[momoegy6x]

Hey guys, looking for some help here. Recently, after booting up the computer I can't run programs or open folders or change webpages. Automatic updates won't run, and I have to manually turn off the computer using the power button. Computer is just generally slow. I was having troubles with DLLs earlier..so I'm hoping it is actually a virus and not DLL problems. I've done many scans with SaS, MBAM, and AVG..everytime they say they have removed it.. It doesn't seem like it. Many thanks guys.

OTL logfile created on: 7/31/2011 2:40:53 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.58 Gb Available Physical Memory | 38.93% Memory free
3.60 Gb Paging File | 2.74 Gb Available in Paging File | 75.98% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 69.53 Gb Free Space | 46.65% Space Free | Partition Type: NTFS
Drive E: | 237.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HOMEPC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/31 14:40:41 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
PRC - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/06/29 08:01:12 | 001,091,984 | ---- | M] (Western Digital ) -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
PRC - [2011/06/29 08:01:10 | 001,592,208 | ---- | M] (Western Digital ) -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
PRC - [2011/06/29 08:01:08 | 000,263,056 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
PRC - [2011/06/21 21:06:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/24 13:46:52 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/11/24 13:46:48 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/24 13:19:08 | 006,351,600 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneNss.exe
PRC - [2010/09/24 13:19:08 | 000,057,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2010/09/20 16:03:24 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/30 16:59:45 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/30 16:59:27 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/30 16:59:17 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/07/30 16:59:05 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/30 16:59:02 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/07/13 01:07:48 | 000,021,096 | ---- | M] (The Within Network, LLC) -- C:\WINDOWS\UnsignedThemesSvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2006/05/24 14:31:06 | 000,372,736 | ---- | M] () -- C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
PRC - [2003/12/18 10:50:00 | 000,038,912 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE


========== Modules (SafeList) ==========

MOD - [2011/07/31 14:40:41 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll
MOD - [2003/12/18 10:50:00 | 000,024,064 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL
MOD - [2003/12/18 10:50:00 | 000,006,144 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\LgWndHk.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - File not found [Auto | Stopped] -- -- (aawservice)
SRV - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/06/29 08:01:12 | 001,091,984 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV - [2011/06/29 08:01:10 | 001,592,208 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)
SRV - [2011/06/29 08:01:08 | 000,263,056 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)
SRV - [2010/11/24 13:46:52 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/09/24 13:19:16 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/09/24 13:19:16 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/09/24 13:19:08 | 006,351,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/09/24 13:19:08 | 000,057,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/07/30 16:59:27 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/07/30 16:59:17 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/07/30 16:59:05 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/27 19:19:06 | 000,121,416 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe -- (ATTRcAppSvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/13 01:07:48 | 000,021,096 | ---- | M] (The Within Network, LLC) [Auto | Running] -- C:\WINDOWS\UnsignedThemesSvc.exe -- (UnsignedThemes)
SRV - [2006/05/24 14:31:06 | 000,372,736 | ---- | M] () [Auto | Running] -- C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe -- (StyleXPService)


========== Driver Services (SafeList) ==========

DRV - [2011/07/11 14:40:46 | 000,239,600 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2011/05/05 15:46:10 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2011/03/23 01:00:08 | 000,016,080 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2011/03/23 01:00:06 | 000,030,368 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys -- (RegFilter)
DRV - [2011/01/09 13:56:48 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2010/07/30 16:59:44 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/07/30 16:59:20 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010/07/30 16:59:20 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2010/07/30 16:59:19 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2010/07/30 16:59:19 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2010/07/30 16:59:05 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/07/30 12:11:08 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/07/30 12:11:08 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2010/07/27 19:12:04 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2010/07/27 19:09:40 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/26 16:04:44 | 000,040,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/08/12 17:50:44 | 000,197,504 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swnc8ua3.sys -- (SWNC8UA3) Sierra Wireless MUX NDIS Driver (UMTSA3)
DRV - [2009/07/22 18:44:18 | 000,148,992 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swumxa3.sys -- (SWUMXA3) Sierra Wireless USB MUX Driver (UMTSA3)
DRV - [2009/07/13 01:07:46 | 000,025,448 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\uxpatch.sys -- (uxpatch)
DRV - [2008/02/26 14:07:54 | 000,073,728 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2007/06/08 13:15:20 | 000,194,362 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2006/12/28 11:57:00 | 000,045,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\intelsmb.sys -- (smbusp) Intel®
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/03/02 04:30:54 | 000,618,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2005/10/31 17:44:39 | 000,010,880 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe -- (StyleXPHelper)
DRV - [2005/05/06 22:42:26 | 001,339,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2005/05/06 22:40:50 | 000,047,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2005/05/06 22:40:20 | 000,036,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2004/09/17 11:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/12/11 10:50:00 | 000,070,894 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/12/11 10:50:00 | 000,051,582 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042PR2.SYS -- (L8042PR2)
DRV - [2003/12/11 10:50:00 | 000,037,916 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb)
DRV - [2003/12/11 10:50:00 | 000,025,630 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2003/12/11 10:50:00 | 000,014,092 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LCcfltr.sys -- (LCcfltr)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gbt.toolbarhome.com/?hp=df
IE - HKCU\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.20080110.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: {1a26421d-d2b2-4f47-b873-e97e6b1ba040}:1.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: {f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}:5.6.9
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.9.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: {3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}:1.2.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {7694c49c-9fbd-11dc-8314-0800200c9a66}:3.6.7
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20110419
FF - prefs.js..extensions.enabledItems: {48e23fba-bb14-4745-b768-382150cd83fb}:1.0.1


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\Administrator\Application Data\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Administrator\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/24 13:50:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/04 23:19:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/04 23:19:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\ClickPotatoLite\bin\10.0.679.0\firefox\extensions
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{30849C7F-AE96-4D9B-BE41-1A9EC706A3C7}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{30849C7F-AE96-4D9B-BE41-1A9EC706A3C7} [2011/07/27 23:25:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/29 22:21:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/29 22:21:41 | 000,000,000 | ---D | M]

