Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

w32.crypt infection

Started by Maxihup , Jul 06 2011 01:13 PM

This topic is locked

#16
Maxihup

Posted 27 July 2011 - 03:17 PM

Member

Topic Starter
Member
64 posts

OTL logfile created on: 7/27/2011 3:44:38 PM - Run 4
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Documents and Settings\user1\Desktop\virus
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 65.16% Memory free
3.78 Gb Paging File | 3.24 Gb Available in Paging File | 85.70% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 71.30 Gb Free Space | 47.84% Space Free | Partition Type: NTFS
Drive D: | 2.24 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: computer1 | User Name: user1 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/06 13:31:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user1\Desktop\virus\OTL.exe
PRC - [2011/05/25 15:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\user1\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/04/11 21:07:51 | 002,615,624 | ---- | M] (Immunet) -- C:\Program Files\Immunet Protect\2.0.17\iptray.exe
PRC - [2011/04/11 21:07:50 | 000,756,680 | ---- | M] (Immunet Corporation) -- C:\Program Files\Immunet Protect\2.0.17\agent.exe
PRC - [2010/12/30 05:23:20 | 000,874,832 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
PRC - [2010/12/21 13:05:52 | 000,548,864 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PrismXL.sys
PRC - [2010/12/16 20:14:52 | 001,597,120 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
PRC - [2010/12/16 20:09:54 | 001,509,312 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
PRC - [2010/10/06 06:56:16 | 002,002,728 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\Teamviewer\Version5\TeamViewer_Service.exe
PRC - [2010/10/06 06:56:12 | 006,265,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\Teamviewer\Version5\TeamViewer.exe
PRC - [2010/06/29 12:20:40 | 000,497,080 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
PRC - [2010/06/15 12:34:30 | 000,345,424 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2010/04/25 01:36:36 | 000,689,416 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
PRC - [2010/04/01 10:57:52 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2009/10/21 11:10:58 | 000,370,952 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe
PRC - [2009/03/19 03:53:02 | 000,098,304 | ---- | M] () -- C:\WINDOWS\system32\DTS.exe
PRC - [2009/03/19 03:48:34 | 001,680,632 | ---- | M] (AuthenTec, Inc.) -- C:\WINDOWS\system32\AtService.exe
PRC - [2008/10/17 09:32:35 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/08/28 12:36:22 | 000,081,920 | ---- | M] (PatchLink Corporation) -- C:\Program Files\PatchLink\Update Agent\GravitixService.exe
PRC - [2008/08/28 12:35:54 | 000,847,872 | ---- | M] (PatchLink Corporation) -- C:\Program Files\PatchLink\Update Agent\pddm.exe
PRC - [2008/08/18 17:45:42 | 000,346,720 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2008/07/03 22:17:00 | 000,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2008/06/15 14:34:20 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/01/07 15:35:08 | 000,049,152 | ---- | M] () -- C:\Program Files\gAlwaysIdle\gidle.exe
PRC - [2007/09/13 20:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2007/01/01 16:22:02 | 003,776,512 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006/11/06 19:33:56 | 000,035,880 | ---- | M] (International Business Machines Corporation) -- C:\Program Files\Quest Software\Toad for Data Analysis Trial 1.0\DB2 Client\BIN\db2mgmtsvc.exe
PRC - [2006/05/23 20:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/05/18 15:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2004/07/20 11:34:28 | 000,851,968 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter2\brctrcen.exe
PRC - [2003/12/12 19:50:34 | 000,033,792 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2003/05/05 21:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe

========== Modules (SafeList) ==========

MOD - [2011/07/06 13:31:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user1\Desktop\virus\OTL.exe
MOD - [2008/04/14 04:42:52 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/01/09 05:40:18 | 000,065,536 | ---- | M] () -- C:\Program Files\gAlwaysIdle\gidle.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SessionLauncher)
SRV - File not found [Auto | Stopped] -- -- (r_server)
SRV - [2011/04/11 21:07:50 | 000,756,680 | ---- | M] (Immunet Corporation) [Auto | Running] -- C:\Program Files\Immunet Protect\2.0.17\agent.exe -- (ImmunetProtect)
SRV - [2011/04/04 10:04:39 | 000,326,224 | ---- | M] (Immunet) [On_Demand | Stopped] -- C:\Program Files\Immunet Protect\tetra\scan.dll -- (scan)
SRV - [2010/12/21 13:05:52 | 000,548,864 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PrismXL.sys -- (PrismXL)
SRV - [2010/12/16 20:14:52 | 001,597,120 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe -- (tmlisten)
SRV - [2010/12/16 20:09:54 | 001,509,312 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe -- (ntrtscan)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/10/06 06:56:16 | 002,002,728 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\Teamviewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/06/29 12:20:40 | 000,497,080 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe -- (TmPfw)
SRV - [2010/06/15 12:34:30 | 000,345,424 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\..\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2010/04/25 01:36:36 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/05/07 13:52:30 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/19 03:55:36 | 000,118,784 | ---- | M] (AuthenTec,Inc) [On_Demand | Stopped] -- C:\WINDOWS\system32\FpLogonServ.exe -- (FingerprintServer)
SRV - [2009/03/19 03:53:02 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\DTS.exe -- (dtsvc)
SRV - [2009/03/19 03:52:56 | 000,106,496 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\ADMonitor.exe -- (ADMonitor)
SRV - [2009/03/19 03:48:34 | 001,680,632 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\WINDOWS\system32\AtService.exe -- (ATService)
SRV - [2008/08/28 12:36:22 | 000,081,920 | ---- | M] (PatchLink Corporation) [Auto | Running] -- C:\Program Files\PatchLink\Update Agent\GravitixService.exe -- (PatchLink Update)
SRV - [2008/08/18 17:45:42 | 000,346,720 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2008/06/15 14:34:20 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/04/25 07:15:24 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/06 19:35:10 | 000,014,376 | ---- | M] (International Business Machines Corporation) [On_Demand | Stopped] -- C:\Program Files\Quest Software\Toad for Data Analysis Trial 1.0\DB2 Client\BIN\db2sec.exe -- (DB2NTSECSERVER_TAEVAL10) DB2 Security Server (TAEVAL10)
SRV - [2006/11/06 19:33:56 | 000,035,880 | ---- | M] (International Business Machines Corporation) [Auto | Running] -- C:\Program Files\Quest Software\Toad for Data Analysis Trial 1.0\DB2 Client\BIN\db2mgmtsvc.exe -- (DB2MGMTSVC_TAEVAL10) DB2 Management Service (TAEVAL10)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/05/23 20:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/03/03 19:11:32 | 000,466,944 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbtcoms.exe -- (dlbt_device)
SRV - [2003/05/05 21:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)

