28 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/06/27 14:47:28 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2009/06/27 14:47:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2009/06/27 01:06:22 | 000,000,463 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/06/27 01:06:22 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/06/27 01:06:22 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2009/06/24 11:03:55 | 000,000,073 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2009/06/01 17:23:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/05/28 12:21:58 | 000,378,880 | ---- | C] () -- C:\WINDOWS\System32\KXauth.dll
[2009/05/15 18:17:40 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2009/05/15 18:17:19 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2009/05/07 14:16:20 | 000,009,446 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2009/05/07 02:46:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/05/07 02:46:42 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/05/07 02:46:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/05/07 02:46:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/05/07 02:46:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/05/07 02:46:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/04/23 07:56:40 | 002,026,604 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/04/23 07:56:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4990.dll
[2009/04/23 07:56:38 | 000,442,964 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/03/19 03:53:02 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\DTS.exe
[2009/03/19 03:52:56 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\ADMonitor.exe
[2009/01/05 08:27:08 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009/01/05 08:27:08 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/01/05 08:27:08 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/01/05 08:27:07 | 000,158,080 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/01/05 08:25:24 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/12/30 07:45:13 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/12/30 07:45:12 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/12/30 07:45:12 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/30 07:45:12 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/12/30 07:45:10 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/10/20 08:27:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/10/17 22:03:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/10/17 21:59:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/10/17 17:55:48 | 000,004,392 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/17 17:54:36 | 000,335,976 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/17 10:36:53 | 000,060,928 | ---- | C] () -- C:\WINDOWS\unleap.exe
[2008/10/17 10:33:04 | 000,029,728 | ---- | C] () -- C:\WINDOWS\System32\raddrv.dll
[2008/10/17 10:29:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/17 10:25:30 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/10/17 10:22:46 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\cwbrw.dll
[2008/10/17 10:22:46 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\cwbsv.dll
[2008/10/17 10:22:46 | 000,020,533 | ---- | C] () -- C:\WINDOWS\System32\cwbunplp.exe
[2008/10/17 10:22:46 | 000,020,528 | ---- | C] () -- C:\WINDOWS\System32\cwbwiz.dll
[2008/10/17 10:22:46 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbsy.dll
[2008/10/17 10:22:46 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbnl.dll
[2008/10/17 10:22:46 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbnldlg.dll
[2008/10/17 10:22:46 | 000,000,251 | ---- | C] () -- C:\WINDOWS\System32\drivers\hlldrvr.sys
[2008/10/17 10:22:45 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbco.dll
[2008/10/17 10:22:45 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbad.dll
[2008/10/17 09:31:05 | 000,008,636 | ---- | C] () -- C:\WINDOWS\modifyPE.exe
[2008/10/17 09:31:04 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll
[2008/10/17 09:31:03 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\cabarc.exe
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/08/18 17:44:34 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 04:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/12/31 06:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/08/23 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 07:00:00 | 000,466,930 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 07:00:00 | 000,087,172 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 07:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll
[2001/08/23 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/10/13 15:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2009/12/31 16:03:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/12/10 16:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DS Development
[2011/04/10 22:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/05/17 16:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCB Artist
[2009/05/28 12:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Quest Software
[2011/07/06 09:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/07 02:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2009/10/23 15:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/09/21 12:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\.minecraft
[2009/12/07 23:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Amazon
[2008/10/17 10:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Canneverbe_Limited
[2011/04/10 20:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\DriverCure
[2011/07/03 20:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Dropbox
[2009/12/10 16:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\DS Development
[2011/07/01 05:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\emf
[2011/05/25 15:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Glory of the Roman Empire Demo
[2011/04/04 10:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Immunet
[2009/06/01 22:18:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\InterVideo
[2010/12/29 11:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Jeskola
[2009/12/10 15:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\MAPILab Ltd
[2010/12/02 20:33:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\OnLive App
[2011/04/10 20:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\ParetoLogic
[2011/01/21 23:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\PriceGong
[2009/05/18 14:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Software
[2010/03/29 09:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\springsettings
[2010/07/14 12:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\SSH
[2010/12/21 13:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\TeamViewer
[2010/12/14 11:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Ubisoft
[2011/01/26 14:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\uTorrent
[2011/04/24 14:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\wargaming.net
[2010/04/05 13:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\WarZone
[2011/01/05 12:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\webex
[2010/08/23 13:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Windows Desktop Search
[2010/08/23 14:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Windows Search
[2011/03/15 14:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Wizards of the Coast
[2011/03/25 11:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Xtranormal

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 238 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D282699C
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

#2
Essexboy

Posted 15 July 2011 - 02:05 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi there sorry for the delay - could you run a fresh OTL scan for me please (there will only be one log this time )

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

#3
Maxihup

Posted 15 July 2011 - 03:14 PM

Member

Topic Starter
Member
64 posts

Thanks much for your help.

