Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Vv1.exe, corrupt MBR and other problems


  • This topic is locked This topic is locked

#1
George_in_GA

George_in_GA

    Member

  • Member
  • PipPip
  • 14 posts
Hello,

I'm not exactly sure what infections I have, but they have been causing a number of problems for the last several days (restarts, redirects, etc.) I have used MBAM and SUPERAntiSpyware. They find infected files, they attempt to remove all items and then instruct me to restart. However, following the restart, I get locked in a boot cycle. This requires entering the Recovery Console and running FixMBR. Once I'm back in Windows XP, MBAM finds the same files, etc.

Please help! Thanks in advance.

OTL Log:

OTL logfile created on: 7/14/2011 1:13:48 PM - Run 4
OTL by OldTimer - Version 3.2.26.1 Folder = C:\G2G Virus Removal
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 60.46% Memory free
8.71 Gb Paging File | 7.79 Gb Available in Paging File | 89.46% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 6.30 Gb Free Space | 4.92% Space Free | Partition Type: NTFS
Drive F: | 698.64 Gb Total Space | 0.86 Gb Free Space | 0.12% Space Free | Partition Type: NTFS
Drive G: | 446.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 698.64 Gb Total Space | 2.15 Gb Free Space | 0.31% Space Free | Partition Type: NTFS
Drive I: | 930.86 Gb Total Space | 404.41 Gb Free Space | 43.45% Space Free | Partition Type: NTFS
Drive J: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive N: | 7.47 Gb Total Space | 3.71 Gb Free Space | 49.67% Space Free | Partition Type: FAT32

Computer Name: G3 | User Name: George Nicholson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/14 13:13:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\G2G Virus Removal\OTL.exe
PRC - [2011/07/13 10:07:38 | 000,239,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\George Nicholson\Local Settings\temp\Vv1.exe
PRC - [2011/06/30 09:50:31 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/11/03 11:00:42 | 002,113,024 | ---- | M] (Megaupload Limited) -- C:\Program Files\Megaupload\Mega Manager\MegaManager.exe
PRC - [2010/03/31 22:43:47 | 002,937,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/11 13:50:59 | 000,364,544 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\system32\WDBtnMgr.exe
PRC - [2008/02/24 16:42:37 | 000,160,592 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2008/02/04 12:23:48 | 000,155,648 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2008/01/30 15:45:02 | 000,114,688 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
PRC - [2007/11/14 21:46:00 | 000,131,072 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe
PRC - [2006/09/07 16:21:38 | 000,098,304 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\My Book\WD Backup\uBBMonitor.exe
PRC - [2006/08/16 23:32:09 | 000,018,944 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFIHLP.EXE
PRC - [2006/08/16 23:32:04 | 000,017,920 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE
PRC - [2006/08/16 23:28:13 | 000,729,600 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFISPI.EXE
PRC - [2006/07/25 02:01:00 | 000,114,688 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic Shared\CineTray.exe
PRC - [2006/07/21 16:17:00 | 000,073,728 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
PRC - [2005/11/04 19:07:56 | 000,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
PRC - [2005/10/21 19:12:22 | 000,040,960 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
PRC - [2004/10/22 20:26:16 | 000,540,734 | ---- | M] (ReadNotify.com Limited) -- C:\Program Files\RNmail\rn.exe
PRC - [2004/06/09 15:16:08 | 000,471,040 | ---- | M] (PalmSource, Inc) -- C:\Program Files\palmOne\Hotsync.exe
PRC - [2003/06/18 02:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe


========== Modules (SafeList) ==========

MOD - [2011/07/14 13:13:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\G2G Virus Removal\OTL.exe
MOD - [2009/07/20 12:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2008/04/13 20:12:51 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2006/08/16 23:32:03 | 000,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/05/24 14:02:21 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/21 07:33:30 | 000,208,616 | ---- | M] (Kaspersky Lab) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe -- (AVP)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/02/04 12:23:48 | 000,155,648 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2008/01/30 15:45:02 | 000,114,688 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2007/11/14 21:46:00 | 000,131,072 | ---- | M] (Brio) [Auto | Running] -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize)


========== Driver Services (SafeList) ==========

DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/12 17:55:22 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/11/11 13:31:16 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2009/06/21 17:47:49 | 000,226,832 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2009/06/21 17:47:49 | 000,033,808 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2009/06/17 12:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009/06/17 12:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2009/06/17 12:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008/07/21 17:34:36 | 000,121,872 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/30 17:06:48 | 000,024,592 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2008/03/13 18:02:46 | 000,026,640 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klfltdev.sys -- (KLFLTDEV)
DRV - [2008/02/04 12:26:46 | 000,029,824 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2008/01/30 15:41:58 | 000,036,512 | ---- | M] (NVidia Corp.) [Kernel | Auto | Running] -- C:\WINDOWS\nvflash.sys -- (NVR0FLASHDev)
DRV - [2007/10/12 17:15:00 | 000,054,144 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007/10/12 17:15:00 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/01/03 17:25:18 | 000,027,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\frmupgr.sys -- (DFUBTUSB)
DRV - [2006/08/16 23:23:00 | 000,340,176 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2006/08/16 23:17:11 | 000,007,168 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006/08/16 23:17:09 | 000,500,480 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2006/08/16 23:16:32 | 001,110,528 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2006/08/16 23:15:00 | 000,116,224 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006/08/16 23:14:42 | 000,143,872 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006/08/16 23:14:37 | 000,078,336 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006/08/16 23:14:24 | 000,502,272 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2003/12/18 18:47:00 | 000,058,852 | R--- | M] (Dallas Semiconductor) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DS2490.sys -- (DS2490) DS2490 (USB Host for 1-Wire Network)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.inthesetimes.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)

FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2010/07/12 19:49:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2010/07/12 19:49:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/01/27 09:56:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4F5A12A7-A804-4D20-8E28-EA180D220D23}: C:\Documents and Settings\George Nicholson\Local Settings\Application Data\{4F5A12A7-A804-4D20-8E28-EA180D220D23}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/26 12:34:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/27 10:41:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\THBExt [2009/06/21 17:30:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/01/27 09:56:04 | 000,000,000 | ---D | M]

[2008/10/06 18:06:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\George Nicholson\Application Data\Mozilla\Extensions
[2010/07/22 21:34:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\George Nicholson\Application Data\Mozilla\Firefox\Profiles\xas8lnth.default\extensions
[2010/07/11 14:47:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\George Nicholson\Application Data\Mozilla\Firefox\Profiles\xas8lnth.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/11 13:12:00 | 000,000,000 | ---D | M] (jDownFF) -- C:\Documents and Settings\George Nicholson\Application Data\Mozilla\Firefox\Profiles\xas8lnth.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66}
[2010/07/22 21:34:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/12 19:49:14 | 000,000,000 | ---D | M] (eMusic - Apple iTunes Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2010/07/12 19:49:14 | 000,000,000 | ---D | M] (eMusic - Nullsoft Winamp Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2010/07/12 19:49:14 | 000,000,000 | ---D | M] (eMusic - Microsoft Media Player Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2010/03/31 22:43:37 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll

Hosts file not found
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (&RN_Object) - {E6B48BC7-4EA9-4643-A4B3-BB7C4F69287A} - C:\Program Files\RNmail\RN_IE_Add_On.dll ()
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RCSystem] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [RNmail] C:\Program Files\RNmail\rn.exe (ReadNotify.com Limited)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [8DDYX0ZBPZ] C:\Documents and Settings\George Nicholson\Local Settings\temp\Vv1.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Mega Manager] C:\Program Files\Megaupload\Mega Manager\MegaManager.exe (Megaupload Limited)
O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe (ArcSoft, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Active Tracker - {217CCFE3-21DE-4559-B11A-BC8840EB15DD} - C:\Program Files\RNmail\RN_IE_Add_On.dll ()
O9 - Extra 'Tools' menuitem : Active Tracker... - {217CCFE3-21DE-4559-B11A-BC8840EB15DD} - C:\Program Files\RNmail\RN_IE_Add_On.dll ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} http://riffinteracti...up/RiffLick.cab (WaveTab Control)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1245708696859 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1245708668906 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.on...e/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative....15034/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.65.44 213.109.75.130 1.1.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\George Nicholson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\George Nicholson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/20 00:04:38 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/18 17:12:18 | 000,000,088 | R--- | M] () - G:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2008/05/06 08:26:23 | 000,000,309 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/14 13:13:05 | 000,000,000 | ---D | C] -- C:\G2G Virus Removal
[2011/07/14 11:25:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George Nicholson\Application Data\SUPERAntiSpyware.com
[2011/07/14 11:25:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/07/14 11:25:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/07/14 11:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/14 08:53:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George Nicholson\Local Settings\Application Data\PMB Files
[2011/07/13 21:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George Nicholson\Application Data\Rayza
[2011/07/13 21:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George Nicholson\Application Data\Awonux
[2011/07/04 19:17:57 | 000,000,000 | ---D | C] -- C:\Program Files\DjVuZone
[2011/07/04 19:17:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George Nicholson\Start Menu\Programs\DjVuLibre
[2011/06/30 19:32:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Free MKV Video2Dvd
[2011/06/30 19:32:10 | 000,000,000 | ---D | C] -- C:\Program Files\Free MKV Video2Dvd
[2011/06/27 14:35:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George Nicholson\Application Data\Windows Search
[2011/06/27 14:34:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George Nicholson\Application Data\Windows Desktop Search
[2011/06/27 14:33:17 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2011/06/27 14:33:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/06/27 10:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2011/06/27 10:42:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/06/27 09:37:45 | 000,000,000 | ---D | C] -- C:\Outlook 2007
[2011/06/17 08:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George Nicholson\My Documents\New Folder (2)
[2010/04/21 10:35:27 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\George Nicholson\Application Data\pcouffin.sys
[2006/08/16 23:32:45 | 000,033,792 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2006/08/16 23:11:02 | 000,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE
[1 C:\Documents and Settings\George Nicholson\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\George Nicholson\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/14 12:59:23 | 000,000,330 | -HS- | M] () -- C:\WINDOWS\tasks\TLCC.job
[2011/07/14 12:59:18 | 000,000,348 | -HS- | M] () -- C:\WINDOWS\tasks\zeairchekc.job
[2011/07/14 12:59:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/14 12:46:15 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/14 12:45:41 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7349EB45-EEBB-4E3D-A279-CEE7E24113F6}.job
[2011/07/14 12:31:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\WebReg Officejet Pro 8500 A909g Series.job
[2011/07/14 11:45:37 | 001,515,552 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2011/07/14 11:45:37 | 000,064,900 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-0000000A-00001102-00000005-002F1102}.rfx
[2011/07/14 11:45:37 | 000,054,184 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-0000000A-00001102-00000005-002F1102}.rfx
[2011/07/14 11:45:37 | 000,054,184 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-0000000A-00001102-00000005-002F1102}.rfx
[2011/07/14 11:45:37 | 000,010,452 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2011/07/14 11:45:37 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/07/14 11:45:37 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/07/14 11:45:36 | 025,801,248 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2011/07/14 11:45:36 | 000,209,988 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2011/07/14 11:45:20 | 000,190,464 | ---- | M] () -- C:\WINDOWS\System32\0.41598310414451667.exe
[2011/07/14 11:25:18 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/14 01:37:08 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malware Protection.lnk
[2011/07/13 20:06:10 | 000,335,872 | ---- | M] () -- C:\WINDOWS\System32\0.0012909587635541175.exe
[2011/07/13 19:42:18 | 000,335,872 | ---- | M] () -- C:\Documents and Settings\George Nicholson\0.8058625430720804.exe
[2011/07/13 19:30:59 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/13 19:20:00 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/13 18:54:23 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Jhobeyabeguy.dat
[2011/07/13 10:56:34 | 000,149,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 10:10:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Xzupohiy.bin
[2011/07/13 10:08:08 | 000,115,712 | RHS- | M] () -- C:\WINDOWS\System32\asycfilt4.dll
[2011/07/12 14:55:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/08 10:12:32 | 000,039,884 | ---- | M] () -- C:\Documents and Settings\George Nicholson\My Documents\Alcovy Proposal.pdf
[2011/07/04 19:17:58 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\George Nicholson\Desktop\DjView.lnk
[2011/07/01 00:07:53 | 000,000,028 | ---- | M] () -- C:\WINDOWS\v2d.INI
[2011/06/28 12:06:50 | 000,130,048 | ---- | M] () -- C:\Documents and Settings\George Nicholson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/27 14:33:24 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/06/27 14:33:22 | 000,456,634 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/27 14:33:22 | 000,075,414 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/27 14:33:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/27 12:04:28 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\George Nicholson\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/06/19 14:08:45 | 000,052,358 | ---- | M] () -- C:\36867634.pdf
[1 C:\Documents and Settings\George Nicholson\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\George Nicholson\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/14 11:45:18 | 000,190,464 | ---- | C] () -- C:\WINDOWS\System32\0.41598310414451667.exe
[2011/07/14 11:25:18 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/14 01:37:07 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malware Protection.lnk
[2011/07/13 20:06:03 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\0.0012909587635541175.exe
[2011/07/13 19:42:09 | 000,335,872 | ---- | C] () -- C:\Documents and Settings\George Nicholson\0.8058625430720804.exe
[2011/07/13 18:42:58 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/13 10:10:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Xzupohiy.bin
[2011/07/13 10:10:42 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Jhobeyabeguy.dat
[2011/07/13 10:08:18 | 000,000,348 | -HS- | C] () -- C:\WINDOWS\tasks\zeairchekc.job
[2011/07/13 10:08:18 | 000,000,330 | -HS- | C] () -- C:\WINDOWS\tasks\TLCC.job
[2011/07/13 10:08:08 | 000,115,712 | RHS- | C] () -- C:\WINDOWS\System32\asycfilt4.dll
[2011/07/08 10:18:16 | 000,039,884 | ---- | C] () -- C:\Documents and Settings\George Nicholson\My Documents\Alcovy Proposal.pdf
[2011/07/04 19:17:58 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\George Nicholson\Desktop\DjView.lnk
[2011/06/30 20:35:34 | 000,000,028 | ---- | C] () -- C:\WINDOWS\v2d.INI
[2011/06/27 14:33:24 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2011/06/27 14:33:24 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/06/27 11:20:37 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\George Nicholson\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/06/19 14:08:45 | 000,052,358 | ---- | C] () -- C:\36867634.pdf
[2011/06/09 20:09:53 | 000,090,560 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/18 20:01:25 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2010/07/11 18:48:11 | 000,000,178 | ---- | C] () -- C:\Program Files\apiamddebug.exe
[2010/07/11 18:44:56 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/11 18:44:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/11 18:44:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/11 18:44:56 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/11 18:44:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/11 14:22:33 | 000,148,992 | ---- | C] () -- C:\WINDOWS\System32\authpropproxy.exe
[2010/07/09 23:42:44 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/09 23:42:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/21 14:25:59 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/21 10:35:27 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\George Nicholson\Application Data\pcouffin.cat
[2010/04/21 10:35:27 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\George Nicholson\Application Data\pcouffin.inf
[2010/01/27 10:51:55 | 000,002,979 | ---- | C] () -- C:\WINDOWS\hpwmdl22.dat.temp
[2010/01/27 09:47:10 | 000,188,903 | ---- | C] () -- C:\WINDOWS\hpwins22.dat
[2010/01/27 09:47:10 | 000,002,979 | ---- | C] () -- C:\WINDOWS\hpwmdl22.dat
[2009/07/05 21:30:18 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\George Nicholson\Application Data\setup_ldm.iss
[2009/06/22 09:46:13 | 025,801,248 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/06/22 09:46:13 | 001,515,552 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/06/21 17:31:19 | 000,113,933 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2009/06/21 17:31:19 | 000,097,549 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2008/11/11 19:58:54 | 000,025,601 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2008/10/06 18:06:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/06/01 13:55:33 | 000,000,202 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/03/13 09:39:53 | 000,001,955 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008/02/22 11:01:34 | 000,000,488 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/22 01:51:26 | 000,130,048 | ---- | C] () -- C:\Documents and Settings\George Nicholson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/20 13:49:19 | 000,087,403 | R--- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2008/02/20 13:49:19 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2008/02/20 13:49:19 | 000,000,191 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/02/20 07:59:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/02/20 07:58:24 | 000,149,992 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/02/20 01:06:20 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/02/20 00:10:46 | 000,003,276 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2008/02/20 00:05:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/02/20 00:03:03 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/11/06 21:30:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/11/06 21:30:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/11/06 21:30:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/11/06 21:30:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/11/06 21:30:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/11/06 21:30:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/11/06 21:30:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/11/06 21:30:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/11/06 21:30:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/08/16 23:33:53 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/08/16 23:32:07 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2006/08/16 23:22:58 | 000,323,640 | R--- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2006/08/16 23:22:58 | 000,044,567 | R--- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2006/08/16 23:14:32 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2006/08/16 23:14:06 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT
[2006/08/16 23:11:52 | 000,264,526 | ---- | C] () -- C:\WINDOWS\System32\CTSBAS2W.DAT
[2006/08/16 23:11:38 | 000,231,281 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2006/08/16 23:11:38 | 000,113,221 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2006/08/16 23:11:09 | 000,313,207 | R--- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2006/08/16 23:11:09 | 000,053,932 | R--- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2006/08/16 23:11:07 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\ENLOCSTR.EXE
[2005/07/26 17:13:12 | 000,000,214 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005/06/07 09:10:50 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2001/08/18 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/18 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 08:00:00 | 000,456,634 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/18 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 08:00:00 | 000,075,414 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/18 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/18 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2008/02/23 00:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2008/12/17 13:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/10/01 11:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2008/07/07 09:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2010/06/22 20:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/11/09 11:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2008/06/13 21:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMonkey
[2009/01/31 11:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2009/02/12 09:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2010/03/31 22:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2008/06/11 07:09:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2008/02/24 16:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/04/21 11:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/12/26 12:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/21 14:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/06/27 13:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/08/18 19:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\Amazon
[2008/11/30 21:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\Ashampoo
[2011/07/13 21:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\Awonux
[2008/12/17 13:55:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\Azureus
[2010/10/01 11:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\Broderbund
[2011/06/12 21:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\calibre
[2009/05/13 13:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2011/07/13 21:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\Egqow
[2010/07/12 19:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\eMusic
[2010/04/08 10:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\FileZilla
[2008/07/07 09:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\GlobalSCAPE
[2009/11/09 11:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\HotSync
[2008/06/01 13:56:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\Leadertech
[2011/04/18 20:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\Megaupload
[2011/03/09 18:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\Mimo
[2008/06/10 21:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\Mp3tag
[2009/07/26 08:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\Newsleecher
[2009/02/12 09:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\Nitro PDF
[2011/07/13 21:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\Rayza
[2008/07/05 15:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\Red Chair Software
[2011/03/11 21:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\uTorrent
[2010/04/21 10:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\Vso
[2011/06/27 14:34:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\Windows Desktop Search
[2011/06/27 14:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\Windows Search
[2011/07/13 23:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\Yvfow
[2011/03/22 17:00:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1
[2011/07/14 12:59:23 | 000,000,330 | -HS- | M] () -- C:\WINDOWS\Tasks\TLCC.job
[2011/07/14 12:45:41 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{7349EB45-EEBB-4E3D-A279-CEE7E24113F6}.job
[2011/07/14 12:59:18 | 000,000,348 | -HS- | M] () -- C:\WINDOWS\Tasks\zeairchekc.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there - I see you have readnotify on your system - can you confirm that you put it there