========== Driver Services (SafeList) ==========

DRV - [2011/04/11 21:07:56 | 000,041,424 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ImmunetProtect.sys -- (ImmunetProtectDriver)
DRV - [2011/04/11 21:07:56 | 000,031,184 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ImmunetSelfProtect.sys -- (ImmunetSelfProtectDriver)
DRV - [2010/12/14 11:34:14 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/12/14 11:34:14 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/12/07 15:54:52 | 000,177,232 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/12/07 15:54:52 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/12/07 15:54:52 | 000,057,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/11/25 10:43:00 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/11/08 21:05:38 | 000,090,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010/10/20 19:45:16 | 000,249,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter)
DRV - [2010/10/20 19:45:06 | 000,036,432 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2010/10/20 19:30:02 | 001,331,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\VsapiNT.sys -- (VSApiNt)
DRV - [2010/07/21 16:47:00 | 000,341,584 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2009/08/20 11:19:18 | 000,033,920 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\covpndrv.sys -- (urvpndrv)
DRV - [2009/08/20 11:19:15 | 000,010,752 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\urfltw2k.sys -- (f5ipfw)
DRV - [2009/07/07 19:53:02 | 000,028,160 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2009/03/19 20:09:40 | 000,482,176 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/09/25 06:22:02 | 003,634,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/09/24 23:49:52 | 000,031,680 | R--- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2008/09/19 22:29:54 | 000,243,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2008/08/19 20:15:06 | 000,991,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/08/19 20:15:04 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/06/12 16:38:52 | 000,764,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2008/04/09 18:16:48 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/04/09 18:16:48 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/04/09 18:16:48 | 000,210,560 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/03/26 13:21:06 | 000,013,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (tpm)
DRV - [2008/03/26 13:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2008/02/15 17:01:00 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/01/03 13:32:52 | 002,782,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/07/30 10:54:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 09:42:00 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@onlive.com/OlGameDetect,version=1.1.0.69034: C:\Program Files\OnLive\FirefoxPlugin\npolgdet.dll (OnLive)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2166.3772\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\user1\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\user1\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\user1\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/22 20:35:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/16 11:08:07 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/22 20:35:25 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/16 11:08:07 | 000,000,000 | ---D | M]

[2009/06/01 17:23:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user1\Application Data\Mozilla\Extensions
[2011/07/02 15:37:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\slul1wop.default\extensions
[2011/07/02 15:37:46 | 000,000,000 | ---D | M] (ShopAtHome.com Intelligent Shopping Toolbar) -- C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\slul1wop.default\extensions\[email protected]
[2011/03/29 09:37:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/06/22 20:35:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DLBTCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.DLL ()
O4 - HKLM..\Run: [gidle] C:\Program Files\gAlwaysIdle\gidle.exe ()
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [Immunet Protect] C:\Program Files\Immunet Protect\2.0.17\iptray.exe (Immunet)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PDDM] C:\Program Files\PatchLink\Update Agent\pddm.exe (PatchLink Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [sealmon.exe] C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe (Oracle Corporation)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK = C:\Program Files\New Boundary\Client\LocalClient.EXE (New Boundary Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\user1\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\user1\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanne...yerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} https://www-307.ibm....ntent/AcpIR.cab (IASRunner Class)
O16 - DPF: {8C244272-1DC1-4CE7-9C6C-FABCA09EB543} http://magellan.ceng...Integration.cab (Siebel Desktop Integration)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://freetrial.we...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O18 - Protocol\Handler\qrev {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - C:\Program Files\Quest Software\Toad for Oracle\RNetPin.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ATFUS: DllName - C:\WINDOWS\system32\FpWinLogonNp.dll - C:\WINDOWS\system32\FpWinlogonNp.dll (AuthenTec,Inc)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/17 22:01:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2c52f558-81e7-11de-9e82-0022fa93e9b0}\Shell\AutoRun\command - "" = E:\DRIVE\file.exe
O33 - MountPoints2\{2c52f558-81e7-11de-9e82-0022fa93e9b0}\Shell\open\command - "" = E:\DRIVE\file.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/27 15:19:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/15 19:45:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/15 17:08:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/15 17:08:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/15 17:08:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/15 17:07:29 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/07/15 17:03:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/15 17:03:41 | 000,012,568 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2011/07/15 17:03:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/15 17:01:35 | 004,153,571 | R--- | C] (Swearware) -- C:\Documents and Settings\user1\Desktop\ComboFix.exe
[2011/07/06 13:28:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Desktop\virus
[2011/06/29 11:19:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\PINCodes
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/27 15:43:52 | 000,466,930 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/27 15:43:52 | 000,087,172 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/27 15:40:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/27 15:40:11 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/27 15:39:34 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/07/27 15:39:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/27 15:24:24 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4027829005-1107895287-290554039-19765UA.job
[2011/07/27 15:18:23 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/27 13:39:33 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Word 2007.lnk
[2011/07/27 09:32:20 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Excel 2007.lnk
[2011/07/27 05:49:45 | 000,009,446 | ---- | M] () -- C:\WINDOWS\cfgall.ini
[2011/07/26 18:31:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/26 16:24:01 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4027829005-1107895287-290554039-19765Core.job
[2011/07/25 12:07:35 | 000,000,155 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2011/07/22 13:22:38 | 012,764,473 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\voodoo child (2).mp3
[2011/07/22 11:30:12 | 000,026,104 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\Farmrs marketbookmarks.html
[2011/07/15 17:03:41 | 000,012,568 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2011/07/15 17:01:37 | 004,153,571 | R--- | M] (Swearware) -- C:\Documents and Settings\user1\Desktop\ComboFix.exe
[2011/07/14 13:42:44 | 000,672,654 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\Flyer Single.bmp
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/22 13:22:20 | 012,764,473 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\voodoo child (2).mp3
[2011/07/22 11:30:12 | 000,026,104 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\Farmrs marketbookmarks.html
[2011/07/16 15:08:29 | 000,672,654 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\Flyer Single.bmp
[2011/07/15 17:08:06 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/15 17:08:06 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/15 17:08:06 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/15 17:08:06 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/15 17:08:06 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/25 11:24:44 | 000,186,616 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/22 21:45:27 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\user1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/30 14:55:52 | 000,314,070 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/12/14 11:34:14 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010/12/14 11:34:14 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010/12/01 14:21:43 | 000,010,579 | ---- | C] () -- C:\WINDOWS\cfgwtp.ini
[2010/07/16 15:30:12 | 000,000,205 | ---- | C] () -- C:\WINDOWS\Hop.ini
[2010/07/14 12:49:55 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\user1\Application Data\winscp.rnd
[2010/07/09 14:55:03 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2010/06/15 14:52:41 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/05/18 13:44:31 | 000,000,067 | ---- | C] () -- C:\WINDOWS\ERK.INI
[2010/04/05 13:57:37 | 000,499,200 | ---- | C] () -- C:\WINDOWS\System32\WZDPlay.dll
[2010/03/29 09:12:32 | 000,003,530 | ---- | C] () -- C:\Documents and Settings\user1\Local Settings\Application Data\springsettings.cfg
[2010/01/22 15:19:21 | 000,000,571 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2010/01/22 15:15:32 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsb.dll
[2010/01/22 15:15:32 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dlbtcub.dll
[2010/01/22 15:15:31 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlbtins.dll
[2010/01/22 15:15:31 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsr.dll
[2010/01/22 15:15:31 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
[2010/01/22 15:15:29 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2010/01/22 15:15:29 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2010/01/22 15:15:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll
[2010/01/22 15:15:28 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll
[2010/01/22 15:15:27 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2010/01/22 15:15:22 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2009/12/31 16:07:02 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/12/31 16:07:02 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2009/12/10 19:47:59 | 000,065,612 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/06/27 14:50:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2009/06/27 14:47:28 | 000,000,236 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/06/27 14:47:28 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/06/27 14:47:28 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2009/06/27 14:47:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2009/06/27 01:06:22 | 000,000,463 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/06/27 01:06:22 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/06/27 01:06:22 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2009/06/24 11:03:55 | 000,000,073 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2009/06/01 17:23:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/05/28 12:21:58 | 000,378,880 | ---- | C] () -- C:\WINDOWS\System32\KXauth.dll
[2009/05/15 18:17:40 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2009/05/15 18:17:19 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2009/05/07 14:16:20 | 000,009,446 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2009/05/07 02:46:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/05/07 02:46:42 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/05/07 02:46:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/05/07 02:46:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/05/07 02:46:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/05/07 02:46:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/04/23 07:56:40 | 002,026,604 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/04/23 07:56:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4990.dll
[2009/04/23 07:56:38 | 000,442,964 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/03/19 03:53:02 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\DTS.exe
[2009/03/19 03:52:56 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\ADMonitor.exe
[2009/01/05 08:27:08 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009/01/05 08:27:08 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/01/05 08:27:08 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/01/05 08:27:07 | 000,158,080 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/01/05 08:25:24 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/12/30 07:45:13 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/12/30 07:45:12 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/12/30 07:45:12 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/30 07:45:12 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/12/30 07:45:10 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/10/20 08:27:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/10/17 22:03:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/10/17 21:59:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/10/17 17:55:48 | 000,004,392 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/17 17:54:36 | 000,335,976 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/17 10:36:53 | 000,060,928 | ---- | C] () -- C:\WINDOWS\unleap.exe
[2008/10/17 10:33:04 | 000,029,728 | ---- | C] () -- C:\WINDOWS\System32\raddrv.dll
[2008/10/17 10:29:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/17 10:25:30 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/10/17 10:22:46 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\cwbrw.dll
[2008/10/17 10:22:46 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\cwbsv.dll
[2008/10/17 10:22:46 | 000,020,533 | ---- | C] () -- C:\WINDOWS\System32\cwbunplp.exe
[2008/10/17 10:22:46 | 000,020,528 | ---- | C] () -- C:\WINDOWS\System32\cwbwiz.dll
[2008/10/17 10:22:46 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbsy.dll
[2008/10/17 10:22:46 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbnl.dll
[2008/10/17 10:22:46 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbnldlg.dll
[2008/10/17 10:22:46 | 000,000,251 | ---- | C] () -- C:\WINDOWS\System32\drivers\hlldrvr.sys
[2008/10/17 10:22:45 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbco.dll
[2008/10/17 10:22:45 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbad.dll
[2008/10/17 09:31:05 | 000,008,636 | ---- | C] () -- C:\WINDOWS\modifyPE.exe
[2008/10/17 09:31:04 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll
[2008/10/17 09:31:03 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\cabarc.exe
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/08/18 17:44:34 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 04:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/12/31 06:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/08/23 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 07:00:00 | 000,466,930 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 07:00:00 | 000,087,172 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 07:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll
[2001/08/23 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/10/13 15:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2009/12/31 16:03:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/12/10 16:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DS Development
[2011/04/10 22:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/05/17 16:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCB Artist
[2009/05/28 12:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Quest Software
[2011/07/15 17:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/07 02:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2009/10/23 15:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/09/21 12:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\.minecraft
[2009/12/07 23:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Amazon
[2008/10/17 10:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Canneverbe_Limited
[2011/04/10 20:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\DriverCure
[2011/07/27 15:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Dropbox
[2009/12/10 16:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\DS Development
[2011/07/21 15:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\emf
[2011/05/25 15:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Glory of the Roman Empire Demo
[2011/04/04 10:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Immunet
[2009/06/01 22:18:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\InterVideo
[2010/12/29 11:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Jeskola
[2009/12/10 15:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\MAPILab Ltd
[2010/12/02 20:33:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\OnLive App
[2011/04/10 20:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\ParetoLogic
[2011/01/21 23:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\PriceGong
[2009/05/18 14:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Software
[2010/03/29 09:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\springsettings
[2010/07/14 12:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\SSH
[2010/12/21 13:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\TeamViewer
[2010/12/14 11:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Ubisoft
[2011/01/26 14:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\uTorrent
[2011/04/24 14:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\wargaming.net
[2010/04/05 13:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\WarZone
[2011/07/14 11:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\webex
[2010/08/23 13:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Windows Desktop Search
[2010/08/23 14:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Windows Search
[2011/03/15 14:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Wizards of the Coast
[2011/03/25 11:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Xtranormal

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 238 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D282699C
@Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

#17
Essexboy

Posted 27 July 2011 - 03:24 PM

GeekU Moderator

Retired Staff
69,964 posts

Ooops missed a bit - what are your current problems ?

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2011/07/02 15:37:46 | 000,000,000 | ---D | M] (ShopAtHome.com Intelligent Shopping Toolbar) -- C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\slul1wop.default\extensions\[email protected]
[2011/01/21 23:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\PriceGong

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#18
Maxihup

Posted 28 July 2011 - 07:41 PM

Member

Topic Starter
Member
64 posts

Got this log from the fix last night

All processes killed
========== OTL ==========
Folder C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\slul1wop.default\extensions\[email protected]\ not found.
Folder C:\Documents and Settings\user1\Application Data\PriceGong\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\user1\Desktop\virus\cmd.bat deleted successfully.
C:\Documents and Settings\user1\Desktop\virus\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 299223 bytes
->Temporary Internet Files folder emptied: 48302421 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 405 bytes

User: All Users

User: user1
->Temp folder emptied: 68648888 bytes
->Temporary Internet Files folder emptied: 561091971 bytes
->Java cache emptied: 12265700 bytes
->FireFox cache emptied: 904122492 bytes
->Google Chrome cache emptied: 94020257 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 94992 bytes

User: Default User
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 405 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 1996869 bytes

User: NetworkService
->Temp folder emptied: 2688 bytes
->Temporary Internet Files folder emptied: 3273977 bytes

User: selfhelp
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 164323 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 82070143 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 398789123 bytes

Total Files Cleaned = 2,077.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: user1
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: selfhelp

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.26.0 log created on 07272011_210045

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#19
Maxihup

Posted 28 July 2011 - 08:01 PM

Member

Topic Starter
Member
64 posts

And fresh OTL log.

Still running slow and lots of java errors. Google maps freezes.