Her is the new OTL log

OTL logfile created on: 7/15/2011 3:34:16 PM - Run 2
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Documents and Settings\user1\Desktop\virus
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.67 Gb Available Physical Memory | 34.95% Memory free
3.78 Gb Paging File | 2.44 Gb Available in Paging File | 64.53% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 52.42 Gb Free Space | 35.17% Space Free | Partition Type: NTFS
Drive D: | 2.24 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: stderUSER1 | User Name: user1 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/06 13:31:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user1\Desktop\virus\OTL.exe
PRC - [2011/05/25 15:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\user1\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/04/11 21:07:51 | 002,615,624 | ---- | M] (Immunet) -- C:\Program Files\Immunet Protect\2.0.17\iptray.exe
PRC - [2011/04/11 21:07:50 | 000,756,680 | ---- | M] (Immunet Corporation) -- C:\Program Files\Immunet Protect\2.0.17\agent.exe
PRC - [2010/12/30 05:23:20 | 000,874,832 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
PRC - [2010/12/21 13:05:52 | 000,548,864 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PrismXL.sys
PRC - [2010/12/16 20:14:52 | 001,597,120 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
PRC - [2010/12/16 20:09:54 | 001,509,312 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
PRC - [2010/12/15 02:54:24 | 000,445,048 | ---- | M] () -- C:\WINDOWS\Downloaded Program Files\TunnelServer.exe
PRC - [2010/12/01 14:49:56 | 001,589,208 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exe
PRC - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsSvc.exe
PRC - [2010/11/01 15:15:12 | 000,886,752 | ---- | M] () -- C:\Program Files\SelectRebates\SelectRebates.exe
PRC - [2010/10/06 06:56:16 | 002,002,728 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\Teamviewer\Version5\TeamViewer_Service.exe
PRC - [2010/10/06 06:56:12 | 006,265,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\Teamviewer\Version5\TeamViewer.exe
PRC - [2010/06/29 12:20:40 | 000,497,080 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
PRC - [2010/06/15 12:34:30 | 000,345,424 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2010/04/25 01:36:36 | 000,689,416 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
PRC - [2010/04/01 10:57:52 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exe
PRC - [2009/10/21 11:10:58 | 000,370,952 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe
PRC - [2009/03/19 03:53:02 | 000,098,304 | ---- | M] () -- C:\WINDOWS\system32\DTS.exe
PRC - [2009/03/19 03:48:34 | 001,680,632 | ---- | M] (AuthenTec, Inc.) -- C:\WINDOWS\system32\AtService.exe
PRC - [2008/10/17 09:32:35 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/08/28 12:36:22 | 000,081,920 | ---- | M] (PatchLink Corporation) -- C:\Program Files\PatchLink\Update Agent\GravitixService.exe
PRC - [2008/08/28 12:35:54 | 000,847,872 | ---- | M] (PatchLink Corporation) -- C:\Program Files\PatchLink\Update Agent\pddm.exe
PRC - [2008/08/18 17:45:42 | 000,346,720 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2008/07/03 22:17:00 | 000,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2008/06/15 14:34:20 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/01/07 15:35:08 | 000,049,152 | ---- | M] () -- C:\Program Files\gAlwaysIdle\gidle.exe
PRC - [2007/09/13 20:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2007/01/01 16:22:02 | 003,776,512 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006/11/06 19:33:56 | 000,035,880 | ---- | M] (International Business Machines Corporation) -- C:\Program Files\Quest Software\Toad for Data Analysis Trial 1.0\DB2 Client\BIN\db2mgmtsvc.exe
PRC - [2006/05/23 20:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/05/18 15:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2004/07/20 11:34:28 | 000,851,968 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter2\brctrcen.exe
PRC - [2003/12/12 19:50:34 | 000,033,792 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2003/05/05 21:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe

========== Modules (SafeList) ==========

MOD - [2011/07/06 13:31:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user1\Desktop\virus\OTL.exe
MOD - [2010/08/04 13:19:26 | 000,157,768 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\smum32.dll
MOD - [2008/04/14 04:42:52 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/01/09 05:40:18 | 000,065,536 | ---- | M] () -- C:\Program Files\gAlwaysIdle\gidle.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SessionLauncher)
SRV - File not found [Auto | Stopped] -- -- (r_server)
SRV - [2011/04/11 21:07:50 | 000,756,680 | ---- | M] (Immunet Corporation) [Auto | Running] -- C:\Program Files\Immunet Protect\2.0.17\agent.exe -- (ImmunetProtect)
SRV - [2011/04/04 10:04:39 | 000,326,224 | ---- | M] (Immunet) [On_Demand | Stopped] -- C:\Program Files\Immunet Protect\tetra\scan.dll -- (scan)
SRV - [2010/12/21 13:05:52 | 000,548,864 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PrismXL.sys -- (PrismXL)
SRV - [2010/12/16 20:14:52 | 001,597,120 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe -- (tmlisten)
SRV - [2010/12/16 20:09:54 | 001,509,312 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe -- (ntrtscan)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/10/06 06:56:16 | 002,002,728 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\Teamviewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/06/29 12:20:40 | 000,497,080 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe -- (TmPfw)
SRV - [2010/06/15 12:34:30 | 000,345,424 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\..\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2010/04/25 01:36:36 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/05/07 13:52:30 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/19 03:55:36 | 000,118,784 | ---- | M] (AuthenTec,Inc) [On_Demand | Stopped] -- C:\WINDOWS\system32\FpLogonServ.exe -- (FingerprintServer)
SRV - [2009/03/19 03:53:02 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\DTS.exe -- (dtsvc)
SRV - [2009/03/19 03:52:56 | 000,106,496 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\ADMonitor.exe -- (ADMonitor)
SRV - [2009/03/19 03:48:34 | 001,680,632 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\WINDOWS\system32\AtService.exe -- (ATService)
SRV - [2008/08/28 12:36:22 | 000,081,920 | ---- | M] (PatchLink Corporation) [Auto | Running] -- C:\Program Files\PatchLink\Update Agent\GravitixService.exe -- (PatchLink Update)
SRV - [2008/08/18 17:45:42 | 000,346,720 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2008/06/15 14:34:20 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/04/25 07:15:24 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/06 19:35:10 | 000,014,376 | ---- | M] (International Business Machines Corporation) [On_Demand | Stopped] -- C:\Program Files\Quest Software\Toad for Data Analysis Trial 1.0\DB2 Client\BIN\db2sec.exe -- (DB2NTSECSERVER_TAEVAL10) DB2 Security Server (TAEVAL10)
SRV - [2006/11/06 19:33:56 | 000,035,880 | ---- | M] (International Business Machines Corporation) [Auto | Running] -- C:\Program Files\Quest Software\Toad for Data Analysis Trial 1.0\DB2 Client\BIN\db2mgmtsvc.exe -- (DB2MGMTSVC_TAEVAL10) DB2 Management Service (TAEVAL10)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/05/23 20:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/03/03 19:11:32 | 000,466,944 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbtcoms.exe -- (dlbt_device)
SRV - [2003/05/05 21:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)