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKCU..\Run: [8DDYX0ZBPZ] C:\Documents and Settings\George Nicholson\Local Settings\temp\Vv1.exe (Sun Microsystems, Inc.)
    [2011/07/13 21:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George Nicholson\Application Data\Rayza
    [2011/07/13 21:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George Nicholson\Application Data\Awonux
    [2011/06/17 08:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George Nicholson\My Documents\New Folder (2)
    [2011/07/14 12:59:23 | 000,000,330 | -HS- | M] () -- C:\WINDOWS\tasks\TLCC.job
    [2011/07/14 12:59:18 | 000,000,348 | -HS- | M] () -- C:\WINDOWS\tasks\zeairchekc.job
    [2011/07/14 11:45:20 | 000,190,464 | ---- | M] () -- C:\WINDOWS\System32\0.41598310414451667.exe
    [2011/07/13 20:06:10 | 000,335,872 | ---- | M] () -- C:\WINDOWS\System32\0.0012909587635541175.exe
    [2011/07/13 19:42:18 | 000,335,872 | ---- | M] () -- C:\Documents and Settings\George Nicholson\0.8058625430720804.exe
    [2011/07/13 18:54:23 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Jhobeyabeguy.dat
    [2011/07/13 10:10:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Xzupohiy.bin
    [2011/07/14 11:45:18 | 000,190,464 | ---- | C] () -- C:\WINDOWS\System32\0.41598310414451667.exe
    [2011/07/14 01:37:07 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malware Protection.lnk
    [2011/07/13 20:06:03 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\0.0012909587635541175.exe
    [2011/07/13 19:42:09 | 000,335,872 | ---- | C] () -- C:\Documents and Settings\George Nicholson\0.8058625430720804.exe
    [2011/07/13 10:10:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Xzupohiy.bin
    [2011/07/13 10:10:42 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Jhobeyabeguy.dat
    [2011/07/13 10:08:18 | 000,000,348 | -HS- | C] () -- C:\WINDOWS\tasks\zeairchekc.job
    [2011/07/13 10:08:18 | 000,000,330 | -HS- | C] () -- C:\WINDOWS\tasks\TLCC.job
    [2011/07/13 10:08:08 | 000,115,712 | RHS- | C] () -- C:\WINDOWS\System32\asycfilt4.dll