[2011/03/06 13:47:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/07/29 21:55:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\04rc9lxi.default\extensions
[2011/03/31 19:09:00 | 000,000,000 | ---D | M] (UnMHT) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\04rc9lxi.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}
[2010/09/25 09:43:38 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\04rc9lxi.default\extensions\[email protected]
[2008/07/31 14:10:56 | 000,001,769 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\04rc9lxi.default\searchplugins\aim-search.xml
[2008/12/25 14:18:42 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\04rc9lxi.default\searchplugins\ask.xml
[2010/02/03 14:31:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\04RC9LXI.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/07/27 23:25:18 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\{30849C7F-AE96-4D9B-BE41-1A9EC706A3C7}
[2008/12/28 12:24:50 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/02 10:57:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/06/21 21:06:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/01/31 18:28:22 | 000,001,110 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adaradar.xml
[2011/05/05 22:42:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = [binary data]
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/30 21:12:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/03/30 17:19:19 | 000,000,089 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{5579d720-9afb-11dd-8fa7-0011112ff705}\Shell - "" = AutoRun
O33 - MountPoints2\{5579d720-9afb-11dd-8fa7-0011112ff705}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{93f1919d-ca51-11de-a092-001167000000}\Shell - "" = AutoRun
O33 - MountPoints2\{93f1919d-ca51-11de-a092-001167000000}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9e9b97ca-6ba9-11dd-8f3b-000acd14ad9a}\Shell - "" = AutoRun
O33 - MountPoints2\{9e9b97ca-6ba9-11dd-8f3b-000acd14ad9a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a7bf4253-0793-11e0-a2bd-000acd14ad9a}\Shell - "" = AutoRun
O33 - MountPoints2\{a7bf4253-0793-11e0-a2bd-000acd14ad9a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a8fdada1-d244-11de-a0a0-001167000000}\Shell - "" = AutoRun
O33 - MountPoints2\{a8fdada1-d244-11de-a0a0-001167000000}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dcbf9147-b706-11e0-a3e0-0011112ff705}\Shell - "" = AutoRun
O33 - MountPoints2\{dcbf9147-b706-11e0-a3e0-0011112ff705}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dcbf9147-b706-11e0-a3e0-0011112ff705}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{ea0c7633-b6d2-11e0-a3df-0011112ff705}\Shell - "" = AutoRun
O33 - MountPoints2\{ea0c7633-b6d2-11e0-a3df-0011112ff705}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ea0c7633-b6d2-11e0-a3df-0011112ff705}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/31 14:35:43 | 004,159,367 | ---- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/07/31 02:14:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IObit Malware Fighter
[2011/07/31 02:14:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\IObit
[2011/07/31 02:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/07/31 02:02:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/07/31 01:49:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\STOPzilla!
[2011/07/31 01:34:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\HiJackThis
[2011/07/31 01:08:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\HP
[2011/07/30 13:10:29 | 000,000,000 | ---D | C] -- C:\Adobe
[2011/07/30 10:13:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2011/07/30 10:13:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/07/29 22:54:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/07/29 21:29:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/07/29 20:08:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/07/29 15:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\msn
[2011/07/29 14:20:05 | 000,103,424 | ---- | C] (Prolific Technology Inc.) -- C:\WINDOWS\MACDMO2.dll
[2011/07/29 14:17:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/07/29 13:23:03 | 000,000,000 | ---D | C] -- C:\bea26e1eeb529243cda7392f254a52
[2011/07/29 13:15:18 | 000,000,000 | ---D | C] -- C:\9f8bb1144c8b772d9a019dd19d161138
[2011/07/29 13:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2011/07/29 12:53:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/07/29 10:25:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2011/07/28 23:41:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WMTools Downloaded Files
[2011/07/28 22:26:24 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/07/28 22:26:24 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/07/28 22:24:43 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/07/28 22:22:21 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2011/07/28 22:22:05 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2011/07/28 22:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2011/07/28 22:19:45 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2011/07/28 17:11:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2011/07/28 17:11:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2011/07/28 17:11:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2011/07/28 17:11:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2011/07/28 17:11:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2011/07/28 17:11:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2011/07/28 17:11:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2011/07/28 17:11:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2011/07/28 17:11:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2011/07/28 17:11:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2011/07/28 17:11:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2011/07/28 17:11:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2011/07/28 17:11:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2011/07/28 17:11:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2011/07/28 17:11:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2011/07/28 17:11:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2011/07/28 17:11:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2011/07/28 17:11:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2011/07/28 17:11:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2011/07/28 15:20:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\FixCleaner
[2011/07/27 23:25:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{30849C7F-AE96-4D9B-BE41-1A9EC706A3C7}
[2011/07/25 19:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2011/07/25 17:41:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
[2011/07/25 17:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Western_Digital
[2011/07/25 17:27:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Western Digital
[2011/07/25 17:26:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ServiceTest
[2011/07/25 17:24:49 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2011/07/25 17:23:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Western Digital
[2011/07/18 14:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Google
[2011/07/18 14:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/07/11 12:22:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Uniblue
[2011/07/10 21:56:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder
[2011/07/09 14:08:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2011/07/08 14:40:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook
[2011/07/07 13:38:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinAVI
[2011/07/05 11:59:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Nutrition
[2010/01/04 21:08:05 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Administrator\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/07/31 14:38:37 | 002,419,140 | ---- | M] () -- C:\MGtools.exe
[2011/07/31 14:36:21 | 004,159,367 | ---- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/07/31 14:34:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2011/07/31 14:34:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/31 14:34:00 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/31 14:29:36 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/07/31 14:24:20 | 000,000,431 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011/07/31 14:24:14 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/31 14:22:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/31 13:09:15 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/31 12:52:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1177238915-682003330-500UA.job
[2011/07/31 12:43:24 | 000,000,045 | ---- | M] () -- C:\TEST.XML
[2011/07/31 11:56:00 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-507921405-1177238915-682003330-500UA.job
[2011/07/31 09:51:37 | 082,861,719 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/07/31 02:44:48 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2011/07/31 01:36:00 | 000,001,280 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/07/30 12:51:10 | 000,000,342 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2011/07/30 12:49:19 | 003,602,104 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/30 12:47:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/30 11:59:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/29 23:56:00 | 000,001,008 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-507921405-1177238915-682003330-500Core.job
[2011/07/29 22:56:31 | 000,435,854 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/29 22:56:31 | 000,068,750 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/29 21:38:20 | 000,000,907 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/29 21:38:20 | 000,000,898 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/07/29 21:38:20 | 000,000,101 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/07/29 18:12:43 | 000,658,608 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2011/07/29 18:07:10 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/07/29 18:07:10 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/07/29 18:00:04 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2011/07/29 00:15:02 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/07/28 22:29:51 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/07/28 22:23:16 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/07/28 22:20:12 | 000,022,720 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/07/28 21:59:18 | 000,005,110 | ---- | M] () -- C:\WINDOWS\System32\e100b325.din
[2011/07/28 19:52:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1177238915-682003330-500Core.job
[2011/07/28 15:16:53 | 000,001,440 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2773765278
[2011/07/28 15:16:53 | 000,001,440 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\231p3v0858785s2a81334e462bx528i
[2011/07/28 15:10:20 | 000,001,444 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\231p3v0858785s2a81334e462bx528i
[2011/07/28 15:07:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Pyidot.bin
[2011/07/27 23:25:20 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Vhixif.dat
[2011/07/27 21:27:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-507921405-1177238915-682003330-500.job
[2011/07/25 20:35:16 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/07/24 13:09:11 | 000,000,196 | -H-- | M] () -- C:\WINDOWS\System32\tscct1.dll
[2011/07/19 13:05:10 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\vso_ts_preview.xml
[2011/07/18 22:20:46 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Adobe PNG Format CS5 Prefs
[2011/07/15 16:33:13 | 000,013,500 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2d0b8td0tsdf68q2s8c0s833176o053a7381
[2011/07/15 16:33:13 | 000,013,500 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\2d0b8td0tsdf68q2s8c0s833176o053a7381

========== Files Created - No Company Name ==========

[2011/07/31 14:39:08 | 002,419,140 | ---- | C] () -- C:\MGtools.exe
[2011/07/31 14:34:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2011/07/31 01:34:47 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2011/07/31 01:34:13 | 000,001,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/07/29 22:55:45 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/07/29 14:27:08 | 000,239,616 | ---- | C] () -- C:\WINDOWS\System32\wstrenderer.ax
[2011/07/29 14:26:56 | 000,118,272 | ---- | C] () -- C:\WINDOWS\System32\mpeg2data.ax
[2011/07/29 14:26:12 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\wstpager.ax
[2011/07/29 14:25:47 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\vbicodec.ax
[2011/07/29 14:24:10 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/07/29 14:23:59 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/07/29 14:23:28 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/07/29 14:22:31 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2011/07/29 14:22:07 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dllcache\dxmasf.dll
[2011/07/29 14:21:28 | 000,148,992 | ---- | C] () -- C:\WINDOWS\System32\mpg2splt.ax
[2011/07/29 14:21:22 | 000,844,314 | ---- | C] () -- C:\WINDOWS\System32\msdxm.ocx
[2011/07/29 14:21:22 | 000,844,314 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxm.ocx
[2011/07/29 14:21:22 | 000,004,126 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxmlc.dll
[2011/07/29 14:20:52 | 000,004,310 | ---- | C] () -- C:\WINDOWS\System32\odbcconf.rsp
[2011/07/29 00:18:23 | 000,000,898 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/07/28 22:57:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/28 22:25:42 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/07/28 22:25:31 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/07/28 22:25:29 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/07/28 22:25:27 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/07/28 22:25:10 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/07/28 21:24:16 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/07/28 21:24:16 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/07/28 21:24:15 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2011/07/28 21:24:15 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/07/28 21:24:15 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/07/28 21:24:15 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/07/28 21:24:15 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/07/28 15:16:53 | 000,001,440 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2773765278
[2011/07/28 15:16:53 | 000,001,440 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\231p3v0858785s2a81334e462bx528i
[2011/07/28 15:10:20 | 000,001,444 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\231p3v0858785s2a81334e462bx528i
[2011/07/28 15:10:20 | 000,001,444 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\231p3v0858785s2a81334e462bx528i
[2011/07/27 23:25:20 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Vhixif.dat
[2011/07/27 23:25:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Pyidot.bin
[2011/07/18 14:29:26 | 000,000,900 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/18 14:29:25 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/15 13:29:50 | 000,013,500 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2d0b8td0tsdf68q2s8c0s833176o053a7381
[2011/07/15 13:29:50 | 000,013,500 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\2d0b8td0tsdf68q2s8c0s833176o053a7381
[2011/07/08 14:41:12 | 000,001,030 | ---- | C] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-507921405-1177238915-682003330-500UA.job
[2011/07/08 14:41:11 | 000,001,008 | ---- | C] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-507921405-1177238915-682003330-500Core.job
[2011/07/02 00:05:04 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Adobe PNG Format CS5 Prefs
[2011/06/29 22:21:30 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/06/29 22:21:29 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/06/29 22:21:26 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/06/29 22:21:25 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/06/29 22:21:23 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/06/21 13:55:34 | 000,014,850 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4t13502plj86080
[2011/06/21 13:55:34 | 000,014,850 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\4t13502plj86080
[2011/06/16 11:43:09 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/04/10 23:19:19 | 000,000,080 | ---- | C] () -- C:\WINDOWS\pdf2rtf.INI
[2011/04/10 20:12:06 | 000,000,196 | -H-- | C] () -- C:\WINDOWS\System32\tscct1.dll
[2011/03/08 19:59:41 | 000,042,112 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/01/09 13:56:48 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/12/15 11:22:41 | 000,040,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2010/12/03 01:51:36 | 001,372,512 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/02 21:05:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2010/01/04 21:10:25 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\vso_ts_preview.xml
[2010/01/04 21:08:05 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\inst.exe
[2010/01/04 21:08:05 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.cat
[2010/01/04 21:08:05 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.inf
[2009/12/16 21:08:09 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/08/07 18:25:20 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2009/08/05 12:33:46 | 000,000,085 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/14 11:31:24 | 001,289,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2009/07/13 01:07:46 | 000,025,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\uxpatch.sys
[2009/01/31 10:15:49 | 000,000,048 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/01/11 16:21:39 | 000,000,009 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2009/01/04 21:04:22 | 000,000,342 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/12/31 11:07:30 | 000,001,152 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/11/30 14:39:18 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/28 03:09:14 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2008/09/07 17:46:53 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/08/08 14:14:11 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
[2008/08/05 22:18:29 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/08/02 22:39:27 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/08/02 22:17:27 | 000,404,480 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/08/02 22:17:27 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/08/02 22:17:27 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/08/02 22:17:26 | 003,049,984 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/07/31 12:34:52 | 000,164,864 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/31 12:23:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/07/31 07:32:09 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/31 07:21:43 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2008/07/30 21:14:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/07/30 21:09:12 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/07/30 17:01:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/07/30 16:59:57 | 003,602,104 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/06/20 22:53:34 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,435,854 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,068,750 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/02/10 15:08:00 | 000,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2002/11/13 15:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/12/14 11:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AT&T
[2011/05/04 23:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DDMSettings
[2010/03/28 18:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Facebook
[2011/07/28 22:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FixCleaner
[2011/07/31 02:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IObit
[2009/07/15 09:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\KeePass
[2011/03/31 19:19:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mp3tag
[2011/02/19 17:48:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nuance
[2009/07/14 11:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Reasonable Software House Ltd
[2010/12/02 19:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Research In Motion
[2011/05/04 23:38:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ShoppingReport2
[2010/12/14 11:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sierra Wireless
[2009/11/05 20:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Smith Micro
[2011/07/31 02:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\STOPzilla!
[2009/07/08 20:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2011/01/09 13:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Uniblue
[2011/07/31 13:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2011/07/19 13:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vso
[2011/07/25 17:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Western Digital
[2011/07/07 13:38:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinAVI
[2009/12/16 21:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/12/15 11:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2009/07/15 08:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/03/06 13:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/03/06 13:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011/05/04 23:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClickPotatoLiteSA
[2011/03/14 16:50:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/06/29 15:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2010/12/15 11:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LG
[2011/04/10 19:56:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2011/02/19 17:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/01/25 20:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2008/10/14 20:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
[2011/06/29 14:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/12/02 19:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2011/03/06 14:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/04/10 19:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2011/03/06 14:17:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/04 22:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2011/07/25 19:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2011/01/11 16:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/26 14:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/26 23:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/07/15 07:09:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/07/29 23:56:00 | 000,001,008 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-507921405-1177238915-682003330-500Core.job
[2011/07/31 11:56:00 | 000,001,030 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-507921405-1177238915-682003330-500UA.job
[2010/01/18 12:03:05 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2011/07/29 18:00:04 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2011/06/14 03:16:06 | 000,000,432 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version2.job
[2008/09/22 16:01:18 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpyEraser.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 48 bytes -> C:\WINDOWS:775C20E9095DDEC0
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD

< End of report >

and

OTL Extras logfile created on: 7/31/2011 2:40:53 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.58 Gb Available Physical Memory | 38.93% Memory free
3.60 Gb Paging File | 2.74 Gb Available in Paging File | 75.98% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 69.53 Gb Free Space | 46.65% Space Free | Partition Type: NTFS
Drive E: | 237.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HOMEPC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10244:TCP" = 10244:TCP:LocalSubNet:Enabled:Zune Network Sharing Service
"10285:UDP" = 10285:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10286:UDP" = 10286:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10287:UDP" = 10287:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10288:UDP" = 10288:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10289:UDP" = 10289:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10244:TCP" = 10244:TCP:LocalSubNet:Enabled:Zune Network Sharing Service
"10285:UDP" = 10285:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10286:UDP" = 10286:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10287:UDP" = 10287:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10288:UDP" = 10288:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10289:UDP" = 10289:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service discovery
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Disabled:Football Manager 2008
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe:*:Enabled:BlueSoleil -- (IVT Corporation.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Disabled:Football Manager 2009
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Disabled:AIM
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Disabled:AIM
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Disabled:FrostWire 4.17.2
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire
"C:\Program Files\PPMate\ppmate.exe" = C:\Program Files\PPMate\ppmate.exe:*:Disabled:PPMate
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Disabled:SopCast Main Application
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{06F25DC8-71E2-44E2-805A-F15E15B51C74}_is1" = Remove Empty Directories version 2.2
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 18
"{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{3D654496-9C3D-4565-858C-3E551ECDA4E2}" = Virtual Cable Tester
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.80
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.0.0.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{793A260C-CDBF-499C-ABBA-B51E8E076867}_is1" = Uniblue PowerSuite
"{7A963CAF-C32C-4299-AC35-009EE6DC1033}" = Nero 7 Ultra Edition
"{83957DED-4EB3-48DF-9624-211FB39EE210}" = AT&T Communication Manager
"{844F3791-077D-4949-A812-2A31540FCB65}" = Facebook Video Calling 1.0.0.7698
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5 ESD
"{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}" = UxStyle Core Beta
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0CBF3DE-19D5-4666-BCFA-30651F28BC47}" = Logger Pro 3.5.0
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B0A92733-C870-415C-A494-DF72C2C58402}" = BlackBerry Device Software Updater
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{BCFA4EDC-2544-4826-99E5-DECB23D4A8F7}" = WD SmartWare
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG 9.0
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"CCleaner" = CCleaner
"CleanUp!" = CleanUp!
"Dell Photo Printer 720" = Dell Photo Printer 720
"Easy PDF to Word Converter v2.0_is1" = Easy PDF to Word Converter v2.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"IObit Malware Fighter_is1" = IObit Malware Fighter
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.8.5
"Magic Video Converter_is1" = Magic Video Converter Trial Version (English) 8.0.2.18
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft DirectX SDK (March 2009)" = Microsoft DirectX SDK (March 2009)
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"Mp3tag" = Mp3tag v2.48
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSet" = Intel® PRO Network Connections Drivers
"Revo Uninstaller" = Revo Uninstaller 1.92
"RocketDock_is1" = RocketDock 1.3.5
"Shockwave" = Shockwave
"StyleXP" = StyleXP (remove only)
"SystemRequirementsLab" = System Requirements Lab
"UltraISO_is1" = UltraISO Premium V9.0
"uTorrent" = µTorrent
"VLC media player" = VideoLAN VLC media player 0.8.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/31/2011 12:35:58 PM | Computer Name = HOMEPC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/31/2011 12:35:58 PM | Computer Name = HOMEPC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/31/2011 12:42:25 PM | Computer Name = HOMEPC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/31/2011 12:42:25 PM | Computer Name = HOMEPC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/31/2011 2:20:26 PM | Computer Name = HOMEPC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/31/2011 2:20:26 PM | Computer Name = HOMEPC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/31/2011 2:23:07 PM | Computer Name = HOMEPC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/31/2011 2:23:07 PM | Computer Name = HOMEPC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/31/2011 2:23:07 PM | Computer Name = HOMEPC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 7/31/2011 2:23:07 PM | Computer Name = HOMEPC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ OSession Events ]
Error - 2/9/2009 12:48:15 AM | Computer Name = HOMEPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 41393
seconds with 3600 seconds of active time. This session ended with a crash.

Error - 2/13/2009 12:08:21 AM | Computer Name = HOMEPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 13116
seconds with 1200 seconds of active time. This session ended with a crash.

Error - 3/1/2009 2:20:02 PM | Computer Name = HOMEPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4379
seconds with 1740 seconds of active time. This session ended with a crash.

Error - 3/16/2009 10:14:31 PM | Computer Name = HOMEPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 9174 seconds with 2100 seconds of active time. This session ended with a
crash.

Error - 4/8/2009 12:26:43 AM | Computer Name = HOMEPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 10893
seconds with 540 seconds of active time. This session ended with a crash.

Error - 4/15/2009 3:43:43 PM | Computer Name = HOMEPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1933
seconds with 1020 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/30/2011 8:50:41 AM | Computer Name = HOMEPC | Source = DCOM | ID = 10010
Description = The server {FFF2D28F-E4EE-44D9-8104-8E71556757F6} did not register
with DCOM within the required timeout.

Error - 7/30/2011 9:02:41 AM | Computer Name = HOMEPC | Source = DCOM | ID = 10010
Description = The server {FFF2D28F-E4EE-44D9-8104-8E71556757F6} did not register
with DCOM within the required timeout.

Error - 7/30/2011 9:08:34 AM | Computer Name = HOMEPC | Source = Service Control Manager | ID = 7000
Description = The PCASp50 NDIS Protocol Driver service failed to start due to the
following error: %%2

Error - 7/30/2011 6:09:55 PM | Computer Name = HOMEPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/30/2011 6:13:23 PM | Computer Name = HOMEPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/30/2011 10:27:38 PM | Computer Name = HOMEPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/31/2011 1:21:37 AM | Computer Name = HOMEPC | Source = Service Control Manager | ID = 7034
Description = The WDRulesService service terminated unexpectedly. It has done this
1 time(s).

Error - 7/31/2011 9:44:41 AM | Computer Name = HOMEPC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.4 for the Network Card with network
address 0011112FF705 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 7/31/2011 9:45:36 AM | Computer Name = HOMEPC | Source = Service Control Manager | ID = 7000
Description = The PCASp50 NDIS Protocol Driver service failed to start due to the
following error: %%2

Error - 7/31/2011 2:24:14 PM | Computer Name = HOMEPC | Source = Service Control Manager | ID = 7000
Description = The PCASp50 NDIS Protocol Driver service failed to start due to the
following error: %%2


< End of report >

[Advertisements]

Hello momoegy6x and welcome to G2G!

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:

• Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
• Absence of symptoms does not always mean the computer is clean
• Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
• Please DO NOT run any scans or fix on your own without my direction.
• Please read all of my response through at least once before attempting to follow the procedures described.
• If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
• You must reply within 3 days or your topic will be closed

Step 1

I've done many scans with SaS, MBAM, and AVG..everytime they say they have removed it.. It doesn't seem like it. Many thanks guys.

Can you post logs from scans that detects it here for me.

Step 2

Please close all running programs and Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  [2011/07/28 15:16:53 | 000,001,440 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2773765278
  [2011/07/28 15:16:53 | 000,001,440 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\231p3v0858785s2a81334e462bx528i
  [2011/07/28 15:10:20 | 000,001,444 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\231p3v0858785s2a81334e462bx528i
  [2011/07/28 15:07:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Pyidot.bin
  [2011/07/27 23:25:20 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Vhixif.dat
  [2011/07/15 16:33:13 | 000,013,500 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2d0b8td0tsdf68q2s8c0s833176o053a7381
  [2011/07/15 16:33:13 | 000,013,500 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\2d0b8td0tsdf68q2s8c0s833176o053a7381
  [2010/08/02 21:05:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
  @Alternate Data Stream - 48 bytes -> C:\WINDOWS:775C20E9095DDEC0
  
  :Commands
  [resethosts]
  [purity]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 3

Run OTL again

• Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  . Make sure all other windows are closed and to let it run uninterrupted.
  
• Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open OTL.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of that files and post it here for me.

Step 4

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
• Click on this link to see a list of programs that should be disabled.
• Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
• Allow the driver to load if asked.
• You may be prompted to scan immediately if it detects rootkit activity.
• If you are prompted to scan your system click "No", save the log and post back the results.
• If not prompted, click the "Rootkit/Malware" tab.
• On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
• Select all drives that are connected to your system to be scanned.
• Click the Scan button to begin. (Please be patient as it can take some time to complete)
• When the scan is finished, click Save to save the scan results to your Desktop.
• Save the file as Results.log and copy/paste the contents in your next reply.
• Exit the program and re-enable all active protection when done.

Step 5

Please don't forget to include these items in your reply:

• OTL fix log
• New OTL scan log
• GMER log

It would be helpful if you could post each log in separate post

[maliprog]

Hello momoegy6x and welcome to G2G!

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:

• Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
• Absence of symptoms does not always mean the computer is clean
• Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
• Please DO NOT run any scans or fix on your own without my direction.
• Please read all of my response through at least once before attempting to follow the procedures described.
• If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
• You must reply within 3 days or your topic will be closed

Step 1

I've done many scans with SaS, MBAM, and AVG..everytime they say they have removed it.. It doesn't seem like it. Many thanks guys.

Can you post logs from scans that detects it here for me.

Step 2

Please close all running programs and Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  [2011/07/28 15:16:53 | 000,001,440 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2773765278
  [2011/07/28 15:16:53 | 000,001,440 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\231p3v0858785s2a81334e462bx528i
  [2011/07/28 15:10:20 | 000,001,444 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\231p3v0858785s2a81334e462bx528i
  [2011/07/28 15:07:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Pyidot.bin
  [2011/07/27 23:25:20 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Vhixif.dat
  [2011/07/15 16:33:13 | 000,013,500 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2d0b8td0tsdf68q2s8c0s833176o053a7381
  [2011/07/15 16:33:13 | 000,013,500 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\2d0b8td0tsdf68q2s8c0s833176o053a7381
  [2010/08/02 21:05:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
  @Alternate Data Stream - 48 bytes -> C:\WINDOWS:775C20E9095DDEC0
  
  :Commands
  [resethosts]
  [purity]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 3

Run OTL again

• Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  . Make sure all other windows are closed and to let it run uninterrupted.
  
• Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open OTL.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of that files and post it here for me.

Step 4

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
• Click on this link to see a list of programs that should be disabled.
• Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
• Allow the driver to load if asked.
• You may be prompted to scan immediately if it detects rootkit activity.
• If you are prompted to scan your system click "No", save the log and post back the results.
• If not prompted, click the "Rootkit/Malware" tab.
• On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
• Select all drives that are connected to your system to be scanned.
• Click the Scan button to begin. (Please be patient as it can take some time to complete)
• When the scan is finished, click Save to save the scan results to your Desktop.
• Save the file as Results.log and copy/paste the contents in your next reply.
• Exit the program and re-enable all active protection when done.

Step 5

Please don't forget to include these items in your reply:

• OTL fix log
• New OTL scan log
• GMER log

It would be helpful if you could post each log in separate post

[momoegy6x]

I got some help prior to your post, and my computer is performing better, but I still want to see if I'm clean. Windows update works, computer is running faster. I'm going to post up new, fresh logs, and see if you still want me to go along that same route. Thanks for the quick response.

SaS log 1: SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/29/2011 at 07:49 PM

Application Version : 4.56.1000

Core Rules Database Version : 7488
Trace Rules Database Version: 5300

Scan type : Complete Scan
Total Scan Time : 01:24:15

Memory items scanned : 492
Memory threats detected : 0
Registry items scanned : 9772
Registry threats detected : 0
File items scanned : 37947
File threats detected : 51

Adware.Tracking Cookie
media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\AE8PDFGK ]
C:\Documents and Settings\NetworkService\Cookies\system@247realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@overture[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@click[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@indieclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@enhance[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adxpose[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@zedo[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@liveperson[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@pro-market[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@findology[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@collective-media[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt

Trojan.Agent/Gen-Mixel
C:\SYSTEM VOLUME INFORMATION\_RESTORE{8F929BF7-83F5-4199-89C2-5A10E76C250E}\RP13\A0005470.EXE

SaS log 2: SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/31/2011 at 05:15 PM

Application Version : 4.56.1000

Core Rules Database Version : 7493
Trace Rules Database Version: 5305

Scan type : Complete Scan
Total Scan Time : 01:36:03

Memory items scanned : 550
Memory threats detected : 0
Registry items scanned : 9867
Registry threats detected : 0
File items scanned : 47814
File threats detected : 97

Rogue.Agent/Gen
C:\ADOBE\PLUGS\KB1392062.EXE

Adware.Tracking Cookie
content.yieldmanager.edgesuite.net [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\YK42VE9W ]
kona.kontera.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\YK42VE9W ]
.atdmt.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
track.napprd.netshelter.net [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.questionmarket.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.questionmarket.com [ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
media.mtvnservices.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\AE8PDFGK ]
media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\AE8PDFGK ]
secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\AE8PDFGK ]
C:\Documents and Settings\NetworkService\Cookies\system@247realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@lucidmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adlegend[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@payperclickadvertisingsecrets[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\system@interclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@burstnet[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@viewablemedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@chitika[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adxpose[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@eyewonder[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@insightexpressai[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@shefinds[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@zedo[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@liveperson[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@findology[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediatraffic[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt

OTL log:OTL logfile created on: 8/1/2011 2:09:15 AM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.64 Gb Available Physical Memory | 42.62% Memory free
3.60 Gb Paging File | 2.95 Gb Available in Paging File | 81.83% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 69.28 Gb Free Space | 46.49% Space Free | Partition Type: NTFS
Drive D: | 237.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HOMEPC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/07/31 21:25:00 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/07/31 14:40:41 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
PRC - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/07/20 12:19:44 | 004,393,816 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
PRC - [2011/07/09 00:51:19 | 001,012,792 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/06/29 08:01:12 | 001,091,984 | ---- | M] (Western Digital ) -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
PRC - [2011/06/29 08:01:10 | 001,592,208 | ---- | M] (Western Digital ) -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
PRC - [2011/06/29 08:01:08 | 000,263,056 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
PRC - [2011/03/30 18:43:14 | 000,636,776 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
PRC - [2010/09/24 13:19:08 | 000,057,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2009/07/13 01:07:48 | 000,021,096 | ---- | M] (The Within Network, LLC) -- C:\WINDOWS\UnsignedThemesSvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2006/05/24 14:31:06 | 000,372,736 | ---- | M] () -- C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
PRC - [2003/12/18 10:50:00 | 000,038,912 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE


========== Modules (SafeList) ==========

MOD - [2011/07/31 14:40:41 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll
MOD - [2003/12/18 10:50:00 | 000,024,064 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL
MOD - [2003/12/18 10:50:00 | 000,006,144 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\LgWndHk.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [Auto | Stopped] -- -- (helpsvc)
SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - File not found [Auto | Stopped] -- -- (aawservice)
SRV - [2011/07/31 21:25:00 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/06/29 08:01:12 | 001,091,984 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV - [2011/06/29 08:01:10 | 001,592,208 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)
SRV - [2011/06/29 08:01:08 | 000,263,056 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)
SRV - [2010/09/24 13:19:16 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/09/24 13:19:16 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/09/24 13:19:08 | 006,351,600 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/09/24 13:19:08 | 000,057,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/07/27 19:19:06 | 000,121,416 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe -- (ATTRcAppSvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/13 01:07:48 | 000,021,096 | ---- | M] (The Within Network, LLC) [Auto | Running] -- C:\WINDOWS\UnsignedThemesSvc.exe -- (UnsignedThemes)
SRV - [2006/05/24 14:31:06 | 000,372,736 | ---- | M] () [Auto | Running] -- C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe -- (StyleXPService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/07/11 14:40:46 | 000,239,600 | ---- | M] () [File_System | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2011/03/23 01:00:08 | 000,016,080 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2011/03/23 01:00:06 | 000,030,368 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys -- (RegFilter)
DRV - [2011/01/09 13:56:48 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2010/07/27 19:12:04 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2010/07/27 19:09:40 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/26 16:04:44 | 000,040,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/08/12 17:50:44 | 000,197,504 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swnc8ua3.sys -- (SWNC8UA3) Sierra Wireless MUX NDIS Driver (UMTSA3)
DRV - [2009/07/22 18:44:18 | 000,148,992 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swumxa3.sys -- (SWUMXA3) Sierra Wireless USB MUX Driver (UMTSA3)
DRV - [2009/07/13 01:07:46 | 000,025,448 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\uxpatch.sys -- (uxpatch)
DRV - [2008/02/26 14:07:54 | 000,073,728 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2007/06/08 13:15:20 | 000,194,362 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2006/12/28 11:57:00 | 000,045,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\intelsmb.sys -- (smbusp) Intel®
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/03/02 04:30:54 | 000,618,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2005/10/31 17:44:39 | 000,010,880 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe -- (StyleXPHelper)
DRV - [2005/05/06 22:42:26 | 001,339,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2005/05/06 22:40:50 | 000,047,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2005/05/06 22:40:20 | 000,036,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2004/09/17 11:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/12/11 10:50:00 | 000,070,894 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/12/11 10:50:00 | 000,051,582 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042PR2.SYS -- (L8042PR2)
DRV - [2003/12/11 10:50:00 | 000,037,916 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb)
DRV - [2003/12/11 10:50:00 | 000,025,630 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2003/12/11 10:50:00 | 000,014,092 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LCcfltr.sys -- (LCcfltr)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gbt.toolbarhome.com/?hp=df
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\Administrator\Application Data\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Administrator\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)


[2011/03/06 13:47:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/08/01 00:46:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\04rc9lxi.default\extensions
[2011/08/01 00:46:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\04rc9lxi.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}