========== Driver Services (SafeList) ==========

DRV - [2011/04/11 21:07:56 | 000,041,424 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ImmunetProtect.sys -- (ImmunetProtectDriver)
DRV - [2011/04/11 21:07:56 | 000,031,184 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ImmunetSelfProtect.sys -- (ImmunetSelfProtectDriver)
DRV - [2010/12/14 11:34:14 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/12/14 11:34:14 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/12/07 15:54:52 | 000,177,232 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/12/07 15:54:52 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/12/07 15:54:52 | 000,057,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/11/25 10:43:00 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/11/08 21:05:38 | 000,090,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010/10/20 19:45:16 | 000,249,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter)
DRV - [2010/10/20 19:45:06 | 000,036,432 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2010/10/20 19:30:02 | 001,331,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\VsapiNT.sys -- (VSApiNt)
DRV - [2010/07/21 16:47:00 | 000,341,584 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\user1\Local Settings\Temp\SAS_SelfExtract\saskutil.sys -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\user1\Local Settings\Temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/08/20 11:19:18 | 000,033,920 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\covpndrv.sys -- (urvpndrv)
DRV - [2009/08/20 11:19:15 | 000,010,752 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\urfltw2k.sys -- (f5ipfw)
DRV - [2009/07/07 19:53:02 | 000,028,160 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2009/03/19 20:09:40 | 000,482,176 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/09/25 06:22:02 | 003,634,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/09/24 23:49:52 | 000,031,680 | R--- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2008/09/19 22:29:54 | 000,243,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2008/08/19 20:15:06 | 000,991,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/08/19 20:15:04 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/06/12 16:38:52 | 000,764,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2008/04/09 18:16:48 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/04/09 18:16:48 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/04/09 18:16:48 | 000,210,560 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/03/26 13:21:06 | 000,013,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (tpm)
DRV - [2008/03/26 13:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2008/02/15 17:01:00 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/01/03 13:32:52 | 002,782,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/07/30 10:54:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 09:42:00 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@onlive.com/OlGameDetect,version=1.1.0.69034: C:\Program Files\OnLive\FirefoxPlugin\npolgdet.dll (OnLive)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2166.3772\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\user1\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\user1\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\user1\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/22 20:35:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/16 11:08:07 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/22 20:35:25 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/16 11:08:07 | 000,000,000 | ---D | M]