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
George_in_GA

George_in_GA

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Essexboy,

I am very grateful for the quick response. Yes, I put readnotify on the system.

OTL Log:

OTL logfile created on: 7/14/2011 5:25:02 PM - Run 5
OTL by OldTimer - Version 3.2.26.1 Folder = C:\G2G Virus Removal
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 76.29% Memory free
8.71 Gb Paging File | 8.21 Gb Available in Paging File | 94.24% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 14.68 Gb Free Space | 11.47% Space Free | Partition Type: NTFS
Drive F: | 698.64 Gb Total Space | 0.86 Gb Free Space | 0.12% Space Free | Partition Type: NTFS
Drive G: | 446.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 698.64 Gb Total Space | 2.57 Gb Free Space | 0.37% Space Free | Partition Type: NTFS
Drive I: | 930.86 Gb Total Space | 405.78 Gb Free Space | 43.59% Space Free | Partition Type: NTFS
Drive J: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive N: | 7.47 Gb Total Space | 3.71 Gb Free Space | 49.67% Space Free | Partition Type: FAT32

Computer Name: G3 | User Name: George Nicholson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/14 13:13:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\G2G Virus Removal\OTL.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/03/31 22:43:47 | 002,937,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/11 13:50:59 | 000,364,544 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\system32\WDBtnMgr.exe
PRC - [2008/02/24 16:42:37 | 000,160,592 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2008/02/04 12:23:48 | 000,155,648 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2008/01/30 15:45:02 | 000,114,688 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
PRC - [2007/11/14 21:46:00 | 000,131,072 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe
PRC - [2006/09/07 16:21:38 | 000,098,304 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\My Book\WD Backup\uBBMonitor.exe
PRC - [2006/08/16 23:32:09 | 000,018,944 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFIHLP.EXE
PRC - [2006/08/16 23:32:04 | 000,017,920 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE
PRC - [2006/08/16 23:28:13 | 000,729,600 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFISPI.EXE
PRC - [2006/07/21 16:17:00 | 000,073,728 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
PRC - [2005/11/04 19:07:56 | 000,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
PRC - [2005/10/21 19:12:22 | 000,040,960 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
PRC - [2004/10/22 20:26:16 | 000,540,734 | ---- | M] (ReadNotify.com Limited) -- C:\Program Files\RNmail\rn.exe
PRC - [2003/06/18 02:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe


========== Modules (SafeList) ==========

MOD - [2011/07/14 13:13:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\G2G Virus Removal\OTL.exe
MOD - [2009/07/20 12:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2008/04/13 20:12:51 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2006/08/16 23:32:03 | 000,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/05/24 14:02:21 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/21 07:33:30 | 000,208,616 | ---- | M] (Kaspersky Lab) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe -- (AVP)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/02/04 12:23:48 | 000,155,648 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2008/01/30 15:45:02 | 000,114,688 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2007/11/14 21:46:00 | 000,131,072 | ---- | M] (Brio) [Auto | Running] -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize)


========== Driver Services (SafeList) ==========

DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/12 17:55:22 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/11/11 13:31:16 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2009/06/21 17:47:49 | 000,226,832 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2009/06/21 17:47:49 | 000,033,808 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2009/06/17 12:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009/06/17 12:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2009/06/17 12:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008/07/21 17:34:36 | 000,121,872 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/30 17:06:48 | 000,024,592 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2008/03/13 18:02:46 | 000,026,640 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klfltdev.sys -- (KLFLTDEV)
DRV - [2008/02/04 12:26:46 | 000,029,824 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2008/01/30 15:41:58 | 000,036,512 | ---- | M] (NVidia Corp.) [Kernel | Auto | Running] -- C:\WINDOWS\nvflash.sys -- (NVR0FLASHDev)
DRV - [2007/10/12 17:15:00 | 000,054,144 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007/10/12 17:15:00 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/01/03 17:25:18 | 000,027,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\frmupgr.sys -- (DFUBTUSB)
DRV - [2006/08/16 23:23:00 | 000,340,176 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2006/08/16 23:17:11 | 000,007,168 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006/08/16 23:17:09 | 000,500,480 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2006/08/16 23:16:32 | 001,110,528 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2006/08/16 23:15:00 | 000,116,224 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006/08/16 23:14:42 | 000,143,872 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006/08/16 23:14:37 | 000,078,336 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006/08/16 23:14:24 | 000,502,272 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2003/12/18 18:47:00 | 000,058,852 | R--- | M] (Dallas Semiconductor) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DS2490.sys -- (DS2490) DS2490 (USB Host for 1-Wire Network)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.inthesetimes.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)

FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2010/07/12 19:49:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2010/07/12 19:49:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/01/27 09:56:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4F5A12A7-A804-4D20-8E28-EA180D220D23}: C:\Documents and Settings\George Nicholson\Local Settings\Application Data\{4F5A12A7-A804-4D20-8E28-EA180D220D23}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/26 12:34:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/27 10:41:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\THBExt [2009/06/21 17:30:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/01/27 09:56:04 | 000,000,000 | ---D | M]