O1 HOSTS File: ([2011/07/31 21:00:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKCU..\Run: [HP Deskjet 3050A J611 series (NET)] C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/30 21:12:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/03/30 17:19:19 | 000,000,089 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/01 02:00:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/08/01 01:45:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2011/08/01 01:45:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2011/08/01 00:20:23 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2011/08/01 00:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2011/08/01 00:18:49 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2011/08/01 00:18:36 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations
[2011/08/01 00:18:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Photo Creations
[2011/08/01 00:17:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\HpUpdate
[2011/08/01 00:17:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2011/08/01 00:14:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2011/08/01 00:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/08/01 00:00:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/07/31 23:43:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/07/31 23:43:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Sun
[2011/07/31 23:38:10 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/07/31 23:36:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/07/31 23:30:34 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/07/31 23:22:10 | 000,000,000 | ---D | C] -- C:\71663f5d07ec41fd5a11
[2011/07/31 21:40:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/07/31 21:15:42 | 000,607,017 | ---- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2011/07/31 21:10:01 | 001,404,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
[2011/07/31 20:59:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/07/31 20:15:56 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/07/31 19:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/07/31 19:31:56 | 000,000,000 | ---D | C] -- C:\MGtools
[2011/07/31 19:13:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/31 19:11:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/31 19:11:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/31 19:02:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/31 19:02:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/31 19:01:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/31 14:35:43 | 004,159,367 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/07/31 02:14:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IObit Malware Fighter
[2011/07/31 02:14:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\IObit
[2011/07/31 02:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/07/31 01:34:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\HiJackThis
[2011/07/31 01:08:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\HP
[2011/07/30 13:10:29 | 000,000,000 | ---D | C] -- C:\Adobe
[2011/07/30 10:13:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2011/07/30 10:13:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/07/29 21:29:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/07/29 20:08:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/07/29 15:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\msn
[2011/07/29 14:17:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/07/29 13:23:03 | 000,000,000 | ---D | C] -- C:\bea26e1eeb529243cda7392f254a52
[2011/07/29 13:15:18 | 000,000,000 | ---D | C] -- C:\9f8bb1144c8b772d9a019dd19d161138
[2011/07/29 13:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2011/07/29 12:53:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/07/29 10:25:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2011/07/28 23:41:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WMTools Downloaded Files
[2011/07/28 22:26:24 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/07/28 22:26:24 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/07/28 22:24:43 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/07/28 22:22:21 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2011/07/28 22:22:05 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2011/07/28 22:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2011/07/28 22:19:45 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2011/07/28 17:11:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2011/07/28 17:11:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2011/07/28 17:11:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2011/07/28 17:11:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2011/07/28 17:11:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2011/07/28 17:11:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2011/07/28 17:11:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2011/07/28 17:11:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2011/07/28 17:11:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2011/07/28 17:11:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2011/07/28 17:11:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2011/07/28 17:11:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2011/07/28 17:11:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2011/07/28 17:11:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2011/07/28 17:11:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2011/07/28 17:11:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2011/07/28 17:11:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2011/07/28 17:11:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2011/07/28 17:11:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2011/07/25 19:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2011/07/25 17:41:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
[2011/07/25 17:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Western_Digital
[2011/07/25 17:27:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Western Digital
[2011/07/25 17:26:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ServiceTest
[2011/07/25 17:24:49 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2011/07/25 17:23:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Western Digital
[2011/07/18 14:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Google
[2011/07/18 14:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/07/11 12:22:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Uniblue
[2011/07/10 21:56:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder
[2011/07/09 14:08:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2011/07/08 14:40:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook
[2011/07/07 13:38:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinAVI
[2011/07/05 11:59:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Nutrition
[2010/01/04 21:08:05 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/01 02:01:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\HP Photo Creations Messager.job
[2011/08/01 01:44:49 | 000,000,686 | ---- | M] () -- C:\WINDOWS\tasks\hpwebreg_CN14D2C52405PJ.job
[2011/08/01 01:34:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/01 00:52:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1177238915-682003330-500UA.job
[2011/08/01 00:26:15 | 000,001,687 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk
[2011/08/01 00:17:53 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/08/01 00:17:52 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/08/01 00:17:52 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/08/01 00:17:51 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/08/01 00:17:06 | 000,001,993 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Deskjet 3050A J611 series.lnk
[2011/08/01 00:14:32 | 000,000,057 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2011/07/31 23:56:00 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-507921405-1177238915-682003330-500UA.job
[2011/07/31 23:56:00 | 000,001,008 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-507921405-1177238915-682003330-500Core.job
[2011/07/31 23:53:21 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/31 23:51:14 | 000,000,431 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011/07/31 23:50:52 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/31 23:50:52 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/07/31 23:50:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/31 23:43:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/31 23:38:12 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/31 23:38:01 | 003,602,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/31 23:14:05 | 003,153,920 | ---- | M] () -- C:\WINDOWS\System32\secsetup.sdb
[2011/07/31 21:23:12 | 000,206,519 | ---- | M] () -- C:\MGlogs.zip
[2011/07/31 21:19:07 | 000,000,045 | ---- | M] () -- C:\TEST.XML
[2011/07/31 21:16:14 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe
[2011/07/31 21:15:43 | 000,607,017 | ---- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2011/07/31 21:10:10 | 001,404,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
[2011/07/31 21:00:50 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/31 19:52:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-1177238915-682003330-500Core.job
[2011/07/31 19:42:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/31 19:13:38 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/07/31 14:59:24 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2011/07/31 14:38:37 | 002,419,140 | ---- | M] () -- C:\Program Files\MGtools.exe
[2011/07/31 14:36:21 | 004,159,367 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/07/31 14:34:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2011/07/31 14:29:36 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/07/30 12:51:10 | 000,000,342 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2011/07/30 12:47:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/29 22:56:31 | 000,435,854 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/29 22:56:31 | 000,068,750 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/29 21:38:20 | 000,000,898 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/07/29 21:38:20 | 000,000,101 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/07/29 18:07:10 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/07/29 18:07:10 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/07/29 00:15:02 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/07/28 22:29:51 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/07/28 22:23:16 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/07/28 22:20:12 | 000,022,720 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/07/28 21:59:18 | 000,005,110 | ---- | M] () -- C:\WINDOWS\System32\e100b325.din
[2011/07/28 15:16:53 | 000,001,440 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\231p3v0858785s2a81334e462bx528i
[2011/07/27 23:25:20 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Vhixif.dat
[2011/07/25 20:35:16 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/07/19 13:05:10 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\vso_ts_preview.xml
[2011/07/18 22:20:46 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Adobe PNG Format CS5 Prefs
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/01 01:44:48 | 000,000,686 | ---- | C] () -- C:\WINDOWS\tasks\hpwebreg_CN14D2C52405PJ.job
[2011/08/01 00:26:15 | 000,001,687 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk
[2011/08/01 00:20:16 | 000,001,077 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Default Manager.lnk
[2011/08/01 00:18:43 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\HP Photo Creations Messager.job
[2011/08/01 00:17:52 | 000,000,466 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2011/08/01 00:17:52 | 000,000,466 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2011/08/01 00:17:52 | 000,000,466 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2011/08/01 00:17:50 | 000,000,466 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2011/08/01 00:17:06 | 000,001,993 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Deskjet 3050A J611 series.lnk
[2011/08/01 00:16:21 | 001,841,000 | ---- | C] () -- C:\WINDOWS\System32\HPScanTRDrv_DJ3050A_J611.dll
[2011/08/01 00:14:32 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2011/07/31 23:38:12 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2011/07/31 23:33:40 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/07/31 23:14:03 | 003,153,920 | ---- | C] () -- C:\WINDOWS\System32\secsetup.sdb
[2011/07/31 21:16:13 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe
[2011/07/31 19:31:57 | 000,206,519 | ---- | C] () -- C:\MGlogs.zip
[2011/07/31 19:13:38 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/07/31 19:13:34 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/31 19:11:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/31 19:11:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/31 19:02:18 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/31 19:02:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/31 19:02:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/31 14:39:08 | 002,419,140 | ---- | C] () -- C:\Program Files\MGtools.exe
[2011/07/31 14:34:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2011/07/31 01:34:47 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2011/07/29 14:27:08 | 000,239,616 | ---- | C] () -- C:\WINDOWS\System32\wstrenderer.ax
[2011/07/29 14:26:56 | 000,118,272 | ---- | C] () -- C:\WINDOWS\System32\mpeg2data.ax
[2011/07/29 14:26:12 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\wstpager.ax
[2011/07/29 14:25:47 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\vbicodec.ax
[2011/07/29 14:24:10 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/07/29 14:23:59 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/07/29 14:23:28 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/07/29 14:22:31 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2011/07/29 14:22:07 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dllcache\dxmasf.dll
[2011/07/29 14:21:28 | 000,148,992 | ---- | C] () -- C:\WINDOWS\System32\mpg2splt.ax
[2011/07/29 14:21:22 | 000,844,314 | ---- | C] () -- C:\WINDOWS\System32\msdxm.ocx
[2011/07/29 14:21:22 | 000,844,314 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxm.ocx
[2011/07/29 14:21:22 | 000,004,126 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxmlc.dll
[2011/07/29 14:20:52 | 000,004,310 | ---- | C] () -- C:\WINDOWS\System32\odbcconf.rsp
[2011/07/29 00:18:23 | 000,000,898 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/07/28 22:57:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/28 22:25:42 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/07/28 22:25:31 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/07/28 22:25:29 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/07/28 22:25:27 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/07/28 22:25:10 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/07/28 21:24:16 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/07/28 21:24:16 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/07/28 21:24:15 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2011/07/28 21:24:15 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/07/28 21:24:15 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/07/28 21:24:15 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/07/28 21:24:15 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/07/28 15:16:53 | 000,001,440 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\231p3v0858785s2a81334e462bx528i
[2011/07/27 23:25:20 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Vhixif.dat
[2011/07/18 14:29:26 | 000,000,900 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/18 14:29:25 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/08 14:41:12 | 000,001,030 | ---- | C] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-507921405-1177238915-682003330-500UA.job
[2011/07/08 14:41:11 | 000,001,008 | ---- | C] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-507921405-1177238915-682003330-500Core.job
[2011/07/02 00:05:04 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Adobe PNG Format CS5 Prefs
[2011/06/29 22:21:30 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/06/29 22:21:29 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/06/29 22:21:26 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/06/29 22:21:25 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/06/29 22:21:23 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/06/16 11:43:09 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/04/10 23:19:19 | 000,000,080 | ---- | C] () -- C:\WINDOWS\pdf2rtf.INI
[2011/03/08 19:59:41 | 000,042,112 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/01/09 13:56:48 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/12/15 11:22:41 | 000,040,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2010/12/03 01:51:36 | 001,372,512 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/02 21:05:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2010/01/04 21:10:25 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\vso_ts_preview.xml
[2010/01/04 21:08:05 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.cat
[2010/01/04 21:08:05 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.inf
[2009/12/16 21:08:09 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/08/07 18:25:20 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2009/08/05 12:33:46 | 000,000,085 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/14 11:31:24 | 001,289,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2009/07/13 01:07:46 | 000,025,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\uxpatch.sys
[2009/01/31 10:15:49 | 000,000,048 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/01/11 16:21:39 | 000,000,009 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2009/01/04 21:04:22 | 000,000,342 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/12/31 11:07:30 | 000,001,152 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/11/30 14:39:18 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/28 03:09:14 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2008/09/07 17:46:53 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/08/08 14:14:11 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
[2008/08/05 22:18:29 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/08/02 22:39:27 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/08/02 22:17:27 | 000,404,480 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/08/02 22:17:27 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/08/02 22:17:27 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/08/02 22:17:26 | 003,049,984 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/07/31 12:34:52 | 000,164,864 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/31 12:23:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/07/31 07:32:09 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/31 07:21:43 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2008/07/30 21:14:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/07/30 21:09:12 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/07/30 17:01:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/07/30 16:59:57 | 003,602,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/06/20 22:53:34 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,435,854 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,068,750 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/02/10 15:08:00 | 000,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2002/11/13 15:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/12/14 11:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AT&T
[2011/05/04 23:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DDMSettings
[2010/03/28 18:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Facebook
[2011/07/31 02:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IObit
[2009/07/15 09:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\KeePass
[2011/03/31 19:19:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mp3tag
[2011/02/19 17:48:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nuance
[2009/07/14 11:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Reasonable Software House Ltd
[2010/12/02 19:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Research In Motion
[2010/12/14 11:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sierra Wireless
[2009/11/05 20:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Smith Micro
[2009/07/08 20:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2011/01/09 13:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Uniblue
[2011/07/31 21:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2011/07/19 13:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vso
[2011/07/25 17:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Western Digital
[2011/07/07 13:38:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinAVI
[2009/12/16 21:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/12/15 11:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2009/07/15 08:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/07/31 19:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/03/06 13:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011/03/14 16:50:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/06/29 15:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2010/12/15 11:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LG
[2011/08/01 02:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/04/10 19:56:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2011/02/19 17:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/01/25 20:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2008/10/14 20:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
[2011/06/29 14:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/12/02 19:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2011/03/06 14:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/04/10 19:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2011/03/06 14:17:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/04 22:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2011/07/25 19:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2011/01/11 16:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/26 14:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/26 23:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/08/01 00:17:51 | 000,000,466 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/08/01 00:17:52 | 000,000,466 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011/08/01 00:17:52 | 000,000,466 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2011/08/01 00:17:53 | 000,000,466 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2011/07/31 23:56:00 | 000,001,008 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-507921405-1177238915-682003330-500Core.job
[2011/07/31 23:56:00 | 000,001,030 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-507921405-1177238915-682003330-500UA.job
[2011/07/31 23:50:52 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD

< End of report >


I've also done a few scans with IObit Malware Fighter that cured a few Trojans..I seem to have deleted those logs though. My apologies.

Edited by momoegy6x, 01 August 2011 - 12:13 AM.

[maliprog]

We need to clear something. If you getting help on other forums (I see you have tools on you PC that we use) than you must continue there. It's best for your PC that only one person work on it. I should close this topic in that case. Please respond to see where we are.

[momoegy6x]

I posted my problem on a few other forums to see where I could get help quickest. I am getting help from another forum, yes, so if you feel that you should close this topic, that's fine. Thanks for your help anyway, I appreciate it!

[maliprog]

Please try to follow steps from one forum only. That is the best way to get rid on malware and save your system. Believe me!

I will close this topic now. You should also close all other topics that you started and leave only one you get help on.

Goodbye and stay safe!