[2009/06/01 17:23:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user1\Application Data\Mozilla\Extensions
[2011/07/02 15:37:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\slul1wop.default\extensions
[2011/07/02 15:37:46 | 000,000,000 | ---D | M] (ShopAtHome.com Intelligent Shopping Toolbar) -- C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\slul1wop.default\extensions\[email protected]
[2011/03/29 09:37:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/06/22 20:35:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/07/15 11:31:25 | 000,305,837 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 10528 more lines...
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DLBTCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.DLL ()
O4 - HKLM..\Run: [gidle] C:\Program Files\gAlwaysIdle\gidle.exe ()
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [Immunet Protect] C:\Program Files\Immunet Protect\2.0.17\iptray.exe (Immunet)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PDDM] C:\Program Files\PatchLink\Update Agent\pddm.exe (PatchLink Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [sealmon.exe] C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe (Oracle Corporation)
O4 - HKLM..\Run: [SelectRebates] C:\Program Files\SelectRebates\SelectRebates.exe ()
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK = C:\Program Files\New Boundary\Client\LocalClient.EXE (New Boundary Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\user1\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\user1\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://ohcinav01:43...ll/WinNTChk.cab (ObjWinNTCheck Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://stderav01:43...stall/setup.cab (OfficeScan Corp Edition Web-Deployment SetupCtrl Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanne...yerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {21EC36C8-5D54-4EF8-AAFC-BE6D34661A2A} http://magellan.dolp...tBound_mail.cab (Siebel Email Support for Microsoft Outlook and Lotus Notes)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O18 - Protocol\Handler\qrev {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - C:\Program Files\Quest Software\Toad for Oracle\RNetPin.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ATFUS: DllName - C:\WINDOWS\system32\FpWinLogonNp.dll - C:\WINDOWS\system32\FpWinlogonNp.dll (AuthenTec,Inc)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/17 22:01:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2c52f558-81e7-11de-9e82-0022fa93e9b0}\Shell\AutoRun\command - "" = E:\DRIVE\file.exe
O33 - MountPoints2\{2c52f558-81e7-11de-9e82-0022fa93e9b0}\Shell\open\command - "" = E:\DRIVE\file.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/08 11:27:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Desktop\Oak Tree Market
[2011/07/06 13:28:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Desktop\virus
[2011/07/02 15:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\SelectRebates
[2011/06/29 11:19:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\PINCodes
[2011/06/27 11:27:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\My Documents\Oak Tree Market
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/15 15:24:00 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4027829005-1107895287-290554039-19765UA.job
[2011/07/15 15:18:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/15 15:06:22 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/07/15 11:13:40 | 000,466,930 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/15 11:13:40 | 000,087,172 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/15 11:10:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/15 11:10:15 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/15 11:07:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/14 22:44:09 | 000,009,446 | ---- | M] () -- C:\WINDOWS\cfgall.ini
[2011/07/14 16:24:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4027829005-1107895287-290554039-19765Core.job
[2011/07/14 10:01:43 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Excel 2007.lnk
[2011/07/13 12:52:03 | 000,292,480 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\Consent.JPG
[2011/07/13 12:44:53 | 000,048,992 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\consent_form_20110713[1].pdf
[2011/07/12 18:31:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/06 12:04:47 | 000,000,155 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2011/06/20 12:24:56 | 007,565,285 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\slow-blues-A-dolphinstreet.mp3
[2011/06/18 12:23:09 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Word 2007.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/13 12:52:03 | 000,292,480 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\Consent.JPG
[2011/07/13 12:44:53 | 000,048,992 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\consent_form_20110713[1].pdf
[2011/06/20 12:24:05 | 007,565,285 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\slow-blues-A-dolphinstreet.mp3
[2011/03/25 11:24:44 | 000,186,616 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/22 21:45:27 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\user1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/30 14:55:52 | 000,314,070 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/12/14 11:34:14 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010/12/14 11:34:14 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010/12/01 14:21:43 | 000,010,579 | ---- | C] () -- C:\WINDOWS\cfgwtp.ini
[2010/07/16 15:30:12 | 000,000,205 | ---- | C] () -- C:\WINDOWS\Hop.ini
[2010/07/14 12:49:55 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\user1\Application Data\winscp.rnd
[2010/07/09 14:55:03 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2010/06/15 14:52:41 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/05/18 13:44:31 | 000,000,067 | ---- | C] () -- C:\WINDOWS\ERK.INI
[2010/04/05 13:57:37 | 000,499,200 | ---- | C] () -- C:\WINDOWS\System32\WZDPlay.dll
[2010/03/29 09:12:32 | 000,003,530 | ---- | C] () -- C:\Documents and Settings\user1\Local Settings\Application Data\springsettings.cfg
[2010/01/22 15:19:21 | 000,000,571 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2010/01/22 15:15:32 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsb.dll
[2010/01/22 15:15:32 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dlbtcub.dll
[2010/01/22 15:15:31 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlbtins.dll
[2010/01/22 15:15:31 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsr.dll
[2010/01/22 15:15:31 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
[2010/01/22 15:15:29 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2010/01/22 15:15:29 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2010/01/22 15:15:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll
[2010/01/22 15:15:28 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll
[2010/01/22 15:15:27 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2010/01/22 15:15:22 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2009/12/31 16:07:02 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/12/31 16:07:02 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2009/12/10 19:47:59 | 000,065,612 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/06/27 14:50:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2009/06/27 14:47:28 | 000,000,236 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/06/27 14:47:28 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/06/27 14:47:28 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2009/06/27 14:47:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2009/06/27 01:06:22 | 000,000,463 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/06/27 01:06:22 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/06/27 01:06:22 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2009/06/24 11:03:55 | 000,000,073 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2009/06/01 17:23:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/05/28 12:21:58 | 000,378,880 | ---- | C] () -- C:\WINDOWS\System32\KXauth.dll
[2009/05/15 18:17:40 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2009/05/15 18:17:19 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2009/05/07 14:16:20 | 000,009,446 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2009/05/07 02:46:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/05/07 02:46:42 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/05/07 02:46:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/05/07 02:46:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/05/07 02:46:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/05/07 02:46:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/04/23 07:56:40 | 002,026,604 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/04/23 07:56:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4990.dll
[2009/04/23 07:56:38 | 000,442,964 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/03/19 03:53:02 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\DTS.exe
[2009/03/19 03:52:56 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\ADMonitor.exe
[2009/01/05 08:27:08 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009/01/05 08:27:08 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/01/05 08:27:08 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/01/05 08:27:07 | 000,158,080 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/01/05 08:25:24 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/12/30 07:45:13 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/12/30 07:45:12 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/12/30 07:45:12 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/30 07:45:12 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/12/30 07:45:10 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/10/20 08:27:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/10/17 22:03:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/10/17 21:59:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/10/17 17:55:48 | 000,004,392 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/17 17:54:36 | 000,335,976 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/17 10:36:53 | 000,060,928 | ---- | C] () -- C:\WINDOWS\unleap.exe
[2008/10/17 10:33:04 | 000,029,728 | ---- | C] () -- C:\WINDOWS\System32\raddrv.dll
[2008/10/17 10:29:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/17 10:25:30 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/10/17 10:22:46 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\cwbrw.dll
[2008/10/17 10:22:46 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\cwbsv.dll
[2008/10/17 10:22:46 | 000,020,533 | ---- | C] () -- C:\WINDOWS\System32\cwbunplp.exe
[2008/10/17 10:22:46 | 000,020,528 | ---- | C] () -- C:\WINDOWS\System32\cwbwiz.dll
[2008/10/17 10:22:46 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbsy.dll
[2008/10/17 10:22:46 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbnl.dll
[2008/10/17 10:22:46 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbnldlg.dll
[2008/10/17 10:22:46 | 000,000,251 | ---- | C] () -- C:\WINDOWS\System32\drivers\hlldrvr.sys
[2008/10/17 10:22:45 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbco.dll
[2008/10/17 10:22:45 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbad.dll
[2008/10/17 09:31:05 | 000,008,636 | ---- | C] () -- C:\WINDOWS\modifyPE.exe
[2008/10/17 09:31:04 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll
[2008/10/17 09:31:03 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\cabarc.exe
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/08/18 17:44:34 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 04:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/12/31 06:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/08/23 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 07:00:00 | 000,466,930 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 07:00:00 | 000,087,172 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 07:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll
[2001/08/23 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/10/13 15:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2009/12/31 16:03:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/12/10 16:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DS Development
[2011/04/10 22:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/05/17 16:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCB Artist
[2009/05/28 12:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Quest Software
[2011/07/15 11:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/07 02:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2009/10/23 15:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/09/21 12:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\.minecraft
[2009/12/07 23:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Amazon
[2008/10/17 10:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Canneverbe_Limited
[2011/04/10 20:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\DriverCure
[2011/07/15 11:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Dropbox
[2009/12/10 16:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\DS Development
[2011/07/08 10:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\emf
[2011/05/25 15:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Glory of the Roman Empire Demo
[2011/04/04 10:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Immunet
[2009/06/01 22:18:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\InterVideo
[2010/12/29 11:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Jeskola
[2009/12/10 15:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\MAPILab Ltd
[2010/12/02 20:33:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\OnLive App
[2011/04/10 20:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\ParetoLogic
[2011/01/21 23:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\PriceGong
[2009/05/18 14:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Software
[2010/03/29 09:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\springsettings
[2010/07/14 12:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\SSH
[2010/12/21 13:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\TeamViewer
[2010/12/14 11:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Ubisoft
[2011/01/26 14:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\uTorrent
[2011/04/24 14:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\wargaming.net
[2010/04/05 13:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\WarZone
[2011/07/14 11:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\webex
[2010/08/23 13:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Windows Desktop Search
[2010/08/23 14:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Windows Search
[2011/03/15 14:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Wizards of the Coast
[2011/03/25 11:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Xtranormal

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 238 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D282699C
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

Here is the aswMBR log:

aswMBR version 0.9.7.750 Copyright© 2011 AVAST Software
Run date: 2011-07-15 15:55:43
-----------------------------
15:55:43.015 OS Version: Windows 5.1.2600 Service Pack 3
15:55:43.015 Number of processors: 2 586 0x170A
15:55:43.015 ComputerName: stderUSER1 UserName: user1
15:55:45.125 Initialize success
15:56:59.656 AVAST engine defs: 11071501
15:57:07.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:57:07.812 Disk 0 Vendor: ST916082 3.CM Size: 152627MB BusType: 3
15:57:07.843 Disk 0 MBR read successfully
15:57:07.843 Disk 0 MBR scan
15:57:07.921 Disk 0 Windows XP default MBR code
15:57:07.937 Disk 0 scanning sectors +312575760
15:57:08.062 Disk 0 scanning C:\WINDOWS\system32\drivers
15:57:12.796 File: C:\WINDOWS\system32\drivers\ati2mtag.sys **SUSPICIOUS**
15:57:18.406 File: C:\WINDOWS\system32\drivers\cdrom.sys **SUSPICIOUS**
15:58:01.437 Service scanning
15:58:02.750 Disk 0 trace - called modules:
15:58:02.765
15:58:03.828 AVAST engine scan C:\WINDOWS
16:07:10.375 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user1\Desktop\virus\MBR.dat"
16:07:10.390 The log file has been saved successfully to "C:\Documents and Settings\user1 \Desktop\virus\aswMBR071511.txt"

#4
Essexboy

Posted 15 July 2011 - 03:53 PM

GeekU Moderator

Retired Staff
69,964 posts

OK lets now check out the suspicious files

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

#5
Maxihup

Posted 15 July 2011 - 06:34 PM

Member

Topic Starter
Member
64 posts

Tried to run combofix(after turning off AV software). It did not try to install revovery console.

Kept getting dialog boxes saying could not find NIRCMD and NIRKMD. Hit OK and it would continue on but the boxes kept coming up.

Also got boxes saying PEV.cfxxe encountered a problem and needs to close. Hit ok and the stage would complete. Got the pev.cfxxe warning between each stage of combofix and many errors in combofix about NIRCMD and NIRKMD.

Here is the log produced:

ComboFix 11-07-15.02 - user1 07/15/2011 17:11:57.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1976.989 [GMT -5:00]
Running from: C:\Documents and Settings\user1\Desktop\ComboFix.exe
AV: Immunet Protect *Enabled/Updated* {F1220F1F-7E2E-48CD-846D-B98C6F85CD37}
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {4CA5B9AB-4295-4D4C-9664-0EBE85AE0525}
FW: Trend Micro Personal Firewall *Enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

/wow section - STAGE 4
'NIRCMD' is not recognized as an internal or external command
'NIRCMD' is not recognized as an internal or external command
The system cannot find the file NIRKMD.
'NircmdB.exe' is not recognized as an internal or external command
The system cannot find the file NIRKMD.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The system cannot find the file NIRKMD.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The system cannot find the file tempAA.
Could Not Find C:\ComboFix\tempAA

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The process cannot access the file because it is being used by another process.

/wow section - STAGE 27

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The system cannot find the file NIRKMD.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The system cannot find the file temp0400.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
FINDSTR: Cannot read file list from temp0400

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The system cannot find the file NIRKMD.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The system cannot find the file NIRKMD.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The system cannot find the file NIRKMD.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The system cannot find the file NIRKMD.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The process cannot access the file because it is being used by another process.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The system cannot find the file temp0700.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The system cannot find the file NIRKMD.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
SED: can't read temp0800: No such file or directory

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The system cannot find the file NIRKMD.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
SED: can't read temp0900: No such file or directory

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The system cannot find the file NIRKMD.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The system cannot find the file NIRKMD.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
SED: can't read temp1500: No such file or directory

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
SED: can't read temp1505: No such file or directory

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The system cannot find the file NIRKMD.
'.0.\\.' is not recognized as an internal or external command

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The system cannot find the file NIRKMD.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The system cannot find the file NIRKMD.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The system cannot find the file NIRKMD.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
FINDSTR: Cannot open temp2000

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The system cannot find the file NIRKMD.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The system cannot find the file NIRKMD.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
SED: can't read temp2201: No such file or directory

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
temp2200The system cannot find the file specified.
SED: can't read temp2201: No such file or directory
SED: can't read temp2201: No such file or directory

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The system cannot find the file NIRKMD.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
SED: can't read temp2400: No such file or directory

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
grep: temp2401: No such file or directory

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The system cannot find the file NIRKMD.
'NIRCMD' is not recognized as an internal or external command

/wow section - STAGE 48

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The system cannot find the file NIRKMD.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The system cannot find the file NIRKMD.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The system cannot find the file NIRKMD.
The system cannot find the file NIRKMD.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The system cannot find the file NIRKMD.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The process cannot access the file because it is being used by another process.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
SED: can't read WrgNameDLL00: No such file or directory

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
SED: can't read VList02: No such file or directory
SED: can't read VList02: No such file or directory

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The system cannot find the file NIRKMD.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
v-tmp0.datThe system cannot find the file specified.
SED: can't read temp3100: No such file or directory

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The system cannot find the file NIRKMD.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
SED: can't read OriO4Files.dat: No such file or directory

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
OriO4FilesB.datThe system cannot find the file specified.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
Could Not Find C:\ComboFix\OriO400

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The system cannot find the file NIRKMD.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
SED: can't read temp3300: No such file or directory
FINDSTR: Cannot open temp3300
SED: can't read temp3300: No such file or directory

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
SED: can't read temp3300: No such file or directory

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
SED: can't read temp3300: No such file or directory

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The system cannot find the file NIRKMD.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The system cannot find the file NIRKMD.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The system cannot find the file NIRKMD.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The system cannot find the file NIRKMD.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The system cannot find the file NIRKMD.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The system cannot find the file NIRKMD.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The system cannot find the file NIRKMD.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The system cannot find the file NIRKMD.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The system cannot find the file NIRKMD.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The system cannot find the file NIRKMD.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The system cannot find the file NIRKMD.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The system cannot find the file NIRKMD.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The system cannot find the file NIRKMD.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The system cannot find the file temp4700.
The system cannot find the file temp4700.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The system cannot find the file temp4700.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The process cannot access the file because it is being used by another process.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The system cannot find the file temp4700.
Could Not Find C:\ComboFix\temp4700

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
The process cannot access the file because it is being used by another process.

/wow section not completed

#6
Essexboy

Posted 16 July 2011 - 04:39 AM

GeekU Moderator

Retired Staff
69,964 posts

OK something is blocking us, time to change tack

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.

Posted Image

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

Posted Image

#7
Essexboy

Posted 20 July 2011 - 01:06 PM

GeekU Moderator

Retired Staff
69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

#8
Essexboy

Posted 27 July 2011 - 10:12 AM

GeekU Moderator

Retired Staff
69,964 posts

User returned

#9
Maxihup

Posted 27 July 2011 - 01:42 PM

Member

Topic Starter
Member
64 posts

Tanks for reopening. Here is a fresh OTL log;

OTL logfile created on: 7/27/2011 2:22:33 PM - Run 3
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Documents and Settings\user1\Desktop\virus
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.64 Gb Available Physical Memory | 33.09% Memory free
3.78 Gb Paging File | 2.61 Gb Available in Paging File | 69.15% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 71.29 Gb Free Space | 47.83% Space Free | Partition Type: NTFS

Computer Name: Comp1 | User Name: user1 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/06 13:31:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user1\Desktop\virus\OTL.exe
PRC - [2011/05/25 15:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\user1\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/04/11 21:07:51 | 002,615,624 | ---- | M] (Immunet) -- C:\Program Files\Immunet Protect\2.0.17\iptray.exe
PRC - [2011/04/11 21:07:50 | 000,756,680 | ---- | M] (Immunet Corporation) -- C:\Program Files\Immunet Protect\2.0.17\agent.exe
PRC - [2010/12/30 05:23:20 | 000,874,832 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
PRC - [2010/12/21 13:05:52 | 000,548,864 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PrismXL.sys
PRC - [2010/12/16 20:14:52 | 001,597,120 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
PRC - [2010/12/16 20:09:54 | 001,509,312 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
PRC - [2010/12/15 02:54:24 | 000,445,048 | ---- | M] () -- C:\WINDOWS\Downloaded Program Files\TunnelServer.exe
PRC - [2010/11/01 15:15:12 | 000,886,752 | ---- | M] () -- C:\Program Files\SelectRebates\SelectRebates.exe
PRC - [2010/10/06 06:56:16 | 002,002,728 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\Teamviewer\Version5\TeamViewer_Service.exe
PRC - [2010/10/06 06:56:12 | 006,265,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\Teamviewer\Version5\TeamViewer.exe
PRC - [2010/06/29 12:20:40 | 000,497,080 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
PRC - [2010/06/15 12:34:30 | 000,345,424 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2010/04/25 01:36:36 | 000,689,416 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
PRC - [2010/04/01 10:57:52 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2009/10/21 11:10:58 | 000,370,952 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe
PRC - [2009/03/19 03:53:02 | 000,098,304 | ---- | M] () -- C:\WINDOWS\system32\DTS.exe
PRC - [2009/03/19 03:48:34 | 001,680,632 | ---- | M] (AuthenTec, Inc.) -- C:\WINDOWS\system32\AtService.exe
PRC - [2008/10/17 09:32:35 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/08/28 12:36:22 | 000,081,920 | ---- | M] (PatchLink Corporation) -- C:\Program Files\PatchLink\Update Agent\GravitixService.exe
PRC - [2008/08/28 12:35:54 | 000,847,872 | ---- | M] (PatchLink Corporation) -- C:\Program Files\PatchLink\Update Agent\pddm.exe
PRC - [2008/08/18 17:45:42 | 000,346,720 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2008/07/03 22:17:00 | 000,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2008/06/15 14:34:20 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/01/07 15:35:08 | 000,049,152 | ---- | M] () -- C:\Program Files\gAlwaysIdle\gidle.exe
PRC - [2007/09/13 20:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2007/01/01 16:22:02 | 003,776,512 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006/11/06 19:33:56 | 000,035,880 | ---- | M] (International Business Machines Corporation) -- C:\Program Files\Quest Software\Toad for Data Analysis Trial 1.0\DB2 Client\BIN\db2mgmtsvc.exe
PRC - [2006/05/23 20:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/05/18 15:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2004/07/20 11:34:28 | 000,851,968 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter2\brctrcen.exe
PRC - [2003/12/12 19:50:34 | 000,033,792 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2003/05/05 21:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe

========== Modules (SafeList) ==========

MOD - [2011/07/06 13:31:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user1\Desktop\virus\OTL.exe
MOD - [2008/04/14 04:42:52 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/01/09 05:40:18 | 000,065,536 | ---- | M] () -- C:\Program Files\gAlwaysIdle\gidle.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SessionLauncher)
SRV - File not found [Auto | Stopped] -- -- (r_server)
SRV - [2011/04/11 21:07:50 | 000,756,680 | ---- | M] (Immunet Corporation) [Auto | Running] -- C:\Program Files\Immunet Protect\2.0.17\agent.exe -- (ImmunetProtect)
SRV - [2011/04/04 10:04:39 | 000,326,224 | ---- | M] (Immunet) [On_Demand | Stopped] -- C:\Program Files\Immunet Protect\tetra\scan.dll -- (scan)
SRV - [2010/12/21 13:05:52 | 000,548,864 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PrismXL.sys -- (PrismXL)
SRV - [2010/12/16 20:14:52 | 001,597,120 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe -- (tmlisten)
SRV - [2010/12/16 20:09:54 | 001,509,312 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe -- (ntrtscan)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/10/06 06:56:16 | 002,002,728 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\Teamviewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/06/29 12:20:40 | 000,497,080 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe -- (TmPfw)
SRV - [2010/06/15 12:34:30 | 000,345,424 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\..\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2010/04/25 01:36:36 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/05/07 13:52:30 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/19 03:55:36 | 000,118,784 | ---- | M] (AuthenTec,Inc) [On_Demand | Stopped] -- C:\WINDOWS\system32\FpLogonServ.exe -- (FingerprintServer)
SRV - [2009/03/19 03:53:02 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\DTS.exe -- (dtsvc)
SRV - [2009/03/19 03:52:56 | 000,106,496 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\ADMonitor.exe -- (ADMonitor)
SRV - [2009/03/19 03:48:34 | 001,680,632 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\WINDOWS\system32\AtService.exe -- (ATService)
SRV - [2008/08/28 12:36:22 | 000,081,920 | ---- | M] (PatchLink Corporation) [Auto | Running] -- C:\Program Files\PatchLink\Update Agent\GravitixService.exe -- (PatchLink Update)
SRV - [2008/08/18 17:45:42 | 000,346,720 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2008/06/15 14:34:20 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/04/25 07:15:24 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/06 19:35:10 | 000,014,376 | ---- | M] (International Business Machines Corporation) [On_Demand | Stopped] -- C:\Program Files\Quest Software\Toad for Data Analysis Trial 1.0\DB2 Client\BIN\db2sec.exe -- (DB2NTSECSERVER_TAEVAL10) DB2 Security Server (TAEVAL10)
SRV - [2006/11/06 19:33:56 | 000,035,880 | ---- | M] (International Business Machines Corporation) [Auto | Running] -- C:\Program Files\Quest Software\Toad for Data Analysis Trial 1.0\DB2 Client\BIN\db2mgmtsvc.exe -- (DB2MGMTSVC_TAEVAL10) DB2 Management Service (TAEVAL10)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/05/23 20:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/03/03 19:11:32 | 000,466,944 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbtcoms.exe -- (dlbt_device)
SRV - [2003/05/05 21:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)

========== Driver Services (SafeList) ==========

DRV - [2011/04/11 21:07:56 | 000,041,424 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ImmunetProtect.sys -- (ImmunetProtectDriver)
DRV - [2011/04/11 21:07:56 | 000,031,184 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ImmunetSelfProtect.sys -- (ImmunetSelfProtectDriver)
DRV - [2010/12/14 11:34:14 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/12/14 11:34:14 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/12/07 15:54:52 | 000,177,232 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/12/07 15:54:52 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/12/07 15:54:52 | 000,057,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/11/25 10:43:00 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/11/08 21:05:38 | 000,090,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010/10/20 19:45:16 | 000,249,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter)
DRV - [2010/10/20 19:45:06 | 000,036,432 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2010/10/20 19:30:02 | 001,331,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\VsapiNT.sys -- (VSApiNt)
DRV - [2010/07/21 16:47:00 | 000,341,584 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2009/08/20 11:19:18 | 000,033,920 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\covpndrv.sys -- (urvpndrv)
DRV - [2009/08/20 11:19:15 | 000,010,752 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\urfltw2k.sys -- (f5ipfw)
DRV - [2009/07/07 19:53:02 | 000,028,160 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2009/03/19 20:09:40 | 000,482,176 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/09/25 06:22:02 | 003,634,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/09/24 23:49:52 | 000,031,680 | R--- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2008/09/19 22:29:54 | 000,243,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2008/08/19 20:15:06 | 000,991,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/08/19 20:15:04 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/06/12 16:38:52 | 000,764,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2008/04/09 18:16:48 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/04/09 18:16:48 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/04/09 18:16:48 | 000,210,560 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/03/26 13:21:06 | 000,013,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (tpm)
DRV - [2008/03/26 13:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2008/02/15 17:01:00 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/01/03 13:32:52 | 002,782,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/07/30 10:54:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 09:42:00 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@onlive.com/OlGameDetect,version=1.1.0.69034: C:\Program Files\OnLive\FirefoxPlugin\npolgdet.dll (OnLive)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2166.3772\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\user1\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\user1\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\user1\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/22 20:35:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/16 11:08:07 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/22 20:35:25 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/16 11:08:07 | 000,000,000 | ---D | M]

[2009/06/01 17:23:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user1\Application Data\Mozilla\Extensions
[2011/07/02 15:37:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\slul1wop.default\extensions
[2011/07/02 15:37:46 | 000,000,000 | ---D | M] (ShopAtHome.com Intelligent Shopping Toolbar) -- C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\slul1wop.default\extensions\[email protected]
[2011/03/29 09:37:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/06/22 20:35:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/07/27 09:27:56 | 000,305,837 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 10528 more lines...
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DLBTCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.DLL ()
O4 - HKLM..\Run: [gidle] C:\Program Files\gAlwaysIdle\gidle.exe ()
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [Immunet Protect] C:\Program Files\Immunet Protect\2.0.17\iptray.exe (Immunet)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PDDM] C:\Program Files\PatchLink\Update Agent\pddm.exe (PatchLink Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [sealmon.exe] C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe (Oracle Corporation)
O4 - HKLM..\Run: [SelectRebates] C:\Program Files\SelectRebates\SelectRebates.exe ()
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK = C:\Program Files\New Boundary\Client\LocalClient.EXE (New Boundary Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\user1\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\user1\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanne...yerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} https://www-307.ibm....ntent/AcpIR.cab (IASRunner Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://freetrial.we...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O18 - Protocol\Handler\qrev {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - C:\Program Files\Quest Software\Toad for Oracle\RNetPin.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ATFUS: DllName - C:\WINDOWS\system32\FpWinLogonNp.dll - C:\WINDOWS\system32\FpWinlogonNp.dll (AuthenTec,Inc)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/17 22:01:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2c52f558-81e7-11de-9e82-0022fa93e9b0}\Shell\AutoRun\command - "" = E:\DRIVE\file.exe
O33 - MountPoints2\{2c52f558-81e7-11de-9e82-0022fa93e9b0}\Shell\open\command - "" = E:\DRIVE\file.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/15 19:45:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/15 17:08:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/15 17:08:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/15 17:08:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/15 17:07:29 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/07/15 17:03:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/15 17:03:41 | 000,012,568 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2011/07/15 17:03:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/15 17:01:35 | 004,153,571 | R--- | C] (Swearware) -- C:\Documents and Settings\user1\Desktop\ComboFix.exe
[2011/07/06 13:28:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Desktop\virus
[2011/07/02 15:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\SelectRebates
[2011/06/29 11:19:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\PINCodes
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/27 14:24:00 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4027829005-1107895287-290554039-19765UA.job
[2011/07/27 14:18:01 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/27 13:39:33 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Word 2007.lnk
[2011/07/27 12:54:12 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/07/27 09:32:20 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Excel 2007.lnk
[2011/07/27 09:07:02 | 000,466,930 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/27 09:07:02 | 000,087,172 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/27 09:04:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/27 09:03:11 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/27 09:02:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/27 05:49:45 | 000,009,446 | ---- | M] () -- C:\WINDOWS\cfgall.ini
[2011/07/26 18:31:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/26 16:24:01 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4027829005-1107895287-290554039-19765Core.job
[2011/07/25 12:07:35 | 000,000,155 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2011/07/22 13:22:38 | 012,764,473 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\voodoo child (2).mp3
[2011/07/22 11:30:12 | 000,026,104 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\Farmrs marketbookmarks.html
[2011/07/15 17:03:41 | 000,012,568 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2011/07/15 17:01:37 | 004,153,571 | R--- | M] (Swearware) -- C:\Documents and Settings\user1\Desktop\ComboFix.exe
[2011/07/14 13:42:44 | 000,672,654 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\Flyer Single.bmp
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/22 13:22:20 | 012,764,473 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\voodoo child (2).mp3
[2011/07/22 11:30:12 | 000,026,104 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\Farmrs marketbookmarks.html
[2011/07/16 15:08:29 | 000,672,654 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\Flyer Single.bmp
[2011/07/15 17:08:06 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/15 17:08:06 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/15 17:08:06 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/15 17:08:06 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/15 17:08:06 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/25 11:24:44 | 000,186,616 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/22 21:45:27 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\user1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/30 14:55:52 | 000,314,070 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/12/14 11:34:14 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010/12/14 11:34:14 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010/12/01 14:21:43 | 000,010,579 | ---- | C] () -- C:\WINDOWS\cfgwtp.ini
[2010/07/16 15:30:12 | 000,000,205 | ---- | C] () -- C:\WINDOWS\Hop.ini
[2010/07/14 12:49:55 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\user1\Application Data\winscp.rnd
[2010/07/09 14:55:03 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2010/06/15 14:52:41 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/05/18 13:44:31 | 000,000,067 | ---- | C] () -- C:\WINDOWS\ERK.INI
[2010/04/05 13:57:37 | 000,499,200 | ---- | C] () -- C:\WINDOWS\System32\WZDPlay.dll
[2010/03/29 09:12:32 | 000,003,530 | ---- | C] () -- C:\Documents and Settings\user1\Local Settings\Application Data\springsettings.cfg
[2010/01/22 15:19:21 | 000,000,571 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2010/01/22 15:15:32 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsb.dll
[2010/01/22 15:15:32 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dlbtcub.dll
[2010/01/22 15:15:31 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlbtins.dll
[2010/01/22 15:15:31 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsr.dll
[2010/01/22 15:15:31 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
[2010/01/22 15:15:29 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2010/01/22 15:15:29 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2010/01/22 15:15:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll
[2010/01/22 15:15:28 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll
[2010/01/22 15:15:27 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2010/01/22 15:15:22 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2009/12/31 16:07:02 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/12/31 16:07:02 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2009/12/10 19:47:59 | 000,065,612 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/06/27 14:50:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2009/06/27 14:47:28 | 000,000,236 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/06/27 14:47:28 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/06/27 14:47:28 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2009/06/27 14:47:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2009/06/27 01:06:22 | 000,000,463 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/06/27 01:06:22 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/06/27 01:06:22 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2009/06/24 11:03:55 | 000,000,073 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2009/06/01 17:23:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/05/28 12:21:58 | 000,378,880 | ---- | C] () -- C:\WINDOWS\System32\KXauth.dll
[2009/05/15 18:17:40 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2009/05/15 18:17:19 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2009/05/07 14:16:20 | 000,009,446 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2009/05/07 02:46:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/05/07 02:46:42 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/05/07 02:46:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/05/07 02:46:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/05/07 02:46:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/05/07 02:46:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/04/23 07:56:40 | 002,026,604 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/04/23 07:56:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4990.dll
[2009/04/23 07:56:38 | 000,442,964 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/03/19 03:53:02 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\DTS.exe
[2009/03/19 03:52:56 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\ADMonitor.exe
[2009/01/05 08:27:08 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009/01/05 08:27:08 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/01/05 08:27:08 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/01/05 08:27:07 | 000,158,080 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/01/05 08:25:24 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/12/30 07:45:13 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/12/30 07:45:12 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/12/30 07:45:12 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/30 07:45:12 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/12/30 07:45:10 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/10/20 08:27:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/10/17 22:03:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/10/17 21:59:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/10/17 17:55:48 | 000,004,392 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/17 17:54:36 | 000,335,976 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/17 10:36:53 | 000,060,928 | ---- | C] () -- C:\WINDOWS\unleap.exe
[2008/10/17 10:33:04 | 000,029,728 | ---- | C] () -- C:\WINDOWS\System32\raddrv.dll
[2008/10/17 10:29:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/17 10:25:30 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/10/17 10:22:46 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\cwbrw.dll
[2008/10/17 10:22:46 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\cwbsv.dll
[2008/10/17 10:22:46 | 000,020,533 | ---- | C] () -- C:\WINDOWS\System32\cwbunplp.exe
[2008/10/17 10:22:46 | 000,020,528 | ---- | C] () -- C:\WINDOWS\System32\cwbwiz.dll
[2008/10/17 10:22:46 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbsy.dll
[2008/10/17 10:22:46 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbnl.dll
[2008/10/17 10:22:46 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbnldlg.dll
[2008/10/17 10:22:46 | 000,000,251 | ---- | C] () -- C:\WINDOWS\System32\drivers\hlldrvr.sys
[2008/10/17 10:22:45 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbco.dll
[2008/10/17 10:22:45 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbad.dll
[2008/10/17 09:31:05 | 000,008,636 | ---- | C] () -- C:\WINDOWS\modifyPE.exe
[2008/10/17 09:31:04 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll
[2008/10/17 09:31:03 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\cabarc.exe
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/08/18 17:44:34 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 04:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/12/31 06:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/08/23 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 07:00:00 | 000,466,930 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 07:00:00 | 000,087,172 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 07:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll
[2001/08/23 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 238 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D282699C
@Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

#10
Essexboy

Posted 27 July 2011 - 01:57 PM

GeekU Moderator

Retired Staff
69,964 posts

On completion of this run can you let me know what the current problems are

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
[2011/07/02 15:37:46 | 000,000,000 | ---D | M] (ShopAtHome.com Intelligent Shopping Toolbar) -- C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\slul1wop.default\extensions\[email protected]
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O4 - HKLM..\Run: [SelectRebates] C:\Program Files\SelectRebates\SelectRebates.exe ()
[2011/07/02 15:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\SelectRebates

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#11
Maxihup

Posted 27 July 2011 - 02:21 PM

Member

Topic Starter
Member
64 posts

Doing this gives an OTL error: Cannot create File C:\\Windows\System32\drivers\etc\Hosts.

Hit OK

Program has text in bottom of window: Resetting Hosts file. DO NOT INTERRUPT

Desktop completly gone except for OTL window

Will update as(if) it progresses.

Edited by Maxihup, 27 July 2011 - 02:24 PM.

#12
Essexboy

Posted 27 July 2011 - 02:26 PM

GeekU Moderator

Retired Staff
69,964 posts

Sometimes it does hang there - if you get bored in about two minutes then close OTL and reboot

#13
Maxihup

Posted 27 July 2011 - 02:37 PM

Member

Topic Starter
Member
64 posts

Still hung. Gonna close and reboot. Want me to try it again after reboot?

#14
Essexboy

Posted 27 July 2011 - 02:38 PM

GeekU Moderator

Retired Staff
69,964 posts

No it shouldn't require it as resethost was the last element anyway

#15
Maxihup

Posted 27 July 2011 - 02:43 PM

Member

Topic Starter
Member
64 posts

Rebooted.

OTL ran on reboot. Message:

Files\Folders moved on Reboot...
C:\\Windows\System32\drivers\etc\Hosts moved successfully

Registry entries deleted on Reboot...

Quick Scanning now

Edited by Maxihup, 27 July 2011 - 02:44 PM.