OTL logfile created on: 7/28/2011 8:41:40 PM - Run 5
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Documents and Settings\user1\Desktop\virus
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.28 Gb Available Physical Memory | 14.66% Memory free
3.78 Gb Paging File | 1.90 Gb Available in Paging File | 50.38% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 72.88 Gb Free Space | 48.90% Space Free | Partition Type: NTFS
Drive D: | 2.24 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: Computer1| User Name: user1 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/06 13:31:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user1\Desktop\virus\OTL.exe
PRC - [2011/05/25 15:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\user1\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/04/11 21:07:51 | 002,615,624 | ---- | M] (Immunet) -- C:\Program Files\Immunet Protect\2.0.17\iptray.exe
PRC - [2011/04/11 21:07:50 | 000,756,680 | ---- | M] (Immunet Corporation) -- C:\Program Files\Immunet Protect\2.0.17\agent.exe
PRC - [2010/12/30 05:23:20 | 000,874,832 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
PRC - [2010/12/21 13:05:52 | 000,548,864 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PrismXL.sys
PRC - [2010/12/16 20:14:52 | 001,597,120 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
PRC - [2010/12/16 20:09:54 | 001,509,312 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
PRC - [2010/12/15 02:54:24 | 000,445,048 | ---- | M] () -- C:\WINDOWS\Downloaded Program Files\TunnelServer.exe
PRC - [2010/10/06 06:56:16 | 002,002,728 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\Teamviewer\Version5\TeamViewer_Service.exe
PRC - [2010/10/06 06:56:12 | 006,265,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\Teamviewer\Version5\TeamViewer.exe
PRC - [2010/06/29 12:20:40 | 000,497,080 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
PRC - [2010/06/15 12:34:30 | 000,345,424 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2010/04/25 01:36:36 | 000,689,416 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
PRC - [2010/04/01 10:57:52 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2009/10/21 11:10:58 | 000,370,952 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe
PRC - [2009/03/19 03:53:02 | 000,098,304 | ---- | M] () -- C:\WINDOWS\system32\DTS.exe
PRC - [2009/03/19 03:48:34 | 001,680,632 | ---- | M] (AuthenTec, Inc.) -- C:\WINDOWS\system32\AtService.exe
PRC - [2008/10/17 09:32:35 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/08/28 12:36:22 | 000,081,920 | ---- | M] (PatchLink Corporation) -- C:\Program Files\PatchLink\Update Agent\GravitixService.exe
PRC - [2008/08/28 12:35:54 | 000,847,872 | ---- | M] (PatchLink Corporation) -- C:\Program Files\PatchLink\Update Agent\pddm.exe
PRC - [2008/08/18 17:45:42 | 000,346,720 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2008/07/03 22:17:00 | 000,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2008/06/15 14:34:20 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/01/07 15:35:08 | 000,049,152 | ---- | M] () -- C:\Program Files\gAlwaysIdle\gidle.exe
PRC - [2007/09/13 20:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2007/01/01 16:22:02 | 003,776,512 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006/11/06 19:33:56 | 000,035,880 | ---- | M] (International Business Machines Corporation) -- C:\Program Files\Quest Software\Toad for Data Analysis Trial 1.0\DB2 Client\BIN\db2mgmtsvc.exe
PRC - [2006/05/23 20:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/05/18 15:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2004/07/20 11:34:28 | 000,851,968 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter2\brctrcen.exe
PRC - [2003/12/12 19:50:34 | 000,033,792 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2003/05/05 21:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe

========== Modules (SafeList) ==========

MOD - [2011/07/06 13:31:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user1\Desktop\virus\OTL.exe
MOD - [2008/04/14 04:42:52 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/01/09 05:40:18 | 000,065,536 | ---- | M] () -- C:\Program Files\gAlwaysIdle\gidle.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SessionLauncher)
SRV - File not found [Auto | Stopped] -- -- (r_server)
SRV - [2011/04/11 21:07:50 | 000,756,680 | ---- | M] (Immunet Corporation) [Auto | Running] -- C:\Program Files\Immunet Protect\2.0.17\agent.exe -- (ImmunetProtect)
SRV - [2011/04/04 10:04:39 | 000,326,224 | ---- | M] (Immunet) [On_Demand | Stopped] -- C:\Program Files\Immunet Protect\tetra\scan.dll -- (scan)
SRV - [2010/12/21 13:05:52 | 000,548,864 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PrismXL.sys -- (PrismXL)
SRV - [2010/12/16 20:14:52 | 001,597,120 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe -- (tmlisten)
SRV - [2010/12/16 20:09:54 | 001,509,312 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe -- (ntrtscan)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/10/06 06:56:16 | 002,002,728 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\Teamviewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/06/29 12:20:40 | 000,497,080 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe -- (TmPfw)
SRV - [2010/06/15 12:34:30 | 000,345,424 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\..\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2010/04/25 01:36:36 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/05/07 13:52:30 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/19 03:55:36 | 000,118,784 | ---- | M] (AuthenTec,Inc) [On_Demand | Stopped] -- C:\WINDOWS\system32\FpLogonServ.exe -- (FingerprintServer)
SRV - [2009/03/19 03:53:02 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\DTS.exe -- (dtsvc)
SRV - [2009/03/19 03:52:56 | 000,106,496 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\ADMonitor.exe -- (ADMonitor)
SRV - [2009/03/19 03:48:34 | 001,680,632 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\WINDOWS\system32\AtService.exe -- (ATService)
SRV - [2008/08/28 12:36:22 | 000,081,920 | ---- | M] (PatchLink Corporation) [Auto | Running] -- C:\Program Files\PatchLink\Update Agent\GravitixService.exe -- (PatchLink Update)
SRV - [2008/08/18 17:45:42 | 000,346,720 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2008/06/15 14:34:20 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/04/25 07:15:24 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/06 19:35:10 | 000,014,376 | ---- | M] (International Business Machines Corporation) [On_Demand | Stopped] -- C:\Program Files\Quest Software\Toad for Data Analysis Trial 1.0\DB2 Client\BIN\db2sec.exe -- (DB2NTSECSERVER_TAEVAL10) DB2 Security Server (TAEVAL10)
SRV - [2006/11/06 19:33:56 | 000,035,880 | ---- | M] (International Business Machines Corporation) [Auto | Running] -- C:\Program Files\Quest Software\Toad for Data Analysis Trial 1.0\DB2 Client\BIN\db2mgmtsvc.exe -- (DB2MGMTSVC_TAEVAL10) DB2 Management Service (TAEVAL10)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/05/23 20:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/03/03 19:11:32 | 000,466,944 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbtcoms.exe -- (dlbt_device)
SRV - [2003/05/05 21:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)

========== Driver Services (SafeList) ==========

DRV - [2011/04/11 21:07:56 | 000,041,424 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ImmunetProtect.sys -- (ImmunetProtectDriver)
DRV - [2011/04/11 21:07:56 | 000,031,184 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ImmunetSelfProtect.sys -- (ImmunetSelfProtectDriver)
DRV - [2010/12/14 11:34:14 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/12/14 11:34:14 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/12/07 15:54:52 | 000,177,232 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/12/07 15:54:52 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/12/07 15:54:52 | 000,057,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/11/25 10:43:00 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/11/08 21:05:38 | 000,090,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010/10/20 19:45:16 | 000,249,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter)
DRV - [2010/10/20 19:45:06 | 000,036,432 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2010/10/20 19:30:02 | 001,331,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\VsapiNT.sys -- (VSApiNt)
DRV - [2010/07/21 16:47:00 | 000,341,584 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2009/08/20 11:19:18 | 000,033,920 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\covpndrv.sys -- (urvpndrv)
DRV - [2009/08/20 11:19:15 | 000,010,752 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\urfltw2k.sys -- (f5ipfw)
DRV - [2009/07/07 19:53:02 | 000,028,160 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2009/03/19 20:09:40 | 000,482,176 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/09/25 06:22:02 | 003,634,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/09/24 23:49:52 | 000,031,680 | R--- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2008/09/19 22:29:54 | 000,243,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2008/08/19 20:15:06 | 000,991,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/08/19 20:15:04 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/06/12 16:38:52 | 000,764,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2008/04/09 18:16:48 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/04/09 18:16:48 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/04/09 18:16:48 | 000,210,560 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/03/26 13:21:06 | 000,013,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (tpm)
DRV - [2008/03/26 13:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2008/02/15 17:01:00 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/01/03 13:32:52 | 002,782,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/07/30 10:54:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 09:42:00 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@onlive.com/OlGameDetect,version=1.1.0.69034: C:\Program Files\OnLive\FirefoxPlugin\npolgdet.dll (OnLive)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2166.3772\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\user1\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\user1\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\user1\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/22 20:35:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/16 11:08:07 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/22 20:35:25 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/16 11:08:07 | 000,000,000 | ---D | M]

[2009/06/01 17:23:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user1\Application Data\Mozilla\Extensions
[2011/07/02 15:37:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\slul1wop.default\extensions
[2011/07/02 15:37:46 | 000,000,000 | ---D | M] (ShopAtHome.com Intelligent Shopping Toolbar) -- C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\slul1wop.default\extensions\[email protected]
[2011/03/29 09:37:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/06/22 20:35:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/07/28 11:02:11 | 000,000,167 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: റഊഊ㘊⸹㈳ㄮ㠲㈮〰愉捣獥⹳散杮条⹥潣⁭䄣䑄䑅䈠⁙㕆丠呅佗䭒⁓卓⁌啔乎䱅ⴠ传䥒䥇䅎⁌䕒佃䑒ണ㘊⸹㈳ㄮ㠲㈮〰愉捣獥⁳䄣䑄䑅䈠⁙㕆丠呅佗䭒⁓卓⁌啔乎䱅ⴠ传䥒䥇䅎⁌䕒佃䑒#ox\searchplugins\yahoo.xml
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DLBTCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.DLL ()
O4 - HKLM..\Run: [gidle] C:\Program Files\gAlwaysIdle\gidle.exe ()
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [Immunet Protect] C:\Program Files\Immunet Protect\2.0.17\iptray.exe (Immunet)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PDDM] C:\Program Files\PatchLink\Update Agent\pddm.exe (PatchLink Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [sealmon.exe] C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe (Oracle Corporation)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK = C:\Program Files\New Boundary\Client\LocalClient.EXE (New Boundary Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\user1\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\user1\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanne...yerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O18 - Protocol\Handler\qrev {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - C:\Program Files\Quest Software\Toad for Oracle\RNetPin.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ATFUS: DllName - C:\WINDOWS\system32\FpWinLogonNp.dll - C:\WINDOWS\system32\FpWinlogonNp.dll (AuthenTec,Inc)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/17 22:01:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2c52f558-81e7-11de-9e82-0022fa93e9b0}\Shell\AutoRun\command - "" = E:\DRIVE\file.exe
O33 - MountPoints2\{2c52f558-81e7-11de-9e82-0022fa93e9b0}\Shell\open\command - "" = E:\DRIVE\file.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/27 15:19:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/15 19:45:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/15 17:08:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/15 17:08:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/15 17:08:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/15 17:07:29 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/07/15 17:03:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/15 17:03:41 | 000,012,568 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2011/07/15 17:03:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/15 17:01:35 | 004,153,571 | R--- | C] (Swearware) -- C:\Documents and Settings\user1\Desktop\ComboFix.exe
[2011/07/06 13:28:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Desktop\virus
[2011/06/29 11:19:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\PINCodes

========== Files - Modified Within 30 Days ==========

[2011/07/28 20:24:00 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4027829005-1107895287-290554039-19765UA.job
[2011/07/28 20:18:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/28 16:24:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4027829005-1107895287-290554039-19765Core.job
[2011/07/28 16:12:56 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Excel 2007.lnk
[2011/07/28 14:35:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/07/28 13:23:36 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Word 2007.lnk
[2011/07/28 11:04:37 | 000,009,446 | ---- | M] () -- C:\WINDOWS\cfgall.ini
[2011/07/28 11:02:11 | 000,000,167 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/28 09:44:34 | 000,466,930 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/28 09:44:34 | 000,087,172 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/27 21:32:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/27 21:31:57 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/27 21:30:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/26 18:31:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/25 12:07:35 | 000,000,155 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2011/07/22 13:22:38 | 012,764,473 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\voodoo child (2).mp3
[2011/07/22 11:30:12 | 000,026,104 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\Farmrs marketbookmarks.html
[2011/07/15 17:03:41 | 000,012,568 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2011/07/15 17:01:37 | 004,153,571 | R--- | M] (Swearware) -- C:\Documents and Settings\user1\Desktop\ComboFix.exe
[2011/07/14 13:42:44 | 000,672,654 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\Flyer Single.bmp

========== Files Created - No Company Name ==========

[2011/07/22 13:22:20 | 012,764,473 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\voodoo child (2).mp3
[2011/07/22 11:30:12 | 000,026,104 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\Farmrs marketbookmarks.html
[2011/07/16 15:08:29 | 000,672,654 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\Flyer Single.bmp
[2011/07/15 17:08:06 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/15 17:08:06 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/15 17:08:06 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/15 17:08:06 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/15 17:08:06 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/25 11:24:44 | 000,186,616 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/22 21:45:27 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\user1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/30 14:55:52 | 000,314,070 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/12/14 11:34:14 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010/12/14 11:34:14 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010/12/01 14:21:43 | 000,010,579 | ---- | C] () -- C:\WINDOWS\cfgwtp.ini
[2010/07/16 15:30:12 | 000,000,205 | ---- | C] () -- C:\WINDOWS\Hop.ini
[2010/07/14 12:49:55 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\user1\Application Data\winscp.rnd
[2010/07/09 14:55:03 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2010/06/15 14:52:41 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/05/18 13:44:31 | 000,000,067 | ---- | C] () -- C:\WINDOWS\ERK.INI
[2010/04/05 13:57:37 | 000,499,200 | ---- | C] () -- C:\WINDOWS\System32\WZDPlay.dll
[2010/03/29 09:12:32 | 000,003,530 | ---- | C] () -- C:\Documents and Settings\user1\Local Settings\Application Data\springsettings.cfg
[2010/01/22 15:19:21 | 000,000,571 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2010/01/22 15:15:32 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsb.dll
[2010/01/22 15:15:32 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dlbtcub.dll
[2010/01/22 15:15:31 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlbtins.dll
[2010/01/22 15:15:31 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsr.dll
[2010/01/22 15:15:31 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
[2010/01/22 15:15:29 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2010/01/22 15:15:29 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2010/01/22 15:15:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll
[2010/01/22 15:15:28 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll
[2010/01/22 15:15:27 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2010/01/22 15:15:22 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2009/12/31 16:07:02 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/12/31 16:07:02 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2009/12/10 19:47:59 | 000,065,612 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/06/27 14:50:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2009/06/27 14:47:28 | 000,000,236 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/06/27 14:47:28 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/06/27 14:47:28 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2009/06/27 14:47:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2009/06/27 01:06:22 | 000,000,463 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/06/27 01:06:22 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/06/27 01:06:22 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2009/06/24 11:03:55 | 000,000,073 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2009/06/01 17:23:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/05/28 12:21:58 | 000,378,880 | ---- | C] () -- C:\WINDOWS\System32\KXauth.dll
[2009/05/15 18:17:40 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2009/05/15 18:17:19 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2009/05/07 14:16:20 | 000,009,446 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2009/05/07 02:46:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/05/07 02:46:42 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/05/07 02:46:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/05/07 02:46:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/05/07 02:46:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/05/07 02:46:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/04/23 07:56:40 | 002,026,604 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/04/23 07:56:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4990.dll
[2009/04/23 07:56:38 | 000,442,964 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/03/19 03:53:02 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\DTS.exe
[2009/03/19 03:52:56 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\ADMonitor.exe
[2009/01/05 08:27:08 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009/01/05 08:27:08 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/01/05 08:27:08 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/01/05 08:27:07 | 000,158,080 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/01/05 08:25:24 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/12/30 07:45:13 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/12/30 07:45:12 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/12/30 07:45:12 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/30 07:45:12 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/12/30 07:45:10 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/10/20 08:27:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/10/17 22:03:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/10/17 21:59:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/10/17 17:55:48 | 000,004,392 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/17 17:54:36 | 000,335,976 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/17 10:36:53 | 000,060,928 | ---- | C] () -- C:\WINDOWS\unleap.exe
[2008/10/17 10:33:04 | 000,029,728 | ---- | C] () -- C:\WINDOWS\System32\raddrv.dll
[2008/10/17 10:29:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/17 10:25:30 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/10/17 10:22:46 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\cwbrw.dll
[2008/10/17 10:22:46 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\cwbsv.dll
[2008/10/17 10:22:46 | 000,020,533 | ---- | C] () -- C:\WINDOWS\System32\cwbunplp.exe
[2008/10/17 10:22:46 | 000,020,528 | ---- | C] () -- C:\WINDOWS\System32\cwbwiz.dll
[2008/10/17 10:22:46 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbsy.dll
[2008/10/17 10:22:46 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbnl.dll
[2008/10/17 10:22:46 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbnldlg.dll
[2008/10/17 10:22:46 | 000,000,251 | ---- | C] () -- C:\WINDOWS\System32\drivers\hlldrvr.sys
[2008/10/17 10:22:45 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbco.dll
[2008/10/17 10:22:45 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbad.dll
[2008/10/17 09:31:05 | 000,008,636 | ---- | C] () -- C:\WINDOWS\modifyPE.exe
[2008/10/17 09:31:04 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll
[2008/10/17 09:31:03 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\cabarc.exe
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/08/18 17:44:34 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 04:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/12/31 06:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/08/23 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 07:00:00 | 000,466,930 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 07:00:00 | 000,087,172 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 07:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll
[2001/08/23 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/10/13 15:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2009/12/31 16:03:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/12/10 16:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DS Development
[2011/04/10 22:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/05/17 16:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCB Artist
[2009/05/28 12:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Quest Software
[2011/07/15 17:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/07 02:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2009/10/23 15:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/09/21 12:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\.minecraft
[2009/12/07 23:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Amazon
[2008/10/17 10:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Canneverbe_Limited
[2011/04/10 20:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\DriverCure
[2011/07/28 20:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Dropbox
[2009/12/10 16:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\DS Development
[2011/07/21 15:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\emf
[2011/05/25 15:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Glory of the Roman Empire Demo
[2011/04/04 10:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Immunet
[2009/06/01 22:18:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\InterVideo
[2010/12/29 11:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Jeskola
[2009/12/10 15:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\MAPILab Ltd
[2010/12/02 20:33:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\OnLive App
[2011/04/10 20:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\ParetoLogic
[2011/01/21 23:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\PriceGong
[2009/05/18 14:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Software
[2010/03/29 09:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\springsettings
[2010/07/14 12:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\SSH
[2010/12/21 13:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\TeamViewer
[2010/12/14 11:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Ubisoft
[2011/01/26 14:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\uTorrent
[2011/04/24 14:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\wargaming.net
[2010/04/05 13:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\WarZone
[2011/07/14 11:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\webex
[2010/08/23 13:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Windows Desktop Search
[2010/08/23 14:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Windows Search
[2011/03/15 14:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Wizards of the Coast
[2011/03/25 11:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Xtranormal

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 238 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D282699C
@Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

#20
Essexboy

Posted 29 July 2011 - 09:52 AM

GeekU Moderator

Retired Staff
69,964 posts

I see you have run combofix, could you post that log please.. As for the Java could you uninstall your current version and downlad the latest version from here Java SE 6 Update 26

THEN

Posted Image

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

#21
Maxihup

Posted 01 August 2011 - 09:21 AM

Member

Topic Starter
Member
64 posts

Have not run combofix recently. Is that something OTL would run? Any idea where that oog would be?

Here is the mabm log

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7345

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

8/1/2011 10:19:34 AM
mbam-log-2011-08-01 (10-19-33).txt

Scan type: Quick scan
Objects scanned: 197856
Time elapsed: 13 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#22
Essexboy

Posted 01 August 2011 - 10:52 AM

GeekU Moderator

Retired Staff
69,964 posts

OK no problem if it is old - what are your current problems ?

#23
Maxihup

Posted 03 August 2011 - 06:15 PM

Member

Topic Starter
Member
64 posts

Computer is still super slow and IE freezes quite a bit.

#24
Essexboy

Posted 04 August 2011 - 11:32 AM

GeekU Moderator

Retired Staff
69,964 posts

OK lets do a little TLC before I remove my tools to see if that helps. But first let update IE to version 8

Download and Install IE8 from here

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

THEN

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check
Posted Image

#25
Essexboy

Posted 08 August 2011 - 02:50 PM

GeekU Moderator

Retired Staff
69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.