[2008/10/06 18:06:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\George Nicholson\Application Data\Mozilla\Extensions
[2010/07/22 21:34:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\George Nicholson\Application Data\Mozilla\Firefox\Profiles\xas8lnth.default\extensions
[2010/07/11 14:47:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\George Nicholson\Application Data\Mozilla\Firefox\Profiles\xas8lnth.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/11 13:12:00 | 000,000,000 | ---D | M] (jDownFF) -- C:\Documents and Settings\George Nicholson\Application Data\Mozilla\Firefox\Profiles\xas8lnth.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66}
[2010/07/22 21:34:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/12 19:49:14 | 000,000,000 | ---D | M] (eMusic - Apple iTunes Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2010/07/12 19:49:14 | 000,000,000 | ---D | M] (eMusic - Nullsoft Winamp Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2010/07/12 19:49:14 | 000,000,000 | ---D | M] (eMusic - Microsoft Media Player Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2010/03/31 22:43:37 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2011/07/14 16:32:54 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (&RN_Object) - {E6B48BC7-4EA9-4643-A4B3-BB7C4F69287A} - C:\Program Files\RNmail\RN_IE_Add_On.dll ()
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RCSystem] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [RNmail] C:\Program Files\RNmail\rn.exe (ReadNotify.com Limited)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [Mega Manager] C:\Program Files\Megaupload\Mega Manager\MegaManager.exe (Megaupload Limited)
O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe (ArcSoft, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Active Tracker - {217CCFE3-21DE-4559-B11A-BC8840EB15DD} - C:\Program Files\RNmail\RN_IE_Add_On.dll ()
O9 - Extra 'Tools' menuitem : Active Tracker... - {217CCFE3-21DE-4559-B11A-BC8840EB15DD} - C:\Program Files\RNmail\RN_IE_Add_On.dll ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} http://riffinteracti...up/RiffLick.cab (WaveTab Control)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1245708696859 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1245708668906 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.on...e/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative....15034/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.65.44 213.109.75.130 1.1.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\George Nicholson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\George Nicholson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/20 00:04:38 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/18 17:12:18 | 000,000,088 | R--- | M] () - G:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2008/05/06 08:26:23 | 000,000,309 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/14 13:13:05 | 000,000,000 | ---D | C] -- C:\G2G Virus Removal
[2011/07/14 11:25:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George Nicholson\Application Data\SUPERAntiSpyware.com
[2011/07/14 11:25:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/07/14 11:25:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/07/14 11:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/14 08:53:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George Nicholson\Local Settings\Application Data\PMB Files
[2011/07/04 19:17:57 | 000,000,000 | ---D | C] -- C:\Program Files\DjVuZone
[2011/07/04 19:17:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George Nicholson\Start Menu\Programs\DjVuLibre
[2011/06/30 19:32:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Free MKV Video2Dvd
[2011/06/30 19:32:10 | 000,000,000 | ---D | C] -- C:\Program Files\Free MKV Video2Dvd
[2011/06/27 14:35:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George Nicholson\Application Data\Windows Search
[2011/06/27 14:34:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George Nicholson\Application Data\Windows Desktop Search
[2011/06/27 14:33:17 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2011/06/27 14:33:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/06/27 10:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2011/06/27 10:42:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/06/27 09:37:45 | 000,000,000 | ---D | C] -- C:\Outlook 2007
[2010/04/21 10:35:27 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\George Nicholson\Application Data\pcouffin.sys
[2006/08/16 23:32:45 | 000,033,792 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2006/08/16 23:11:02 | 000,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE
[1 C:\Documents and Settings\George Nicholson\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\George Nicholson\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/14 17:04:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/14 17:02:50 | 025,801,248 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2011/07/14 17:02:50 | 001,515,552 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2011/07/14 17:02:50 | 000,209,988 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2011/07/14 17:02:50 | 000,064,900 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-0000000A-00001102-00000005-002F1102}.rfx
[2011/07/14 17:02:50 | 000,054,184 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-0000000A-00001102-00000005-002F1102}.rfx
[2011/07/14 17:02:50 | 000,054,184 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-0000000A-00001102-00000005-002F1102}.rfx
[2011/07/14 17:02:50 | 000,010,452 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2011/07/14 17:02:50 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/07/14 17:02:50 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/07/14 16:32:54 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/14 16:32:06 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/14 12:45:41 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7349EB45-EEBB-4E3D-A279-CEE7E24113F6}.job
[2011/07/14 12:31:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\WebReg Officejet Pro 8500 A909g Series.job
[2011/07/14 11:25:18 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/13 19:30:59 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/13 19:20:00 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/13 10:56:34 | 000,149,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/12 14:55:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/08 10:12:32 | 000,039,884 | ---- | M] () -- C:\Documents and Settings\George Nicholson\My Documents\Alcovy Proposal.pdf
[2011/07/04 19:17:58 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\George Nicholson\Desktop\DjView.lnk
[2011/07/01 00:07:53 | 000,000,028 | ---- | M] () -- C:\WINDOWS\v2d.INI
[2011/06/28 12:06:50 | 000,130,048 | ---- | M] () -- C:\Documents and Settings\George Nicholson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/27 14:33:24 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/06/27 14:33:22 | 000,456,634 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/27 14:33:22 | 000,075,414 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/27 14:33:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/27 12:04:28 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\George Nicholson\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/06/19 14:08:45 | 000,052,358 | ---- | M] () -- C:\36867634.pdf
[1 C:\Documents and Settings\George Nicholson\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\George Nicholson\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/14 11:25:18 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/13 18:42:58 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/08 10:18:16 | 000,039,884 | ---- | C] () -- C:\Documents and Settings\George Nicholson\My Documents\Alcovy Proposal.pdf
[2011/07/04 19:17:58 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\George Nicholson\Desktop\DjView.lnk
[2011/06/30 20:35:34 | 000,000,028 | ---- | C] () -- C:\WINDOWS\v2d.INI
[2011/06/27 14:33:24 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2011/06/27 14:33:24 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011/06/27 11:20:37 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\George Nicholson\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/06/19 14:08:45 | 000,052,358 | ---- | C] () -- C:\36867634.pdf
[2011/06/09 20:09:53 | 000,090,560 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/18 20:01:25 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2010/07/11 18:48:11 | 000,000,178 | ---- | C] () -- C:\Program Files\apiamddebug.exe
[2010/07/11 18:44:56 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/11 18:44:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/11 18:44:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/11 18:44:56 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/11 18:44:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/11 14:22:33 | 000,148,992 | ---- | C] () -- C:\WINDOWS\System32\authpropproxy.exe
[2010/07/09 23:42:44 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/09 23:42:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/21 14:25:59 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/21 10:35:27 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\George Nicholson\Application Data\pcouffin.cat
[2010/04/21 10:35:27 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\George Nicholson\Application Data\pcouffin.inf
[2010/01/27 10:51:55 | 000,002,979 | ---- | C] () -- C:\WINDOWS\hpwmdl22.dat.temp
[2010/01/27 09:47:10 | 000,188,903 | ---- | C] () -- C:\WINDOWS\hpwins22.dat
[2010/01/27 09:47:10 | 000,002,979 | ---- | C] () -- C:\WINDOWS\hpwmdl22.dat
[2009/07/05 21:30:18 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\George Nicholson\Application Data\setup_ldm.iss
[2009/06/22 09:46:13 | 025,801,248 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/06/22 09:46:13 | 001,515,552 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/06/21 17:31:19 | 000,113,933 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2009/06/21 17:31:19 | 000,097,549 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2008/11/11 19:58:54 | 000,025,601 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2008/10/06 18:06:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/06/01 13:55:33 | 000,000,202 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/03/13 09:39:53 | 000,001,955 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008/02/22 11:01:34 | 000,000,488 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/22 01:51:26 | 000,130,048 | ---- | C] () -- C:\Documents and Settings\George Nicholson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/20 13:49:19 | 000,087,403 | R--- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2008/02/20 13:49:19 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2008/02/20 13:49:19 | 000,000,191 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/02/20 07:59:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/02/20 07:58:24 | 000,149,992 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/02/20 01:06:20 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/02/20 00:10:46 | 000,003,276 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2008/02/20 00:05:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/02/20 00:03:03 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/11/06 21:30:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/11/06 21:30:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/11/06 21:30:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/11/06 21:30:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/11/06 21:30:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/11/06 21:30:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/11/06 21:30:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/11/06 21:30:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/11/06 21:30:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/08/16 23:33:53 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/08/16 23:32:07 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2006/08/16 23:22:58 | 000,323,640 | R--- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2006/08/16 23:22:58 | 000,044,567 | R--- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2006/08/16 23:14:32 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2006/08/16 23:14:06 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT
[2006/08/16 23:11:52 | 000,264,526 | ---- | C] () -- C:\WINDOWS\System32\CTSBAS2W.DAT
[2006/08/16 23:11:38 | 000,231,281 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2006/08/16 23:11:38 | 000,113,221 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2006/08/16 23:11:09 | 000,313,207 | R--- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2006/08/16 23:11:09 | 000,053,932 | R--- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2006/08/16 23:11:07 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\ENLOCSTR.EXE
[2005/07/26 17:13:12 | 000,000,214 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005/06/07 09:10:50 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2001/08/18 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/18 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 08:00:00 | 000,456,634 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/18 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 08:00:00 | 000,075,414 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/18 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/18 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2008/02/23 00:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2008/12/17 13:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/10/01 11:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2008/07/07 09:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2010/06/22 20:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/11/09 11:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2008/06/13 21:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMonkey
[2009/01/31 11:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2009/02/12 09:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2010/03/31 22:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2008/06/11 07:09:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2008/02/24 16:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/04/21 11:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/12/26 12:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/21 14:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/06/27 13:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/08/18 19:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\Amazon
[2008/11/30 21:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\Ashampoo
[2008/12/17 13:55:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\Azureus
[2010/10/01 11:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\Broderbund
[2011/06/12 21:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\calibre
[2009/05/13 13:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2011/07/13 21:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\Egqow
[2010/07/12 19:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\eMusic
[2010/04/08 10:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\FileZilla
[2008/07/07 09:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\GlobalSCAPE
[2009/11/09 11:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\HotSync
[2008/06/01 13:56:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\Leadertech
[2011/04/18 20:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\Megaupload
[2011/03/09 18:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\Mimo
[2008/06/10 21:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\Mp3tag
[2009/07/26 08:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\Newsleecher
[2009/02/12 09:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\Nitro PDF
[2008/07/05 15:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\Red Chair Software
[2011/03/11 21:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\uTorrent
[2010/04/21 10:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\Vso
[2011/06/27 14:34:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\Windows Desktop Search
[2011/06/27 14:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\Windows Search
[2011/07/13 23:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\Yvfow
[2011/03/22 17:00:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Nicholson\Application Data\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1
[2011/07/14 12:45:41 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{7349EB45-EEBB-4E3D-A279-CEE7E24113F6}.job

========== Purity Check ==========



< End of report >


______________________________



aswMBR Log:

aswMBR version 0.9.7.747 Copyright© 2011 AVAST Software
Run date: 2011-07-14 17:33:33
-----------------------------
17:33:33.546 OS Version: Windows 5.1.2600 Service Pack 3
17:33:33.546 Number of processors: 2 586 0x1706
17:33:33.546 ComputerName: G3 UserName:
17:33:34.062 Initialize success
17:34:23.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
17:34:23.265 Disk 0 Vendor: WDC_WD1500AHFD-00RAR5 21.07QR5 Size: 143089MB BusType: 3
17:34:23.281 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-10
17:34:23.281 Disk 1 Vendor: WDC_WD7500AAKS-00RBA0 30.04G30 Size: 715404MB BusType: 3
17:34:23.281 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP5T0L0-1d
17:34:23.281 Disk 2 Vendor: WDC_WD7500AAKS-22RBA0 30.04G30 Size: 715404MB BusType: 3
17:34:25.296 Disk 0 MBR read successfully
17:34:25.296 Disk 0 MBR scan
17:34:25.296 Disk 0 Windows XP default MBR code
17:34:27.312 Disk 0 scanning sectors +268414020
17:34:27.343 Disk 0 scanning C:\WINDOWS\system32\drivers
17:34:28.250 File: C:\WINDOWS\system32\drivers\cdrom.sys **SUSPICIOUS**
17:34:29.687 File: C:\WINDOWS\system32\drivers\mouclass.sys **SUSPICIOUS**
17:34:31.671 Service scanning
17:34:32.890 Disk 0 trace - called modules:
17:34:32.890 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:34:32.890 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae27ab8]
17:34:32.906 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000074[0x8aea7f18]
17:34:32.906 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8aefbd98]
17:34:32.906 Scan finished successfully
17:35:33.156 Disk 0 MBR has been saved successfully to "C:\G2G Virus Removal\MBR.dat"
17:35:33.171 The log file has been saved successfully to "C:\G2G Virus Removal\aswMBR.txt"
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I will need to check out the two suspicious files next. On completion of this run can you let me know what problems remain

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP