Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PUM.Bad.Proxy - found in Malwarebytes - can't get rid of it


  • This topic is locked This topic is locked

#1
danimal2011

danimal2011

    Member

  • Member
  • PipPip
  • 10 posts
Hello,
I'm new to this forum. Looked at other places for help but this forum seemed to be very friendly and knowledgeable. Thank you in advance for any help I can obtain!

I recently discovered "PUM.Bad.Proxy" in Malwarebytes but there seems to be very limited information on how to remove this malware on the web.

Steps I have taken already:
1. IE8 proxy removal of numbers/ports/unchecked all boxes....didn't work (I use Mozilla Firefox 5.0 regularly)
2. Tried other Kaspersky removal tools (ie. TDSKiller, etc)...didn't yield any results
3. Avast antivirus is clean
4. Super AntiSpyware is clean (except for an adware cookie here and there..)
5. gpedit.msc - didn't work
6. Updated to Java 6 - #26 (uninstalled all previous older versions)

Things I've noticed:
1. My WiFi intermittently cuts out and I have to reboot to reconnect
2. Windows Updates seem to have stopped (don't know if that's because I use PeerBlock)?

I have attached the OTL.txt file, as requested.

Any steps, suggestions, or help removing this malware would be greatly appreciated!

Thanks,
Danimal

OTL logfile created on: 7/6/2011 3:16:43 PM - Run 1
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Documents and Settings\DRUMZ\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.76 Gb Available Physical Memory | 38.35% Memory free
3.84 Gb Paging File | 2.44 Gb Available in Paging File | 63.63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 3.44 Gb Free Space | 3.69% Space Free | Partition Type: NTFS

Computer Name: DANIMAL | User Name: DRUMZ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/05 15:46:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DRUMZ\Desktop\OTL.exe
PRC - [2011/07/04 04:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/07/04 04:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/06/30 20:21:49 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/06/23 20:09:59 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/11/06 22:24:30 | 001,867,888 | ---- | M] (PeerBlock, LLC) -- C:\Program Files\PeerBlock\peerblock.exe
PRC - [2010/01/21 16:24:08 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/10/13 21:39:42 | 000,024,576 | ---- | M] (Intuit) -- c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/08/18 02:25:12 | 000,678,912 | ---- | M] (Intuit, Inc.) -- c:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe
PRC - [2009/06/23 17:40:12 | 000,127,352 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009/06/02 19:05:58 | 000,457,200 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
PRC - [2008/08/20 16:38:30 | 000,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/08/20 16:28:34 | 000,348,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
PRC - [2008/08/20 16:27:36 | 001,368,064 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2008/08/20 16:18:34 | 000,905,216 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2008/08/20 16:09:12 | 001,191,936 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2008/08/20 16:08:02 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/05 21:24:20 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\sttray.exe
PRC - [2006/12/01 15:59:08 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/07/27 14:19:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (SafeList) ==========

MOD - [2011/07/05 15:46:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DRUMZ\Desktop\OTL.exe
MOD - [2011/07/04 04:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (DataSvr2)
SRV - [2011/07/04 04:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/07/23 01:18:02 | 000,016,936 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe -- (GoToAssist)
SRV - [2010/07/14 04:22:48 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/21 16:24:08 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/10/13 21:39:42 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/08/18 02:25:12 | 000,678,912 | ---- | M] (Intuit, Inc.) [On_Demand | Running] -- c:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe -- (QuickBooksDB20)
SRV - [2009/07/24 08:33:34 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe -- (RoxWatch12)
SRV - [2009/07/24 08:33:10 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe -- (RoxMediaDB12)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- c:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/06/23 17:40:12 | 000,127,352 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/06/02 19:05:58 | 000,457,200 | ---- | M] () [Auto | Running] -- C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
SRV - [2008/08/20 16:38:30 | 000,860,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/08/20 16:28:34 | 000,348,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2008/08/20 16:18:34 | 000,905,216 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2008/08/20 16:08:02 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2006/12/01 15:59:08 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)


========== Driver Services (SafeList) ==========

DRV - [2011/07/04 04:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 04:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 04:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 04:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 04:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 04:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 04:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/11/06 22:24:30 | 000,019,056 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/30 12:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/10/22 12:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\89215402.sys -- (89215402)
DRV - [2009/10/09 22:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\8921540.sys -- (setup_9.0.0.722_27.01.2011_10-48drv)
DRV - [2009/09/25 16:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\89215401.sys -- (89215401)
DRV - [2009/06/02 01:00:00 | 000,025,584 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SaibVd32.sys -- (SaibVd32)
DRV - [2009/06/02 01:00:00 | 000,021,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SahdIa32.sys -- (SahdIa32)
DRV - [2009/06/02 01:00:00 | 000,015,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SaibIa32.sys -- (SaibIa32)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/10/20 18:23:22 | 000,154,368 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\CLBUDFR.sys -- (CLBUDFR)
DRV - [2008/10/20 18:23:22 | 000,010,368 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\CLBStor.sys -- (CLBStor)
DRV - [2008/08/28 23:34:30 | 003,632,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/08/04 11:32:26 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/04/13 11:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/08/30 05:00:00 | 000,244,608 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\c2scsi.sys -- (c2scsi)
DRV - [2006/11/21 23:05:48 | 000,061,312 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2006/07/27 14:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/06/13 12:29:28 | 000,047,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/06/13 11:22:58 | 000,111,232 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfbd.sys -- (Tosrfbd)
DRV - [2006/06/09 21:40:00 | 000,040,192 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006/05/29 13:11:20 | 000,060,672 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfhid.sys -- (Tosrfhid)
DRV - [2006/03/16 10:45:12 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2006/03/15 10:52:40 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2005/10/26 10:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/10/03 12:57:00 | 000,086,867 | ---- | M] (CSR) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCOREUSB.sys -- (BCOREUSB)
DRV - [2005/09/28 20:57:18 | 000,113,847 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/11 18:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/05/13 17:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2005/01/06 13:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/10/07 18:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C 3C 73 33 3F 2A CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..keyword.URL: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\DRUMZ\Application Data\Facebook\npfbplugin_1_0_3.dll File not found

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/06/25 12:58:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/07/05 14:31:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/23 20:10:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/05 17:19:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.5\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2011/04/19 07:02:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.5\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins
FF - HKCU\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/06/25 12:58:10 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/07/05 14:31:31 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/23 20:10:02 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/05 17:19:46 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Sunbird 0.5\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2011/04/19 07:02:01 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Sunbird 0.5\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins

[2010/02/08 00:31:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DRUMZ\Application Data\Mozilla\Extensions
[2011/06/28 19:49:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DRUMZ\Application Data\Mozilla\Firefox\Profiles\6kl4ylu1.default\extensions
[2010/05/03 13:11:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\DRUMZ\Application Data\Mozilla\Firefox\Profiles\6kl4ylu1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/05 17:19:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/05 17:19:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/07/05 14:31:31 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2010/02/14 12:31:14 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/23 20:09:59 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/13 15:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/05/05 14:24:51 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2004/08/04 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IDTSysTrayApp] C:\WINDOWS\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\DRUMZ\Start Menu\Programs\Startup\_uninstall_setup_9.0.0.722_27.01.2011_10-48.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_26.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: qflix.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: roxio.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: sonic.com ([redirect] http in Trusted sites)
O15 - HKCU\..Trusted Domains: sonic.com ([redirect2] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\DRUMZ\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\DRUMZ\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/02 23:23:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{ae429139-9180-11df-804a-0016419d7bc5}\Shell - "" = AutoRun
O33 - MountPoints2\{ae429139-9180-11df-804a-0016419d7bc5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ae429139-9180-11df-804a-0016419d7bc5}\Shell\AutoRun\command - "" = "M:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{f65af5c2-1221-11df-bfb7-0016419d7bc5}\Shell\AutoRun\command - "" = G:\Autorun.exe /run
O33 - MountPoints2\{f65af5c2-1221-11df-bfb7-0016419d7bc5}\Shell\Shell00\Command - "" = G:\Autorun.exe /run
O33 - MountPoints2\{f65af5c2-1221-11df-bfb7-0016419d7bc5}\Shell\Shell01\Command - "" = G:\Autorun.exe /action
O33 - MountPoints2\{f65af5c2-1221-11df-bfb7-0016419d7bc5}\Shell\Shell02\Command - "" = G:\Autorun.exe /uninstall
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/06 15:14:44 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DRUMZ\Desktop\OTL.exe
[2011/07/05 15:39:14 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/07/05 14:20:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\DRUMZ\Recent
[2011/07/04 06:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Malwarebytes
[2011/07/03 19:54:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DRUMZ\Application Data\MixMeister Technology
[2011/07/03 19:53:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MixMeister Studio 7.2.2
[2011/07/03 19:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\MixMeister Studio 7.2.2
[2011/07/01 12:51:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DRUMZ\Start Menu\Programs\AVS4YOU
[2011/06/26 16:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DRUMZ\My Documents\Roxio
[2011/06/24 17:17:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DRUMZ\My Documents\FrostWire
[2011/06/24 17:16:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DRUMZ\Application Data\FrostWire
[2011/06/24 17:16:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DRUMZ\Start Menu\Programs\FrostWire
[2011/06/24 17:14:58 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/06 15:21:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/06 09:21:02 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/05 21:34:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/05 21:30:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/05 21:30:17 | 2137,120,768 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/05 21:26:12 | 000,000,548 | ---- | M] () -- C:\Documents and Settings\DRUMZ\Start Menu\Programs\Startup\_uninstall_setup_9.0.0.722_27.01.2011_10-48.bat
[2011/07/05 20:57:49 | 000,120,832 | ---- | M] () -- C:\Documents and Settings\DRUMZ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/05 15:46:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DRUMZ\Desktop\OTL.exe
[2011/07/05 14:31:37 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/04 04:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/04 04:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 04:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/04 04:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/04 04:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/04 04:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/04 04:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/04 04:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/04 04:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/04 04:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/07/03 19:53:15 | 000,000,695 | ---- | M] () -- C:\Documents and Settings\DRUMZ\Desktop\MixMeister Studio.lnk
[2011/07/02 19:22:43 | 000,340,268 | ---- | M] () -- C:\Documents and Settings\DRUMZ\Local Settings\Application Data\rx_image32.Cache
[2011/07/02 19:22:42 | 000,415,276 | ---- | M] () -- C:\Documents and Settings\DRUMZ\Local Settings\Application Data\rx_audio.Cache
[2011/07/01 12:51:25 | 000,000,946 | ---- | M] () -- C:\Documents and Settings\DRUMZ\Desktop\AVS4YOU Software Navigator.lnk
[2011/07/01 12:48:52 | 000,000,890 | ---- | M] () -- C:\Documents and Settings\DRUMZ\Desktop\AVS Video Converter.lnk
[2011/06/27 21:56:46 | 000,468,904 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/27 21:56:46 | 000,079,288 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/24 17:16:29 | 000,000,856 | ---- | M] () -- C:\Documents and Settings\DRUMZ\Desktop\FrostWire 4.21.8.lnk
[2011/06/09 20:41:29 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware V 1.51.0.1200.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/05 21:26:12 | 000,000,548 | ---- | C] () -- C:\Documents and Settings\DRUMZ\Start Menu\Programs\Startup\_uninstall_setup_9.0.0.722_27.01.2011_10-48.bat
[2011/07/03 19:53:15 | 000,000,695 | ---- | C] () -- C:\Documents and Settings\DRUMZ\Desktop\MixMeister Studio.lnk
[2011/07/01 12:51:25 | 000,000,946 | ---- | C] () -- C:\Documents and Settings\DRUMZ\Desktop\AVS4YOU Software Navigator.lnk
[2011/07/01 12:48:52 | 000,000,890 | ---- | C] () -- C:\Documents and Settings\DRUMZ\Desktop\AVS Video Converter.lnk
[2011/06/24 17:16:29 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\DRUMZ\Desktop\FrostWire 4.21.8.lnk
[2011/06/09 20:41:29 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware V 1.51.0.1200.lnk
[2011/01/21 16:23:30 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\DRUMZ\Local Settings\Application Data\housecall.guid.cache
[2010/12/09 04:58:03 | 000,000,095 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/12/07 17:41:02 | 000,139,801 | ---- | C] () -- C:\WINDOWS\hpoins15.dat
[2010/12/07 17:41:01 | 000,001,039 | ---- | C] () -- C:\WINDOWS\hpomdl15.dat
[2010/10/04 12:57:57 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2010/10/04 12:57:57 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2010/09/14 13:59:30 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/14 10:49:15 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/07/11 00:49:22 | 012,063,840 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/06 04:14:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\syscheck.INI
[2010/03/06 04:07:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2010/02/24 01:41:46 | 000,340,268 | ---- | C] () -- C:\Documents and Settings\DRUMZ\Local Settings\Application Data\rx_image32.Cache
[2010/02/24 01:41:39 | 000,415,276 | ---- | C] () -- C:\Documents and Settings\DRUMZ\Local Settings\Application Data\rx_audio.Cache
[2010/02/19 14:39:00 | 000,078,998 | ---- | C] () -- C:\WINDOWS\hpfins05.dat
[2010/02/19 14:39:00 | 000,001,395 | ---- | C] () -- C:\WINDOWS\hpfmdl05.dat
[2010/02/11 10:45:36 | 000,120,832 | ---- | C] () -- C:\Documents and Settings\DRUMZ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/08 00:55:04 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/02/08 00:55:03 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/02/08 00:54:54 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/02/08 00:54:54 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/02/08 00:54:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/02/08 00:31:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/02/06 12:27:48 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2010/02/06 12:27:47 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2010/02/03 03:22:17 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll
[2010/02/03 01:14:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2010/02/03 01:09:02 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\DRUMZ\Local Settings\Application Data\fusioncache.dat
[2010/02/03 00:42:36 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2010/02/02 23:29:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/02/02 23:16:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/02/02 16:02:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/02/02 16:01:24 | 005,798,648 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/09/18 14:37:50 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2006/09/18 14:37:48 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2006/09/12 12:07:36 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2006/09/12 12:01:48 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2006/09/12 12:01:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2006/09/12 12:01:34 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2006/09/12 12:01:28 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2006/09/12 12:01:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2006/09/12 12:01:12 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2006/09/12 12:01:06 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2006/09/12 12:00:58 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2006/09/12 12:00:52 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2006/09/12 12:00:44 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2006/09/08 08:30:44 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\detoured.dll
[2006/09/05 10:05:32 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_en.dll
[2006/09/05 09:26:06 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2006/09/05 09:25:54 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2006/09/05 09:25:42 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2006/09/05 09:25:32 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2006/09/05 09:25:20 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2006/09/05 09:25:10 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2006/09/05 09:24:58 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2006/09/05 09:24:48 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2006/09/05 09:24:36 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2006/09/05 09:24:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2005/09/20 13:36:06 | 000,798,720 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2005/03/21 16:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 16:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/01/21 12:02:28 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[2004/08/04 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 03:00:00 | 000,468,904 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 03:00:00 | 000,079,288 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 03:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/21 15:03:14 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/07/20 14:27:52 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/01/30 15:07:46 | 000,245,408 | ---- | C] () -- C:\WINDOWS\System32\unicows.dll
[1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== LOP Check ==========

[2010/02/04 23:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/03/03 13:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2010/03/03 13:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2010/02/16 16:11:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CinemaNow
[2010/07/23 01:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/12/09 04:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/12/13 18:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/12/09 04:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/02/16 16:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoShow Shared Assets
[2010/09/14 11:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2011/04/04 00:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/02/03 03:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMSI
[2010/12/09 05:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2011/01/22 13:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SRI
[2010/12/13 18:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2010/02/12 03:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/12/07 02:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/02/16 16:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2010/02/03 01:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2010/07/19 02:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/08/02 08:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/09 11:21:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/12/18 20:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DRUMZ\Application Data\Avery
[2010/02/03 03:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DRUMZ\Application Data\BlazeVideo
[2011/06/24 17:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DRUMZ\Application Data\FrostWire
[2011/06/13 04:10:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DRUMZ\Application Data\LimeWire
[2010/08/24 21:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DRUMZ\Application Data\Opera
[2011/01/21 20:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DRUMZ\Application Data\QuickScan
[2010/07/14 01:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DRUMZ\Application Data\REAPER
[2010/09/14 10:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DRUMZ\Application Data\Research In Motion
[2010/02/16 16:09:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DRUMZ\Application Data\Simple Star
[2010/05/08 15:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DRUMZ\Application Data\Smith Micro
[2011/07/03 19:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DRUMZ\Application Data\uTorrent
[2010/07/19 02:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DRUMZ\Application Data\Western Digital
[2010/02/03 02:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DRUMZ\Application Data\Zoner

========== Purity Check ==========



< End of report >

Edited by danimal2011, 06 July 2011 - 05:55 PM.

  • 0

Advertisements


#2
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hello danimal2011 and welcome to G2G, sorry about the delay.

I need to see a fresh log, please run a scan with OTL again and post the new log for my review. Thanks.
  • 0

#3
danimal2011

danimal2011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thanks for the reply....Sempai. I have the virus quarantined in Malwarebytes and things are running ok for now, BUT everytime I delete it from quarantine, it reappears and causes internet problems (loss of wifi, etc.)

Here is my latest OTL scan:

OTL logfile created on: 7/11/2011 10:54:19 AM - Run 2
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Documents and Settings\DRUMZ\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.45 Gb Available Physical Memory | 22.67% Memory free
3.84 Gb Paging File | 1.86 Gb Available in Paging File | 48.50% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 2.80 Gb Free Space | 3.01% Space Free | Partition Type: NTFS

Computer Name: DANIMAL | User Name: DRUMZ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/05 15:46:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DRUMZ\Desktop\OTL.exe
PRC - [2011/07/04 04:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/07/04 04:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/06/30 20:21:49 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/06/23 20:09:59 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/11/06 22:24:30 | 001,867,888 | ---- | M] (PeerBlock, LLC) -- C:\Program Files\PeerBlock\peerblock.exe
PRC - [2010/01/21 16:24:08 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/10/13 21:39:42 | 000,024,576 | ---- | M] (Intuit) -- c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/08/18 02:25:12 | 000,678,912 | ---- | M] (Intuit, Inc.) -- c:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe
PRC - [2009/06/23 17:40:12 | 000,127,352 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009/06/02 19:05:58 | 000,457,200 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
PRC - [2008/08/20 16:38:30 | 000,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/08/20 16:28:34 | 000,348,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
PRC - [2008/08/20 16:27:36 | 001,368,064 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2008/08/20 16:18:34 | 000,905,216 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2008/08/20 16:09:12 | 001,191,936 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2008/08/20 16:08:02 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/05 21:24:20 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\sttray.exe
PRC - [2006/12/01 15:59:08 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/07/27 14:19:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (SafeList) ==========

MOD - [2011/07/05 15:46:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DRUMZ\Desktop\OTL.exe
MOD - [2011/07/04 04:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (DataSvr2)
SRV - [2011/07/04 04:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/07/23 01:18:02 | 000,016,936 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe -- (GoToAssist)
SRV - [2010/07/14 04:22:48 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/21 16:24:08 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/10/13 21:39:42 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/08/18 02:25:12 | 000,678,912 | ---- | M] (Intuit, Inc.) [On_Demand | Running] -- c:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe -- (QuickBooksDB20)
SRV - [2009/07/24 08:33:34 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe -- (RoxWatch12)
SRV - [2009/07/24 08:33:10 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe -- (RoxMediaDB12)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- c:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/06/23 17:40:12 | 000,127,352 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/06/02 19:05:58 | 000,457,200 | ---- | M] () [Auto | Running] -- C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
SRV - [2008/08/20 16:38:30 | 000,860,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/08/20 16:28:34 | 000,348,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2008/08/20 16:18:34 | 000,905,216 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2008/08/20 16:08:02 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2006/12/01 15:59:08 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)


========== Driver Services (SafeList) ==========

DRV - [2011/07/04 04:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 04:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 04:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 04:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 04:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 04:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 04:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/11/06 22:24:30 | 000,019,056 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/30 12:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/10/22 12:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\89215402.sys -- (89215402)
DRV - [2009/10/09 22:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\8921540.sys -- (setup_9.0.0.722_27.01.2011_10-48drv)
DRV - [2009/09/25 16:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\89215401.sys -- (89215401)
DRV - [2009/06/02 01:00:00 | 000,025,584 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SaibVd32.sys -- (SaibVd32)
DRV - [2009/06/02 01:00:00 | 000,021,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SahdIa32.sys -- (SahdIa32)
DRV - [2009/06/02 01:00:00 | 000,015,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SaibIa32.sys -- (SaibIa32)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/10/20 18:23:22 | 000,154,368 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\CLBUDFR.sys -- (CLBUDFR)
DRV - [2008/10/20 18:23:22 | 000,010,368 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\CLBStor.sys -- (CLBStor)
DRV - [2008/08/28 23:34:30 | 003,632,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/08/04 11:32:26 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/04/13 11:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/08/30 05:00:00 | 000,244,608 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\c2scsi.sys -- (c2scsi)
DRV - [2006/11/21 23:05:48 | 000,061,312 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2006/07/27 14:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/06/13 12:29:28 | 000,047,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/06/13 11:22:58 | 000,111,232 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfbd.sys -- (Tosrfbd)
DRV - [2006/06/09 21:40:00 | 000,040,192 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006/05/29 13:11:20 | 000,060,672 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfhid.sys -- (Tosrfhid)
DRV - [2006/03/16 10:45:12 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2006/03/15 10:52:40 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2005/10/26 10:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/10/03 12:57:00 | 000,086,867 | ---- | M] (CSR) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCOREUSB.sys -- (BCOREUSB)
DRV - [2005/09/28 20:57:18 | 000,113,847 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/11 18:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/05/13 17:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2005/01/06 13:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/10/07 18:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C 3C 73 33 3F 2A CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..keyword.URL: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\DRUMZ\Application Data\Facebook\npfbplugin_1_0_3.dll File not found

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/06/25 12:58:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/07/05 14:31:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/23 20:10:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/05 17:19:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.5\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2011/04/19 07:02:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.5\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins
FF - HKCU\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/06/25 12:58:10 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/07/05 14:31:31 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/23 20:10:02 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/05 17:19:46 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Sunbird 0.5\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2011/04/19 07:02:01 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Sunbird 0.5\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins

[2010/02/08 00:31:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DRUMZ\Application Data\Mozilla\Extensions
[2011/06/28 19:49:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DRUMZ\Application Data\Mozilla\Firefox\Profiles\6kl4ylu1.default\extensions
[2010/05/03 13:11:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\DRUMZ\Application Data\Mozilla\Firefox\Profiles\6kl4ylu1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/05 17:19:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/05 17:19:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/07/05 14:31:31 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2010/02/14 12:31:14 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/23 20:09:59 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/13 15:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/05/05 14:24:51 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2004/08/04 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IDTSysTrayApp] C:\WINDOWS\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\DRUMZ\Start Menu\Programs\Startup\_uninstall_setup_9.0.0.722_27.01.2011_10-48.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_26.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: qflix.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: roxio.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: sonic.com ([redirect] http in Trusted sites)
O15 - HKCU\..Trusted Domains: sonic.com ([redirect2] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\DRUMZ\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\DRUMZ\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/02 23:23:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{ae429139-9180-11df-804a-0016419d7bc5}\Shell - "" = AutoRun
O33 - MountPoints2\{ae429139-9180-11df-804a-0016419d7bc5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ae429139-9180-11df-804a-0016419d7bc5}\Shell\AutoRun\command - "" = "M:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{f65af5c2-1221-11df-bfb7-0016419d7bc5}\Shell\AutoRun\command - "" = G:\Autorun.exe /run
O33 - MountPoints2\{f65af5c2-1221-11df-bfb7-0016419d7bc5}\Shell\Shell00\Command - "" = G:\Autorun.exe /run
O33 - MountPoints2\{f65af5c2-1221-11df-bfb7-0016419d7bc5}\Shell\Shell01\Command - "" = G:\Autorun.exe /action
O33 - MountPoints2\{f65af5c2-1221-11df-bfb7-0016419d7bc5}\Shell\Shell02\Command - "" = G:\Autorun.exe /uninstall
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/05 15:46:07 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DRUMZ\Desktop\OTL.exe
[2011/07/05 15:39:14 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/07/05 14:20:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\DRUMZ\Recent
[2011/07/04 06:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Malwarebytes
[2011/07/03 19:54:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DRUMZ\Application Data\MixMeister Technology
[2011/07/03 19:53:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MixMeister Studio 7.2.2
[2011/07/03 19:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\MixMeister Studio 7.2.2
[2011/07/01 12:51:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DRUMZ\Start Menu\Programs\AVS4YOU
[2011/06/26 16:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DRUMZ\My Documents\Roxio
[2011/06/24 17:17:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DRUMZ\My Documents\FrostWire
[2011/06/24 17:16:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DRUMZ\Application Data\FrostWire
[2011/06/24 17:16:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DRUMZ\Start Menu\Programs\FrostWire
[2011/06/24 17:14:58 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/11 10:21:10 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/11 09:21:03 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/05 21:34:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/05 21:30:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/05 21:30:17 | 2137,120,768 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/05 21:26:12 | 000,000,548 | ---- | M] () -- C:\Documents and Settings\DRUMZ\Start Menu\Programs\Startup\_uninstall_setup_9.0.0.722_27.01.2011_10-48.bat
[2011/07/05 20:57:49 | 000,120,832 | ---- | M] () -- C:\Documents and Settings\DRUMZ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/05 15:46:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DRUMZ\Desktop\OTL.exe
[2011/07/05 14:31:37 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/04 04:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/04 04:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 04:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/04 04:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/04 04:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/04 04:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/04 04:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/04 04:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/04 04:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/04 04:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/07/03 19:53:15 | 000,000,695 | ---- | M] () -- C:\Documents and Settings\DRUMZ\Desktop\MixMeister Studio.lnk
[2011/07/02 19:22:43 | 000,340,268 | ---- | M] () -- C:\Documents and Settings\DRUMZ\Local Settings\Application Data\rx_image32.Cache
[2011/07/02 19:22:42 | 000,415,276 | ---- | M] () -- C:\Documents and Settings\DRUMZ\Local Settings\Application Data\rx_audio.Cache
[2011/07/01 12:51:25 | 000,000,946 | ---- | M] () -- C:\Documents and Settings\DRUMZ\Desktop\AVS4YOU Software Navigator.lnk
[2011/07/01 12:48:52 | 000,000,890 | ---- | M] () -- C:\Documents and Settings\DRUMZ\Desktop\AVS Video Converter.lnk
[2011/06/27 21:56:46 | 000,468,904 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/27 21:56:46 | 000,079,288 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/24 17:16:29 | 000,000,856 | ---- | M] () -- C:\Documents and Settings\DRUMZ\Desktop\FrostWire 4.21.8.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/05 21:26:12 | 000,000,548 | ---- | C] () -- C:\Documents and Settings\DRUMZ\Start Menu\Programs\Startup\_uninstall_setup_9.0.0.722_27.01.2011_10-48.bat
[2011/07/03 19:53:15 | 000,000,695 | ---- | C] () -- C:\Documents and Settings\DRUMZ\Desktop\MixMeister Studio.lnk
[2011/07/01 12:51:25 | 000,000,946 | ---- | C] () -- C:\Documents and Settings\DRUMZ\Desktop\AVS4YOU Software Navigator.lnk
[2011/07/01 12:48:52 | 000,000,890 | ---- | C] () -- C:\Documents and Settings\DRUMZ\Desktop\AVS Video Converter.lnk
[2011/06/24 17:16:29 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\DRUMZ\Desktop\FrostWire 4.21.8.lnk
[2011/01/21 16:23:30 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\DRUMZ\Local Settings\Application Data\housecall.guid.cache
[2010/12/09 04:58:03 | 000,000,095 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/12/07 17:41:02 | 000,139,801 | ---- | C] () -- C:\WINDOWS\hpoins15.dat
[2010/12/07 17:41:01 | 000,001,039 | ---- | C] () -- C:\WINDOWS\hpomdl15.dat
[2010/10/04 12:57:57 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2010/10/04 12:57:57 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2010/09/14 13:59:30 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/14 10:49:15 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/07/11 00:49:22 | 012,063,840 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/06 04:14:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\syscheck.INI
[2010/03/06 04:07:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2010/02/24 01:41:46 | 000,340,268 | ---- | C] () -- C:\Documents and Settings\DRUMZ\Local Settings\Application Data\rx_image32.Cache
[2010/02/24 01:41:39 | 000,415,276 | ---- | C] () -- C:\Documents and Settings\DRUMZ\Local Settings\Application Data\rx_audio.Cache
[2010/02/19 14:39:00 | 000,078,998 | ---- | C] () -- C:\WINDOWS\hpfins05.dat
[2010/02/19 14:39:00 | 000,001,395 | ---- | C] () -- C:\WINDOWS\hpfmdl05.dat
[2010/02/11 10:45:36 | 000,120,832 | ---- | C] () -- C:\Documents and Settings\DRUMZ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/08 00:55:04 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/02/08 00:55:03 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/02/08 00:54:54 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/02/08 00:54:54 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/02/08 00:54:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/02/08 00:31:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/02/06 12:27:48 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2010/02/06 12:27:47 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2010/02/03 03:22:17 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll
[2010/02/03 01:14:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2010/02/03 01:09:02 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\DRUMZ\Local Settings\Application Data\fusioncache.dat
[2010/02/03 00:42:36 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2010/02/02 23:29:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/02/02 23:16:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/02/02 16:02:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/02/02 16:01:24 | 005,798,648 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/09/18 14:37:50 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2006/09/18 14:37:48 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2006/09/12 12:07:36 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2006/09/12 12:01:48 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2006/09/12 12:01:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2006/09/12 12:01:34 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2006/09/12 12:01:28 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2006/09/12 12:01:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2006/09/12 12:01:12 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2006/09/12 12:01:06 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2006/09/12 12:00:58 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2006/09/12 12:00:52 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2006/09/12 12:00:44 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2006/09/08 08:30:44 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\detoured.dll
[2006/09/05 10:05:32 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_en.dll
[2006/09/05 09:26:06 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2006/09/05 09:25:54 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2006/09/05 09:25:42 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2006/09/05 09:25:32 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2006/09/05 09:25:20 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2006/09/05 09:25:10 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2006/09/05 09:24:58 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2006/09/05 09:24:48 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2006/09/05 09:24:36 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2006/09/05 09:24:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2005/09/20 13:36:06 | 000,798,720 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2005/03/21 16:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 16:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/01/21 12:02:28 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[2004/08/04 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 03:00:00 | 000,468,904 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 03:00:00 | 000,079,288 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 03:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/21 15:03:14 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/07/20 14:27:52 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/01/30 15:07:46 | 000,245,408 | ---- | C] () -- C:\WINDOWS\System32\unicows.dll
[1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== LOP Check ==========

[2010/02/04 23:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/03/03 13:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2010/03/03 13:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2010/02/16 16:11:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CinemaNow
[2010/07/23 01:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/12/09 04:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/12/13 18:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/12/09 04:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/02/16 16:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoShow Shared Assets
[2010/09/14 11:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2011/04/04 00:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/02/03 03:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMSI
[2010/12/09 05:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2011/01/22 13:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SRI
[2010/12/13 18:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2010/02/12 03:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/12/07 02:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/02/16 16:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2010/02/03 01:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2010/07/19 02:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/08/02 08:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/09 11:21:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/12/18 20:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DRUMZ\Application Data\Avery
[2010/02/03 03:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DRUMZ\Application Data\BlazeVideo
[2011/06/24 17:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DRUMZ\Application Data\FrostWire
[2011/06/13 04:10:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DRUMZ\Application Data\LimeWire
[2010/08/24 21:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DRUMZ\Application Data\Opera
[2011/01/21 20:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DRUMZ\Application Data\QuickScan
[2010/07/14 01:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DRUMZ\Application Data\REAPER
[2010/09/14 10:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DRUMZ\Application Data\Research In Motion
[2010/02/16 16:09:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DRUMZ\Application Data\Simple Star
[2010/05/08 15:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DRUMZ\Application Data\Smith Micro
[2011/07/03 19:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DRUMZ\Application Data\uTorrent
[2010/07/19 02:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DRUMZ\Application Data\Western Digital
[2010/02/03 02:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DRUMZ\Application Data\Zoner

========== Purity Check ==========



< End of report >
  • 0

#4
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hi,

Please do the following:


1. Please reopen OTL on your desktop.
  • Copy and Paste the following code into the Custom Scan/Fixes text box.

    :OTL
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
    
    :Commands
    [EMPTYTEMP] 
    
  • Push the Run Fix button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A massage box "Fix complete! Click OK to open the fix log." will pop-up.
  • Click the OK button and a report will open.
  • Copy and Paste that report in your next reply.



2. Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.

Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.

  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.

Posted Image


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:

  • Leave your computer alone while ComboFix is running.
  • ComboFix will restart your computer if malware is found; allow it to do so.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Please do not mouseclick combofix's window while its running because it may call it to stall.
  • ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.


  • 0

#5
danimal2011

danimal2011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Sempai,
I have completed your instructions. Below are 2 sections of log files (1=OTL / 2=ComboFix). Please advise on next steps...
Thanks


1.
HERE IS THE LOG FILE FROM "RUN-FIX" IN OTL:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 274832 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: DRUMZ
->Temp folder emptied: 11485053 bytes
->Temporary Internet Files folder emptied: 2041345 bytes
->Java cache emptied: 544868 bytes
->FireFox cache emptied: 209298509 bytes
->Flash cache emptied: 6450 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 293836 bytes
->Flash cache emptied: 1428 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 96732097 bytes
->Java cache emptied: 5518301 bytes
->Flash cache emptied: 72377 bytes

User: QBDataServiceUser20
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2195181 bytes
%systemroot%\System32 .tmp files removed: 2832913 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2311465 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 318.00 mb


OTL by OldTimer - Version 3.2.26.0 log created on 07122011_113419

Files\Folders moved on Reboot...
C:\Documents and Settings\DRUMZ\Local Settings\Temporary Internet Files\Content.IE5\WON6CAPW\background_button_green_full[2].png moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

_______________________________________________________________________________________________________________________________________________

2.

HERE IS THE COMBOFIX.TXT DATA:


ComboFix 11-07-12.07 - DRUMZ 07/12/2011 12:42:37.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1378 [GMT -7:00]
Running from: c:\documents and settings\DRUMZ\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\DRUMZ\GoToAssistDownloadHelper.exe
C:\Documents
c:\windows\system32\AutoRun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-06-12 to 2011-07-12 )))))))))))))))))))))))))))))))
.
.
2011-07-12 18:34 . 2011-07-12 18:34 -------- d-----w- C:\_OTL
2011-07-06 00:19 . 2011-05-04 11:52 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-07-06 00:19 . 2011-05-04 11:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-05 22:39 . 2011-07-05 22:39 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-07-04 13:00 . 2011-07-04 13:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\Malwarebytes
2011-07-04 02:54 . 2011-07-04 02:54 -------- d-----w- c:\documents and settings\DRUMZ\Application Data\MixMeister Technology
2011-07-04 02:52 . 2011-07-04 02:54 -------- d-----w- c:\program files\MixMeister Studio 7.2.2
2011-07-01 19:48 . 2010-12-13 21:37 10833920 ----a-w- c:\windows\system32\libmfxsw32.dll
2011-07-01 19:48 . 2010-12-13 21:37 10915840 ----a-w- c:\windows\system32\libmfxhw32.dll
2011-06-25 00:16 . 2011-06-25 00:56 -------- d-----w- c:\documents and settings\DRUMZ\Application Data\FrostWire
2011-06-25 00:14 . 2011-06-25 00:19 -------- d-----w- c:\program files\FrostWire
2011-06-24 03:10 . 2011-06-24 03:10 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-24 03:09 . 2011-06-24 03:10 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-16 03:18 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 11:43 . 2010-12-09 07:59 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2010-12-09 21:15 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-03-01 22:34 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2010-12-09 21:16 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2010-12-09 21:16 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:35 . 2010-12-09 21:16 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2010-12-09 21:16 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2010-12-09 21:16 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-12-09 21:16 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-04 11:32 . 2010-12-09 21:16 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-16 06:09 . 2011-05-24 03:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-29 16:11 . 2011-01-09 20:06 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 16:11 . 2011-01-09 20:06 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-04 09:25 . 2010-02-03 10:03 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2010-02-03 06:17 692736 ------w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-04 10:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-04 10:00 456320 ------w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-04 10:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-04 10:00 385024 ------w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-04 10:00 105472 ------w- c:\windows\system32\drivers\mup.sys
2011-06-24 03:09 . 2011-05-05 21:24 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 1867888]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-07-01 2424192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-14 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-14 118784]
"IDTSysTrayApp"="sttray.exe" [2007-09-06 405504]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-27 282624]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-08-20 1368064]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-08-20 1191936]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-07-23 08:17 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EMBASSY Trust Suite Secure Update.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\EMBASSY Trust Suite Secure Update.lnk
backup=c:\windows\pss\EMBASSY Trust Suite Secure Update.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDDMStatus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDSmartWare.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
backup=c:\windows\pss\WDSmartWare.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^DRUMZ^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\DRUMZ\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^DRUMZ^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\DRUMZ\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^DRUMZ^Start Menu^Programs^Startup^SANYO Screen Capture 1.1.lnk]
path=c:\documents and settings\DRUMZ\Start Menu\Programs\Startup\SANYO Screen Capture 1.1.lnk
backup=c:\windows\pss\SANYO Screen Capture 1.1.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^DRUMZ^Start Menu^Programs^Startup^setup_9.0.0.722_14.06.2011_04-51.lnk]
path=c:\documents and settings\DRUMZ\Start Menu\Programs\Startup\setup_9.0.0.722_14.06.2011_04-51.lnk
backup=c:\windows\pss\setup_9.0.0.722_14.06.2011_04-51.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^DRUMZ^Start Menu^Programs^Startup^setup_9.0.0.722_27.01.2011_10-48.lnk]
path=c:\documents and settings\DRUMZ\Start Menu\Programs\Startup\setup_9.0.0.722_27.01.2011_10-48.lnk
backup=c:\windows\pss\setup_9.0.0.722_27.01.2011_10-48.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^DRUMZ^Start Menu^Programs^Startup^V CAST Media Monitor.lnk]
path=c:\documents and settings\DRUMZ\Start Menu\Programs\Startup\V CAST Media Monitor.lnk
backup=c:\windows\pss\V CAST Media Monitor.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 14:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2005-10-07 21:13 176128 ----a-r- c:\program files\Apoint\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-12-15 00:17 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2010-03-11 05:32 648536 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ------w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-07-19 02:52 104936 ------w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPMonitor]
2009-07-21 18:50 84464 ----a-w- c:\program files\Roxio 2010\5.0\CPMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2006-12-01 23:00 1060864 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Disc Tool]
2009-06-23 08:18 494064 ----a-w- c:\program files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 04:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2009-08-31 06:33 996616 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 16:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-14 18:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
2008-12-10 22:36 2667816 ------w- c:\program files\CyberLink\Power2Go\Power2GoExpress.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-07-08 19:31 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 19:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-02-09 18:59 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2008-12-04 05:15 218408 ------w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2009-01-06 02:27 210216 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"IDriverT"=3 (0x3)
"Stuffit Archive Name Service"=2 (0x2)
"DataSvr2"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\CinemaNow\\CinemaNow Media Manager\\CinemaNowShell.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Roxio 2010\\Venue\\Venue.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4
.
R0 89215402;89215402 Boot Guard Driver;c:\windows\system32\drivers\89215402.sys [1/27/2011 3:33 AM 37392]
R0 CLBStor;CyberLink InstantBurn UDF Reader Help Driver;c:\windows\system32\drivers\CLBStor.sys [12/7/2010 2:37 AM 10368]
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2/16/2010 4:12 PM 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2/16/2010 4:12 PM 15856]
R1 89215401;89215401;c:\windows\system32\drivers\89215401.sys [1/27/2011 3:33 AM 128016]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/1/2011 3:34 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/9/2010 2:16 PM 309848]
R1 c2scsi;c2scsi;c:\windows\system32\drivers\c2scsi.sys [7/14/2010 11:36 AM 244608]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2/16/2010 4:12 PM 25584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R1 setup_9.0.0.722_27.01.2011_10-48drv;setup_9.0.0.722_27.01.2011_10-48drv;c:\windows\system32\drivers\8921540.sys [1/27/2011 3:33 AM 315408]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [6/2/2009 7:05 PM 457200]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/9/2010 2:16 PM 19544]
R2 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [6/23/2009 5:40 PM 127352]
R2 CLBUDFR;CyberLink UDF Filesystem;c:\windows\system32\drivers\CLBUDFR.sys [12/7/2010 2:37 AM 154368]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/9/2011 1:06 PM 366640]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [1/21/2010 4:24 PM 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 8:58 AM 20480]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/9/2011 1:06 PM 22712]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [6/10/2010 5:44 PM 19056]
R3 QuickBooksDB20;QuickBooksDB20;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB20 --> c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB20 [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/25/2010 12:57 PM 136176]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [7/24/2009 8:33 AM 219632]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/25/2010 12:57 PM 136176]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\224.tmp --> c:\windows\system32\224.tmp [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [12/9/2010 4:04 PM 27064]
S3 RoxMediaDB12;RoxMediaDB12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [7/24/2009 8:33 AM 1116656]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [7/19/2010 2:26 AM 11520]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PBFILTER
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 19:57]
.
2011-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 19:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
Trusted Zone: cinemanow.com
Trusted Zone: qflix.com
Trusted Zone: roxio.com
Trusted Zone: sonic.com\redirect
Trusted Zone: sonic.com\redirect2
TCP: DhcpNameServer = 192.168.1.1
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\documents and settings\DRUMZ\Application Data\Mozilla\Firefox\Profiles\6kl4ylu1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE} - (no file)
SafeBoot-klmdb.sys
MSConfigStartUp-Document Manager - c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-12 13:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\224.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1020)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\documents and settings\DRUMZ\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\DRUMZ\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll
.
- - - - - - - > 'lsass.exe'(1076)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\System32\BCMLogon.dll
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'explorer.exe'(2476)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Intel\WiFi\bin\WLKeeper.exe
c:\windows\sttray.exe
c:\windows\stsystra.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe
.
**************************************************************************
.
Completion time: 2011-07-12 13:27:37 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-12 20:27
.
Pre-Run: 3,132,116,992 bytes free
Post-Run: 2,941,333,504 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 70F9F01BF6B8F271BDDD04CB7A4DBB4F
  • 0

#6
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
P2P Warning:

uTorrent

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes .

These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."


==================================


1. Click Start > Run > copy-paste the bolded text below > press Enter. A text file will pop up, please post the contents of that file.

"C:\Qoobox\Add-Remove Programs.txt" > uninstall.txt& start uninstall.txt




2. Please run Malwarebytes Anti-Malware. Go to update tab and download all updates and then perform a full scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#7
danimal2011

danimal2011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hey Sempai,
Here are the 2 log files requested.

Please Note: Malwarebytes was clean in the full scan, BUT the PUM.Bad.Proxy virus is still in Quarantine within the program.

Thanks,

µTorrent
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge 1.0
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Common File Installer
Adobe CSI CS4
Adobe Default Language CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Center 1.0
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS2
Adobe Reader 9.4.5
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe Shockwave Player 11.5
Adobe SING CS4
Adobe Stock Photos 1.0
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AIO_Scan
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
avast! Free Antivirus
Avery Wizard 4.0
AVS Update Manager 1.0
AVS Video Converter 7
AVS4YOU Software Navigator 1.4
BlackBerry Desktop Software 5.0.1
BlackBerry Device Software Updater
BlackBerry USB Drivers
BlackBerry® Media Sync
BlazeDVDCopy 4.0
Bonjour
Broadcom Advanced Control Suite
Broadcom Gigabit Integrated Controller
BufferChm
C4200
C4200_doccd
c4200_Help
CASIO USB Driver V1.2.2474.0623
CCleaner
CinemaNow Media Manager
Conexant HDA D110 MDC V.92 Modem
Connect
Copy
CustomerResearchQFolder
CyberLink DVD Suite
CyberLink Power2Go
CyberLink UDF Reader 5.0
Dell Driver Download Manager
Dell Embassy Trust Suite by Wave Systems
Dell Resource CD
Destination Component
DeviceDiscovery
DeviceFunctionQFolder
DirectX 9 Runtime
DocProc
DocProcQFolder
FrostWire 4.21.8
GEAR 32bit Driver Installer
GIMP 2.6.8
Google Gears
Google Update Helper
GoToAssist 8.0.0.480
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 9.0
HP Deskjet 3900 series
HP Image Zone Express
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Software Update
HP Solution Center 9.0
HP Update
HPDeskjet3900Series
HPProductAssistant
HPSSupply
Intel PROSet Wireless
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless WiFi Software
iTunes
Java Auto Updater
Java™ 6 Update 26
K-Lite Codec Pack 5.7.0 (Full)
kuler
LG Android Drivers
LG USB Modem driver
LimeWire 4.18.3
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
Malwarebytes' Anti-Malware version 1.51.0.1200
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Expression Web
Microsoft Expression Web MUI (English)
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Web Publishing Wizard 1.52
MixMeister Studio 7.2.2
MobileMe Control Panel
Motorola Driver Installation 3.9.0
Mozilla Firefox 5.0 (x86 en-US)
Mozilla Sunbird (0.5)
mProSafe
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
mWlsSafe
NVIDIA Drivers
OZ776 SCR CardBus V1.1.3.6
OZ776 SCR CardBus Windows Driver
Pantech Handset Driver
PCFriendly
PDF Settings CS4
PeerBlock 1.1 (r518)
Photoshop Camera Raw
PS_AIO_ProductContext
PS_AIO_Software
PS_AIO_Software_min
PSSWCORE
QuickBooks
QuickBooks Customer Manager Version 2.5
QuickBooks Premier: Accountant Edition 2010
QuickSet
QuickTime
RealPlayer
REAPER
Revo Uninstaller Pro 2.2.3
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Burn Manager
Roxio Burn Manager CDB
Roxio CinePlayer
Roxio CinePlayer Decoder Pack
Roxio Creator 2010 Pro
Roxio Disaster Recovery
Roxio File Backup
Roxio Media Manager
Roxio PhotoShow
Roxio Venue
Roxio Video Capture USB
Safari
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
SANYO Screen Capture 1.1
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
SigmaTel Audio
SmartSound Quicktracks Plugin
SnagIt 9
SolutionCenter
Sophos Anti-Rootkit 1.5.4
Status
Suite Shared Configuration CS4
SUPERAntiSpyware
The Logo Creator v5
The Print Shop 22
Toolbox
TrayApp
Ulead DVD Player
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
upekmsi
VideoToolkit01
VLC media player 1.1.7
Wave Infrastructure Installer
WD Diagnostics
WD SmartWare
WebFldrs XP
WebReg
Winamp
Winamp Detector Plug-in
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver

___________________________________________________________________________________________________________________________________________

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7116

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/13/2011 4:10:54 PM
mbam-log-2011-07-13 (16-10-54).txt

Scan type: Full scan (C:\|)
Objects scanned: 321875
Time elapsed: 2 hour(s), 28 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#8
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hi,

I have the virus quarantined in Malwarebytes and things are running ok for now, BUT everytime I delete it from quarantine, it reappears and causes internet problems (loss of wifi, etc.)

Please delete all the MBAM quarantine files and then run another scan with MBAM and post the result please.
  • 0

#9
danimal2011

danimal2011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hey Sempai,
Sorry for the delay in response. All was clean in MBAM full scan, even did a reboot and update to MBAM, however 1 thing I noticed is that my Avast! icon does NOT load in my system tray during reboots now??? I have to double click Avast! icon to get it in the systray....please advise of this. The virus has not reappeared as of yet in MBAM, nor has there been anything in Super Antispyware, or Avast! scans. Does this mean we are in the clear??? Please advise...

Here is the latest MBAM scan log:

Thanks,
______________________________________________________________________________________________________________________________________________

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7139

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/14/2011 7:34:56 PM
mbam-log-2011-07-14 (19-34-56).txt

Scan type: Full scan (C:\|)
Objects scanned: 317743
Time elapsed: 2 hour(s), 19 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#10
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hi,

You can simply uninstall and then reinstall Avast.


ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, but make sure you copy the logfile first.
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
  • 0

Advertisements


#11
danimal2011

danimal2011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
It won't allow download of database sigs or scan.
It says " Can not get update. Is proxy configured?"

it never asked for this step either: *When prompted allow the Add-On/Active X to install.

Edited by danimal2011, 15 July 2011 - 11:45 AM.

  • 0

#12
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Please try this instead.


Please use Internet Explorer to perform a BitDefender Quickscan
  • Click on START SCANNER.
  • Click on FREE SCAN NOW. Please wait as it might take some time to load.
  • It will then ask you to install the add-on "qsax.cab" (Just above the page under the Internet Explorer toolbar). Please allow it to be installed.
  • Click the FREE SCAN NOW button once again to start the add-on installation.
  • Click "Install" and accept the "End User Software License Agreement" when prompted and then click OK.
  • it will now begin scanning, please let it run uninterrupted.
  • Click on View report once completed.
  • A notepad will pop-up containing the report.
  • Please post the entire contents of that report when you reply.
Note: For Windows Vista/7 users, you will need to to right-click on Internet Explorer icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • 0

#13
danimal2011

danimal2011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
No infections found. Plugin was installed.
All Avast! shields were disabled during scan.

Heres the report:

QuickScan Beta 32-bit v0.9.9.96
-------------------------------
Scan date: Fri Jul 15 13:11:12 2011
Machine ID: 5486A64A



No infection found.
-------------------



Processes
---------
SaibSVC Application 920 C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C-Major Audio 2168 C:\WINDOWS\stsystra.exe
Intel® Common User Interface 2032 C:\WINDOWS\system32\igfxpers.exe
Microsoft® Windows® Operating System 3172 C:\WINDOWS\system32\wscntfy.exe
PeerBlock 2656 C:\Program Files\PeerBlock\peerblock.exe
(verified) avast! Antivirus 1904 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(verified) avast! Antivirus 3180 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(verified) Bonjour 980 C:\Program Files\Bonjour\mDNSResponder.exe
(verified) CinemaNow Service Application 1128 C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(verified) IDT Audio 1756 C:\WINDOWS\sttray.exe
(verified) Intel® Common User Interface 1312 C:\WINDOWS\system32\hkcmd.exe
(verified) Intel® Common User Interface 2064 C:\WINDOWS\system32\igfxsrvc.exe
(verified) Intel® PROSet/Wireless 2528 C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(verified) Intel® PROSet/Wireless 2252 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(verified) Intel® PROSet/Wireless 1480 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(verified) Intel® PROSet/Wireless 1484 C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(verified) Intel® PROSet/Wireless 3152 C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
(verified) Intel® PROSet/Wireless 2520 C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
(verified) Java™ Platform SE 6 U26 1604 C:\Program Files\Java\jre6\bin\jqs.exe
(verified) Malwarebytes' Anti-Malware 2652 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(verified) Malwarebytes' Anti-Malware 364 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(verified) Microsoft® .NET Framework 2512 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(verified) Microsoft® Visual Studio .NET 1852 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(verified) Microsoft® Windows® Operating System 2984 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 1124 C:\WINDOWS\system32\alg.exe
(verified) Microsoft® Windows® Operating System 936 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 1072 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 828 C:\WINDOWS\system32\scardsvr.exe
(verified) Microsoft® Windows® Operating System 1060 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 868 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 664 C:\WINDOWS\system32\spoolsv.exe
(verified) Microsoft® Windows® Operating System 904 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 996 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1648 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1704 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1412 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1368 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1976 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1288 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 2152 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1240 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1196 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 2968 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1352 C:\WINDOWS\system32\wbem\unsecapp.exe
(verified) Microsoft® Windows® Operating System 1984 C:\WINDOWS\system32\wbem\wmiprvse.exe
(verified) Microsoft® Windows® Operating System 3760 C:\WINDOWS\system32\wbem\wmiprvse.exe
(verified) Microsoft® Windows® Operating System 1016 C:\WINDOWS\system32\winlogon.exe
(verified) MobileDeviceService 956 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(verified) NicConfigSvc 2092 C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
(verified) QBDBMgrN.exe 4080 C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
(verified) QuickBooks for Windows 2172 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(verified) SUPERAntiSpyware 2676 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(verified) WD Drive Manager 3012 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(verified) WDSmartWareBackgroundService 3084 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(verified) Windows® Internet Explorer 1792 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 3528 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 3620 C:\Program Files\Internet Explorer\iexplore.exe


Network activity
----------------
Process iexplore.exe (3528) connected on port 80 (HTTP) --> 66.235.142.24
Process iexplore.exe (3528) connected on port 80 (HTTP) --> 74.125.224.207

Process svchost.exe (1288) listens on ports: 135 (RPC)
Process QBCFMonitorService.exe (2172) listens on ports: 8019
Process QBDBMgrN.exe (4080) listens on ports: 55338


Autoruns and critical files
---------------------------
C-Major Audio C:\WINDOWS\stsystra.exe
Intel® Common User Interface C:\WINDOWS\system32\igfxdev.dll
Intel® Common User Interface C:\WINDOWS\system32\igfxpers.exe
PeerBlock C:\Program Files\PeerBlock\peerblock.exe
(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
(verified) GoToAssist C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
(verified) IDT Audio C:\WINDOWS\sttray.exe
(verified) Intel® Common User Interface C:\WINDOWS\system32\hkcmd.exe
(verified) Intel® Common User Interface C:\WINDOWS\system32\igfxtray.exe
(verified) Intel® PROSet/Wireless C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(verified) Intel® PROSet/Wireless C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
(verified) Malwarebytes' Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(verified) Microsoft Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
(verified) SuperAntiSpyware C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
(verified) SUPERAntiSpyware C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(verified) SUPERAntiSpyware WinLogon Processor C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe
SnagIt c:\program files\techsmith\snagit 9\snagitbho.dll
SnagIt c:\program files\techsmith\snagit 9\snagitieaddin.dll
Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
(unsigned) Google Gears 0.5.36.0 c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
(unsigned) Java™ Platform SE 6 U26 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

(verified) 2007 Microsoft Office system C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
(verified) AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
(verified) Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
(verified) Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
(verified) Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
(verified) avast! WebRep C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
(verified) BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll
(verified) Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
(verified) Google Update C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll
(verified) Java Deployment Toolkit 6.0.260.3 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
(verified) Java™ Platform SE 6 U26 c:\program files\java\jre6\bin\jp2ssv.dll
(verified) Java™ Platform SE 6 U26 c:\program files\java\jre6\bin\ssv.dll
(verified) Java™ Platform SE 6 U26 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
(verified) Messenger C:\Program Files\Messenger\msmsgs.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\wshbth.dll
(verified) npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
(verified) NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
(verified) NPWebSLLauncher.dll C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
(verified) RealJukebox NS Plugin C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
(verified) RealJukebox NS Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
(verified) RealPlayer Version Plugin C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
(verified) RealPlayer Version Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
(verified) RealPlayer™ G2 LiveConnect-Enabled P C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
(verified) RealPlayer™ G2 LiveConnect-Enabled P C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
(verified) Shockwave for Director C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
(verified) Software Manager C:\WINDOWS\Downloaded Program Files\isusweb.dll
(verified) Winamp Application Detector C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\IEFRAME.dll


Scan
----
MD5: db4b28b8f25b3a2548b947a42b2df3b3 C:\Documents and Settings\DRUMZ\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MD5: bdeb167ca3610252e382f2fc3b8f2f28 C:\Program Files\Alwil Software\Avast5\defs\11071500\algo.dll
MD5: c1eb9968ec89fba5f3a264e2e57923ab C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
MD5: 87af77718e3bfb5a7766f575609c057a C:\Program Files\Common Files\Adobe\Adobe Drive CS4\BIB.dll
MD5: 11add8816d61a6025844eb5123ec92d3 C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
MD5: 9de2570e932164f9b06e5bb8a791a21e c:\Program Files\Common Files\Intuit\QuickBooks\QBDBPortFinder.dll
MD5: 1264f787e46dc572fa274ca09b446e01 C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
MD5: 432226e3e9c09a73f389a65dec49bb2f c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
MD5: 9af5ea601c06e5c64f9f006e050b931e c:\program files\hp\digital imaging\bin\hpqddcmn.dll
MD5: 9b7896c4706d922781141f0f46bdad2c C:\Program Files\Intel\WiFi\bin\KmmdlPlugins\SupplicantPlugin.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
MD5: 31f12d3ecb83b25ccda18e943aa1ac57 c:\Program Files\Intuit\QuickBooks 2010\dblgen11.dll
MD5: 1040bd9bf3ddab7cda2346f8375480a2 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
MD5: 96755f31ceb74885f69a2132fce91f99 C:\Program Files\PeerBlock\peerblock.exe
MD5: a15069eec83ebc54150564b2585cfdba C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
MD5: b48f3770bce0376dfa13503c0b634016 c:\program files\techsmith\snagit 9\snagitbho.dll
MD5: df6b3fa11a67af97339b41be6664fbf7 c:\program files\techsmith\snagit 9\snagitieaddin.dll
MD5: 617fb85504f7be3d0231b5c67724b1ba C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MD5: f798be75656b0ccbc9e642b103b03385 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\caafa254739e326b0cf55eed815b4333\PresentationCore.ni.dll
MD5: 9ffa9fb2b9470dbd346524cea1c06d61 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\e9bb32c656a2f80b629f129d738c392b\PresentationFontCache.ni.exe
MD5: 60ef8f216e869239a3f1c60a82850145 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\48f8b951a598647dd309ca2031807a5d\System.Configuration.ni.dll
MD5: 3afe79c19fc66cc5505f8d452920c4a9 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\bdaf7904d223589a0f464de58d27e691\System.Runtime.Remoting.ni.dll
MD5: 43fbf126d8efe9cb2bca5fb1e365d832 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\0f3d321ebd65af974ff0ad424223276d\System.ServiceProcess.ni.dll
MD5: f32d44a584a0b78ef3c8c1bc156ff99a C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f354057a5b4fad4c399da28449ba0d92\System.Xml.ni.dll
MD5: f4e1f9d3b2762bba015ba723792f51f4 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f6a9a002526806f3a5b745cf5c407cae\System.ni.dll
MD5: 0f262aa8a99114fc33f0de8aa6fd95b4 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\11526c1635b97a7d49e25e72ed6e9662\WindowsBase.ni.dll
MD5: d715a946e66028cdb04c9e9f8c7137f5 C:\WINDOWS\Downloaded Program Files\dwusplay.exe
MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: 289bdc9e5681bd1be0fb871c460bd254 C:\WINDOWS\stsystra.exe
MD5: f49dabe4b824b9bf35e5f541a6caaf26 C:\WINDOWS\System32\BCMLogon.dll
MD5: ec94e05b76d033b74394e7b2175103cf C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
MD5: c0acd392ece55784884cc208aafa06ce C:\WINDOWS\system32\DRIVERS\b57xp32.sys
MD5: ba6b6fb242a6ba4068c8b763063beb63 C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
MD5: e246a32c445056996074a397da56e815 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
MD5: 71371ed9086a3d65f43967c89634e9a9 C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
MD5: 7dfd6b1077b3ff19877fd67a04fed2a2 C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
MD5: ab6fd13d7efa2634fa6bdf84c7ef0696 C:\WINDOWS\system32\drivers\TosRfSnd.sys
MD5: efc3639ae8a452dc8dddf7d526092d3e C:\WINDOWS\system32\igfxdev.dll
MD5: 697963452107c59be69a67bee54e3eac C:\WINDOWS\system32\igfxpers.exe
MD5: 27ccea9ce41a726b13e45795ccc3b7ba C:\WINDOWS\system32\mdimon.dll
MD5: 9e70016c950b1f8fdeaa6f067e2e25a8 C:\WINDOWS\system32\msjet40.dll
MD5: afdc647d16b285b9ae6140335b3b3255 C:\WINDOWS\system32\mswstr10.dll
MD5: 544705bd006cfdadd49c942658602f4a C:\WINDOWS\system32\STLang.dll
MD5: f92e1076c42fcd6db3d72d8cfe9816d5 C:\WINDOWS\system32\wscntfy.exe
MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll
MD5: 686b224b4987c22b153fbb545fee9657 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL


No file uploaded.

Scan finished - communication took 1 sec
Total traffic - 0.00 MB sent, 0.23 KB recvd
Scanned 742 files and modules - 9 seconds

==============================================================================
  • 0

#14
sempai

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
How's the computer running now?


1. Update Adobe Reader so you will not become vulnerable for infections.
  • Uninstall your old version of Adobe Reader.
  • Download the latest version of Adobe Reader. --> HERE
  • Uncheck any optional download like Free Google Toolbar or Free McAfee® Security Scan Plus.
  • Click download to download the file and install it by following the prompts.
Adobe Download Manager FAQ | Flash Player and Reader: http://kb2.adobe.com...psid_52001.html


2. Please run OTL and click the "Quick Scan" button, post the new report for my review.
  • 0

#15
danimal2011

danimal2011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Running ok, I guess...So do you think the PUM.Bad.Proxy is gone?

I have added the log results from Super AntiSpyware showing the quarantined adware cookies from today that have been showing up in every days quick scans (different cookies every day). Not sure why these always show up? Only surf basic internet sites...

Also, updated to Adobe Reader X 10. Here's the latest OTL quick scan log results.

_____________________________________________________________________________________________________________________________________________
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/16/2011 at 07:37 AM

Application Version : 4.55.1000

Core Rules Database Version : 7415
Trace Rules Database Version: 5227

Scan type : Quick Scan
Total Scan Time : 00:35:54

Memory items scanned : 634
Memory threats detected : 0
Registry items scanned : 2024
Registry threats detected : 0
File items scanned : 16083
File threats detected : 4

Adware.Tracking Cookie
C:\Documents and Settings\DRUMZ\Cookies\[email protected][2].txt
C:\Documents and Settings\DRUMZ\Cookies\[email protected][1].txt
C:\Documents and Settings\DRUMZ\Cookies\[email protected][1].txt
C:\Documents and Settings\DRUMZ\Cookies\[email protected][2].txt

_____________________________________________________________________________________________________________________________________________
OTL logfile created on: 7/16/2011 5:34:15 PM - Run 3
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Documents and Settings\DRUMZ\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 60.50% Memory free
3.84 Gb Paging File | 2.80 Gb Available in Paging File | 72.91% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 19.23 Gb Free Space | 20.64% Space Free | Partition Type: NTFS

Computer Name: DANIMAL | User Name: DRUMZ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/05 15:46:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DRUMZ\Desktop\OTL.exe
PRC - [2011/07/04 04:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/07/04 04:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/06/30 20:21:49 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/06/23 20:09:59 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/06 22:24:30 | 001,867,888 | ---- | M] (PeerBlock, LLC) -- C:\Program Files\PeerBlock\peerblock.exe
PRC - [2010/01/21 16:24:08 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/10/13 21:39:42 | 000,024,576 | ---- | M] (Intuit) -- c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/08/18 02:25:12 | 000,678,912 | ---- | M] (Intuit, Inc.) -- c:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe
PRC - [2009/06/23 17:40:12 | 000,127,352 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009/06/02 19:05:58 | 000,457,200 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
PRC - [2008/08/20 16:38:30 | 000,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/08/20 16:28:34 | 000,348,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
PRC - [2008/08/20 16:27:36 | 001,368,064 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2008/08/20 16:18:34 | 000,905,216 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2008/08/20 16:09:12 | 001,191,936 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2008/08/20 16:08:02 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/05 21:24:20 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\sttray.exe
PRC - [2006/12/01 15:59:08 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/07/27 14:19:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (SafeList) ==========

MOD - [2011/07/05 15:46:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DRUMZ\Desktop\OTL.exe
MOD - [2011/07/04 04:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (DataSvr2)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/04 04:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/07/23 01:18:02 | 000,016,936 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe -- (GoToAssist)
SRV - [2010/07/14 04:22:48 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/21 16:24:08 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/10/13 21:39:42 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/08/18 02:25:12 | 000,678,912 | ---- | M] (Intuit, Inc.) [On_Demand | Running] -- c:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe -- (QuickBooksDB20)
SRV - [2009/07/24 08:33:34 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe -- (RoxWatch12)
SRV - [2009/07/24 08:33:10 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe -- (RoxMediaDB12)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- c:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/06/23 17:40:12 | 000,127,352 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/06/02 19:05:58 | 000,457,200 | ---- | M] () [Auto | Running] -- C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
SRV - [2008/08/20 16:38:30 | 000,860,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/08/20 16:28:34 | 000,348,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2008/08/20 16:18:34 | 000,905,216 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2008/08/20 16:08:02 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2006/12/01 15:59:08 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)


========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/04 04:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 04:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 04:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 04:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 04:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 04:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 04:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/11/06 22:24:30 | 000,019,056 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/10/22 12:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\89215402.sys -- (89215402)
DRV - [2009/10/09 22:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\8921540.sys -- (setup_9.0.0.722_27.01.2011_10-48drv)
DRV - [2009/09/25 16:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\89215401.sys -- (89215401)
DRV - [2009/06/02 01:00:00 | 000,025,584 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SaibVd32.sys -- (SaibVd32)
DRV - [2009/06/02 01:00:00 | 000,021,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SahdIa32.sys -- (SahdIa32)
DRV - [2009/06/02 01:00:00 | 000,015,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SaibIa32.sys -- (SaibIa32)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/10/20 18:23:22 | 000,154,368 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\CLBUDFR.sys -- (CLBUDFR)
DRV - [2008/10/20 18:23:22 | 000,010,368 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\CLBStor.sys -- (CLBStor)
DRV - [2008/08/28 23:34:30 | 003,632,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/08/04 11:32:26 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/04/13 11:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/08/30 05:00:00 | 000,244,608 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\c2scsi.sys -- (c2scsi)
DRV - [2006/11/21 23:05:48 | 000,061,312 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2006/07/27 14:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/06/13 12:29:28 | 000,047,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/06/13 11:22:58 | 000,111,232 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfbd.sys -- (Tosrfbd)
DRV - [2006/06/09 21:40:00 | 000,040,192 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006/05/29 13:11:20 | 000,060,672 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfhid.sys -- (Tosrfhid)
DRV - [2006/03/16 10:45:12 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2006/03/15 10:52:40 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2005/10/26 10:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/10/03 12:57:00 | 000,086,867 | ---- | M] (CSR) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCOREUSB.sys -- (BCOREUSB)
DRV - [2005/09/28 20:57:18 | 000,113,847 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/11 18:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/05/13 17:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2005/01/06 13:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/10/07 18:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C 3C 73 33 3F 2A CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..keyword.URL: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\DRUMZ\Application Data\Facebook\npfbplugin_1_0_3.dll File not found

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/06/25 12:58:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/07/05 14:31:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/23 20:10:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/16 14:16:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.5\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2011/04/19 07:02:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.5\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins
FF - HKCU\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/06/25 12:58:10 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/07/05 14:31:31 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/23 20:10:02 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/16 14:16:14 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Sunbird 0.5\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2011/04/19 07:02:01 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Sunbird 0.5\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins

[2010/02/08 00:31:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DRUMZ\Application Data\Mozilla\Extensions
[2011/06/28 19:49:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DRUMZ\Application Data\Mozilla\Firefox\Profiles\6kl4ylu1.default\extensions
[2010/05/03 13:11:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\DRUMZ\Application Data\Mozilla\Firefox\Profiles\6kl4ylu1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/05 17:19:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/05 17:19:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/07/05 14:31:31 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2010/02/14 12:31:14 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/23 20:09:59 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/13 15:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/05/05 14:24:51 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/07/12 13:17:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)
O4 - HKLM..\Run: [IDTSysTrayApp] C:\WINDOWS\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_26.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: qflix.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: roxio.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: sonic.com ([redirect] http in Trusted sites)
O15 - HKCU\..Trusted Domains: sonic.com ([redirect2] http in Trusted sites)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\DRUMZ\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\DRUMZ\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/02 23:23:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/16 17:09:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\DRUMZ\Recent
[2011/07/12 13:36:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/12 12:37:13 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/12 12:31:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/12 12:31:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/12 12:31:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/12 12:31:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/12 12:31:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/12 12:30:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/12 12:04:34 | 004,149,129 | R--- | C] (Swearware) -- C:\Documents and Settings\DRUMZ\Desktop\ComboFix.exe
[2011/07/12 11:34:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/05 15:46:07 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DRUMZ\Desktop\OTL.exe
[2011/07/05 15:39:14 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/07/04 06:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Malwarebytes
[2011/07/03 19:54:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DRUMZ\Application Data\MixMeister Technology
[2011/07/03 19:53:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MixMeister Studio 7.2.2
[2011/07/03 19:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\MixMeister Studio 7.2.2
[2011/07/01 12:51:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DRUMZ\Start Menu\Programs\AVS4YOU
[2011/06/26 16:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DRUMZ\My Documents\Roxio
[2011/06/24 17:17:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DRUMZ\My Documents\FrostWire
[2011/06/24 17:16:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DRUMZ\Application Data\FrostWire
[2011/06/24 17:16:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DRUMZ\Start Menu\Programs\FrostWire
[2011/06/24 17:14:58 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire

========== Files - Modified Within 30 Days ==========

[2011/07/16 17:21:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/16 17:18:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/16 17:16:36 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/16 17:16:11 | 004,909,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/16 17:13:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/16 17:13:50 | 2137,120,768 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/16 17:00:30 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro v2.5.3.lnk
[2011/07/16 14:34:51 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/07/16 14:16:14 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X (10.1.0).lnk
[2011/07/16 02:34:43 | 000,122,368 | ---- | M] () -- C:\Documents and Settings\DRUMZ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/15 09:48:20 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware V 1.51.1.1800.lnk
[2011/07/12 13:17:22 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/12 12:05:07 | 004,149,129 | R--- | M] (Swearware) -- C:\Documents and Settings\DRUMZ\Desktop\ComboFix.exe
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/05 15:46:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DRUMZ\Desktop\OTL.exe
[2011/07/05 14:31:37 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/04 04:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/04 04:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 04:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/04 04:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/04 04:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/04 04:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/04 04:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/04 04:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/04 04:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/04 04:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/07/03 19:53:15 | 000,000,695 | ---- | M] () -- C:\Documents and Settings\DRUMZ\Desktop\MixMeister Studio.lnk
[2011/07/02 19:22:43 | 000,340,268 | ---- | M] () -- C:\Documents and Settings\DRUMZ\Local Settings\Application Data\rx_image32.Cache
[2011/07/02 19:22:42 | 000,415,276 | ---- | M] () -- C:\Documents and Settings\DRUMZ\Local Settings\Application Data\rx_audio.Cache
[2011/07/01 12:51:25 | 000,000,946 | ---- | M] () -- C:\Documents and Settings\DRUMZ\Desktop\AVS4YOU Software Navigator.lnk
[2011/07/01 12:48:52 | 000,000,890 | ---- | M] () -- C:\Documents and Settings\DRUMZ\Desktop\AVS Video Converter.lnk
[2011/06/27 21:56:46 | 000,468,904 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/27 21:56:46 | 000,079,288 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/25 23:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/24 17:16:29 | 000,000,856 | ---- | M] () -- C:\Documents and Settings\DRUMZ\Desktop\FrostWire 4.21.8.lnk

========== Files Created - No Company Name ==========

[2011/07/16 17:00:30 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro v2.5.3.lnk
[2011/07/16 14:16:14 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/07/16 14:16:14 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X (10.1.0).lnk
[2011/07/15 09:48:20 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware V 1.51.1.1800.lnk
[2011/07/12 12:37:23 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/07/12 12:37:18 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/12 12:31:37 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/12 12:31:37 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/12 12:31:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/12 12:31:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/12 12:31:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/03 19:53:15 | 000,000,695 | ---- | C] () -- C:\Documents and Settings\DRUMZ\Desktop\MixMeister Studio.lnk
[2011/07/01 12:51:25 | 000,000,946 | ---- | C] () -- C:\Documents and Settings\DRUMZ\Desktop\AVS4YOU Software Navigator.lnk
[2011/07/01 12:48:52 | 000,000,890 | ---- | C] () -- C:\Documents and Settings\DRUMZ\Desktop\AVS Video Converter.lnk
[2011/06/24 17:16:29 | 000,000,856 | ---- | C] () -- C:\Documents and Settings\DRUMZ\Desktop\FrostWire 4.21.8.lnk
[2011/01/21 16:23:30 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\DRUMZ\Local Settings\Application Data\housecall.guid.cache
[2010/12/09 04:58:03 | 000,000,095 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/12/07 17:41:02 | 000,139,801 | ---- | C] () -- C:\WINDOWS\hpoins15.dat
[2010/12/07 17:41:01 | 000,001,039 | ---- | C] () -- C:\WINDOWS\hpomdl15.dat
[2010/10/04 12:57:57 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2010/10/04 12:57:57 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2010/09/14 13:59:30 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/14 10:49:15 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/07/11 00:49:22 | 012,063,840 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/06 04:14:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\syscheck.INI
[2010/03/06 04:07:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2010/02/24 01:41:46 | 000,340,268 | ---- | C] () -- C:\Documents and Settings\DRUMZ\Local Settings\Application Data\rx_image32.Cache
[2010/02/24 01:41:39 | 000,415,276 | ---- | C] () -- C:\Documents and Settings\DRUMZ\Local Settings\Application Data\rx_audio.Cache
[2010/02/19 14:39:00 | 000,078,998 | ---- | C] () -- C:\WINDOWS\hpfins05.dat
[2010/02/19 14:39:00 | 000,001,395 | ---- | C] () -- C:\WINDOWS\hpfmdl05.dat
[2010/02/11 10:45:36 | 000,122,368 | ---- | C] () -- C:\Documents and Settings\DRUMZ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/08 00:55:04 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/02/08 00:55:03 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/02/08 00:54:54 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/02/08 00:54:54 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/02/08 00:54:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/02/08 00:31:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/02/06 12:27:48 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2010/02/06 12:27:47 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2010/02/03 03:22:17 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll
[2010/02/03 01:14:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2010/02/03 01:09:02 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\DRUMZ\Local Settings\Application Data\fusioncache.dat
[2010/02/03 00:42:36 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2010/02/02 23:29:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/02/02 23:16:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/02/02 16:02:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/02/02 16:01:24 | 004,909,152 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/09/18 14:37:50 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2006/09/18 14:37:48 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2006/09/12 12:07:36 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2006/09/12 12:01:48 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2006/09/12 12:01:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2006/09/12 12:01:34 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2006/09/12 12:01:28 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2006/09/12 12:01:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2006/09/12 12:01:12 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2006/09/12 12:01:06 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2006/09/12 12:00:58 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2006/09/12 12:00:52 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2006/09/12 12:00:44 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2006/09/08 08:30:44 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\detoured.dll
[2006/09/05 10:05:32 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_en.dll
[2006/09/05 09:26:06 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2006/09/05 09:25:54 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2006/09/05 09:25:42 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2006/09/05 09:25:32 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2006/09/05 09:25:20 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2006/09/05 09:25:10 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2006/09/05 09:24:58 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2006/09/05 09:24:48 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2006/09/05 09:24:36 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2006/09/05 09:24:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2005/09/20 13:36:06 | 000,798,720 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2005/03/21 16:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 16:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/01/21 12:02:28 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[2004/08/04 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 03:00:00 | 000,468,904 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 03:00:00 | 000,079,288 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 03:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/21 15:03:14 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/07/20 14:27:52 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/01/30 15:07:46 | 000,245,408 | ---- | C] () -- C:\WINDOWS\System32\unicows.dll
[1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== LOP Check ==========

[2010/02/04 23:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/03/03 13:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2010/03/03 13:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2010/02/16 16:11:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CinemaNow
[2010/07/23 01:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/12/09 04:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/12/13 18:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/12/09 04:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/02/16 16:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoShow Shared Assets
[2010/09/14 11:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2011/04/04 00:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/02/03 03:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMSI
[2010/12/09 05:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2011/01/22 13:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SRI
[2010/12/13 18:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2010/02/12 03:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/12/07 02:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/02/16 16:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2010/02/03 01:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2010/07/19 02:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/08/02 08:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/09 11:21:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/12/18 20:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DRUMZ\Application Data\Avery
[2010/02/03 03:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DRUMZ\Application Data\BlazeVideo
[2011/06/24 17:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DRUMZ\Application Data\FrostWire
[2011/06/13 04:10:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DRUMZ\Application Data\LimeWire
[2010/08/24 21:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DRUMZ\Application Data\Opera
[2011/07/15 13:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DRUMZ\Application Data\QuickScan
[2010/07/14 01:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DRUMZ\Application Data\REAPER
[2010/09/14 10:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DRUMZ\Application Data\Research In Motion
[2010/02/16 16:09:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DRUMZ\Application Data\Simple Star
[2010/05/08 15:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DRUMZ\Application Data\Smith Micro
[2011/07/03 19:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DRUMZ\Application Data\uTorrent
[2010/07/19 02:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DRUMZ\Application Data\Western Digital
[2010/02/03 02:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DRUMZ\Application Data\Zoner

========== Purity Check ==========



< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP