[Gina817]

A little while ago, I noticed some strange things after clicking on a bad link. It was disguised, but it turned out to be an ad and led to what looked like a malware-ridden website. Web of Trust and Adblock Plus didn’t block it like I hoped they would.

After restarting, the system date was two months ahead and the time was one hour behind. Also, Microsoft Security Essentials would still scan but would not update.

I ran the Eset Online Scanner plus the SUPERAntiSpyware portable scanner and the latter picked up and deleted a Trojan.

Those past issues seem to be resolved now. MSE and Malwarebyte’s don’t find anything. But now, I try to load Netflix and it says “Page not found,” and it tries to redirect me to a site called http://www.tvfanfrenzy.com

I’m wondering if I’m still infected with something. Either that, or maybe my Netflix got hacked somehow?

Thanks in advance.



OTL log:

OTL logfile created on: 10/27/2011 12:03:00 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.38% Memory free
3.85 Gb Paging File | 3.15 Gb Available in Paging File | 81.90% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 108.69 Gb Free Space | 46.67% Space Free | Partition Type: NTFS

Computer Name: TEMP | User Name: temp1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/26 23:23:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
PRC - [2011/10/02 13:00:55 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/03/21 17:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/04/10 12:25:24 | 000,913,408 | ---- | M] () -- C:\Program Files\Customer\Wireless USB utility V1.01\Wireless USB utility V1.01.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/02 13:00:54 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/09 13:44:16 | 006,053,536 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/03/21 17:10:36 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 17:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/02/05 14:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/12/19 12:26:06 | 002,625,536 | ---- | M] () -- C:\WINDOWS\system32\ffdshow.ax
MOD - [2008/09/16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/07/09 05:06:32 | 000,675,840 | ---- | M] () -- C:\Program Files\XP Codec Pack\filters\ac3filter.ax
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/04/10 12:25:24 | 000,913,408 | ---- | M] () -- C:\Program Files\Customer\Wireless USB utility V1.01\Wireless USB utility V1.01.exe
MOD - [2006/04/10 12:25:16 | 000,090,112 | ---- | M] () -- C:\Program Files\Customer\Wireless USB utility V1.01\Mrv8000x.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/10/26 14:28:25 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{62E45743-33D0-4A8C-9AB7-0EADEA9B6ACF}\MpKsl4b299374.sys -- (MpKsl4b299374)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\temp1\Local Settings\Temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\temp1\Local Settings\Temp\SAS_SelfExtract\saskutil.sys -- (SASKUTIL)
DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2006/12/21 04:26:00 | 004,405,248 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/10/13 09:49:40 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/10/13 09:49:36 | 000,058,112 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/04/24 05:52:28 | 000,100,736 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/12/21 17:44:28 | 000,299,904 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MRVW225.sys -- (MRVW225)
DRV - [2001/08/17 12:51:10 | 000,138,528 | ---- | M] (Trident Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tgiulnt5.sys -- (tgiul50)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.c...64&gct=&gc=1&q=

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKCU\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.1
FF - prefs.js..extensions.enabledItems: {9545B14F-4A03-48E0-94FD-9062893F58F4}:1.0
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/02 13:00:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/07 16:30:55 | 000,000,000 | ---D | M]

[2011/05/07 15:20:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/03/02 18:07:28 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Program Files\Mozilla Firefox\extensions\{9545B14F-4A03-48E0-94FD-9062893F58F4}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\TEMP1\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\75CFV5EL.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2011/07/10 15:20:21 | 000,000,000 | ---D | M] (WOT) -- C:\DOCUMENTS AND SETTINGS\TEMP1\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\75CFV5EL.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\TEMP1\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\75CFV5EL.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\TEMP1\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\75CFV5EL.DEFAULT\EXTENSIONS\[email protected]
[2011/10/02 13:00:55 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/03/03 01:18:47 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2011/05/07 16:30:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2003/03/31 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\temp1\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.micros...cs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5621F8BC-EBBC-4265-BFF4-C9062B682AC0}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BDC787A5-B661-4FBF-B96E-259C1F41DA6C}: DhcpNameServer = 192.168.10.15 192.168.10.2
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\temp1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\temp1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/05 08:40:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/23 18:15:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\temp1\Application Data\SUPERAntiSpyware.com
[2011/10/23 18:15:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
[2011/10/23 13:23:20 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/10/23 13:23:20 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2011/10/23 13:23:06 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/10/22 21:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\iTunes
[2011/10/22 21:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/22 21:46:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/22 21:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2004/11/24 15:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\temp1\*.tmp files -> C:\Documents and Settings\temp1\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/26 23:39:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/26 23:23:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2011/10/26 20:45:54 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\temp1\Desktop\Microsoft Office Word 2003.lnk
[2011/10/26 18:39:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/26 16:05:30 | 009,431,210 | ---- | M] () -- C:\Documents and Settings\temp1\Desktop\DJ Fresh ft. Sian Evans - Louder (Flux Pavillion And Doctor P Remix).mp3
[2011/10/26 14:32:09 | 000,311,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/26 14:32:09 | 000,040,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/26 14:28:10 | 000,250,071 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/10/26 14:28:08 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/26 14:28:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/23 00:58:54 | 015,100,992 | ---- | M] () -- C:\Documents and Settings\temp1\Desktop\Lady Gaga - Alejandro (Skrillex Remix).mp3
[2011/10/23 00:49:41 | 008,764,302 | ---- | M] () -- C:\Documents and Settings\temp1\Desktop\Pendulum - Watercolour.mp3
[2011/10/22 21:47:47 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\iTunes.lnk
[2011/10/22 20:17:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/15 14:48:09 | 009,281,979 | ---- | M] () -- C:\Documents and Settings\temp1\Desktop\Camila_-_Dejarte De Amar_-_11_-_De Mi.mp3
[2011/10/14 19:14:48 | 000,112,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/14 00:07:03 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\temp1\*.tmp files -> C:\Documents and Settings\temp1\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/23 01:14:40 | 009,431,210 | ---- | C] () -- C:\Documents and Settings\temp1\Desktop\DJ Fresh ft. Sian Evans - Louder (Flux Pavillion And Doctor P Remix).mp3
[2011/10/23 00:58:17 | 015,100,992 | ---- | C] () -- C:\Documents and Settings\temp1\Desktop\Lady Gaga - Alejandro (Skrillex Remix).mp3
[2011/10/23 00:49:17 | 008,764,302 | ---- | C] () -- C:\Documents and Settings\temp1\Desktop\Pendulum - Watercolour.mp3
[2011/10/22 21:47:47 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\iTunes.lnk
[2010/08/08 17:46:56 | 000,018,264 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/07/25 12:21:03 | 000,000,275 | ---- | C] () -- C:\WINDOWS\EReg104.dat
[2009/11/09 15:06:24 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2009/09/12 19:09:00 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009/07/18 16:03:03 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/06/10 06:03:00 | 001,597,690 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/05/17 15:02:02 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/05/17 15:02:02 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/04/19 15:40:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/04/19 15:31:57 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/04/19 12:51:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/04/19 12:47:21 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/04/19 11:51:24 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\temp1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/13 22:48:27 | 000,001,548 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2009/04/13 21:06:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/04/13 21:02:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/04/13 16:57:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/13 16:56:32 | 000,112,584 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/19 11:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/12/17 13:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/12/17 13:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/12/17 13:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/17 13:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/12/17 12:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006/11/02 12:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2004/10/03 13:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2003/03/31 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 08:00:00 | 000,311,934 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 08:00:00 | 000,040,196 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010/06/13 18:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AIM
[2010/06/20 13:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2009/11/09 15:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\iolo
[2010/08/08 17:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/13 18:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\temp1\Application Data\acccore
[2009/11/25 23:04:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\temp1\Application Data\com.adobe.example.avatarAirApplication.199ED43C2CFEB351CD0244628B93195D7C58F98C.1
[2009/12/29 19:41:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\temp1\Application Data\EuroTalk
[2009/09/28 04:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\temp1\Application Data\FooPetsDesktop.E1A59F4315F58433140DC6A108B4F20995854275.1
[2009/11/09 15:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\temp1\Application Data\iolo
[2011/10/23 04:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\temp1\Application Data\uTorrent

========== Purity Check ==========



< End of report >

[Advertisements]

Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:

• Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
• Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
• Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
• Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
• Please reply within 3 days to be fair to other people asking for help.
• Please tell me if you have your original Windows CD/DVD available
• When in doubt, please stop and ask first. There's no harm in asking questions!

Please do the following:

Step 1

• Please download aswMBR.exe to your desktop.
• Double click the aswMBR.exe to run it.
  
  
  
• When asked if you want to download Avast's virus definitions please select Yes.
• Click the Scan button to start scan.
  
  
  
• On completion of the scan click Save log, save it to your desktop and post in your next reply.
• Also on Desktop there should be a file called MBR.dat after that, zip it and then attach it here

How to add an attachment to a new topic or reply

Step 2

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

• Ensure all Firefox windows are closed.
• To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista, 7).
• When prompted to run the scan, click Yes.
• GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Step 3

Please delete your copy of OTL.exe.

OTL Custom Scan

• Download OTL to your desktop.
• Double click on the icon to run it.
• Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top, make sure Stadard output is selected.
• Select Scan all users
• Under the Extra Registry section, check Use SafeList
• Check the boxes beside LOP Check and Purity Check.
• Under the Custom Scans/Fixes box copy and paste this in:
  
  

  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  %systemroot%\*. /mp /s
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  CREATERESTOREPOINT

• Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

When completed the above, please post back the following in the order asked for:

• aswMBR log attached zipped file MBR.zip
• GooredFix log
• OTL scan log
• Extras log
  

[Render]

Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:

• Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
• Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
• Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
• Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
• Please reply within 3 days to be fair to other people asking for help.
• Please tell me if you have your original Windows CD/DVD available
• When in doubt, please stop and ask first. There's no harm in asking questions!

Please do the following:

Step 1

• Please download aswMBR.exe to your desktop.
• Double click the aswMBR.exe to run it.
  
  
  
• When asked if you want to download Avast's virus definitions please select Yes.
• Click the Scan button to start scan.
  
  
  
• On completion of the scan click Save log, save it to your desktop and post in your next reply.
• Also on Desktop there should be a file called MBR.dat after that, zip it and then attach it here

How to add an attachment to a new topic or reply

Step 2

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

• Ensure all Firefox windows are closed.
• To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista, 7).
• When prompted to run the scan, click Yes.
• GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Step 3

Please delete your copy of OTL.exe.

OTL Custom Scan

• Download OTL to your desktop.
• Double click on the icon to run it.
• Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top, make sure Stadard output is selected.
• Select Scan all users
• Under the Extra Registry section, check Use SafeList
• Check the boxes beside LOP Check and Purity Check.
• Under the Custom Scans/Fixes box copy and paste this in:
  
  

  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  %systemroot%\*. /mp /s
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  CREATERESTOREPOINT

• Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

When completed the above, please post back the following in the order asked for:

• aswMBR log attached zipped file MBR.zip
• GooredFix log
• OTL scan log
• Extras log
  

[Gina817]

Sorry for the late reply. There was a very long power outage. There was no MBR.dat file created, I'm not sure why. But here are the logs. Thanks.


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-07 18:52:44
-----------------------------
18:52:44.171 OS Version: Windows 5.1.2600 Service Pack 3
18:52:44.171 Number of processors: 2 586 0xF0B
18:52:44.171 ComputerName: TEMP UserName:
18:52:45.046 Initialze error C000010E - driver not loaded
18:52:49.421 AVAST engine defs: 11110701
18:52:52.843 Service scanning
18:52:53.093 Service GMSIPCI D:\INSTALL\GMSIPCI.SYS **LOCKED** 21
18:52:53.109 Service MpKslbf0157a9 c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{56AAF8CC-AFB4-4FB6-B8E8-C49C3272A7E5}\MpKslbf0157a9.sys **LOCKED** 32
18:52:53.109 Service MSICPL D:\install4\MSICPL.sys **LOCKED** 21
18:52:53.125 Service NTACCESS D:\NTACCESS.sys **LOCKED** 21
18:52:53.156 Service SetupNTGLM7X D:\NTGLM7X.sys **LOCKED** 21
18:52:53.671 Modules scanning
18:52:53.671 Disk 0 trace - called modules:
18:52:53.671
18:52:54.562 AVAST engine scan C:\WINDOWS
18:53:06.171 AVAST engine scan C:\WINDOWS\system32
18:55:05.062 AVAST engine scan C:\WINDOWS\system32\drivers
18:55:17.406 AVAST engine scan C:\Documents and Settings\temp1
19:20:24.984 AVAST engine scan C:\Documents and Settings\All Users.WINDOWS
19:21:08.625 Scan finished successfully
19:24:32.718 The log file has been saved successfully to "C:\Documents and Settings\temp1\Desktop\aswMBR.txt"



GooredFix by jpshortstuff (03.07.10.1)
Log created at 19:27 on 07/11/2011 (temp1)
Firefox version 7.0.1 (en-US)

========== GooredScan ==========

Deleting "C:\Program Files\Mozilla Firefox\extensions\{9545B14F-4A03-48E0-94FD-9062893F58F4}" -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [15:16 14/11/2007]
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [10:05 10/01/2008]
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [21:13 03/03/2009]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [17:42 05/04/2009]

C:\Documents and Settings\temp1\Application Data\Mozilla\Firefox\Profiles\75cfv5el.default\extensions\
{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [19:20 10/07/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(Key not found)

-=E.O.F=-



OTL logfile created on: 11/7/2011 7:36:31 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 63.57% Memory free
3.85 Gb Paging File | 3.30 Gb Available in Paging File | 85.77% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 109.40 Gb Free Space | 46.98% Space Free | Partition Type: NTFS

Computer Name: TEMP | User Name: temp1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/07 19:30:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/03/21 16:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/04/10 11:25:24 | 000,913,408 | ---- | M] () -- C:\Program Files\Customer\Wireless USB utility V1.01\Wireless USB utility V1.01.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/21 16:10:36 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 16:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/08/12 22:41:02 | 000,473,632 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2006/04/10 11:25:24 | 000,913,408 | ---- | M] () -- C:\Program Files\Customer\Wireless USB utility V1.01\Wireless USB utility V1.01.exe
MOD - [2006/04/10 11:25:16 | 000,090,112 | ---- | M] () -- C:\Program Files\Customer\Wireless USB utility V1.01\Mrv8000x.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/11/07 15:40:16 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{56AAF8CC-AFB4-4FB6-B8E8-C49C3272A7E5}\MpKslbf0157a9.sys -- (MpKslbf0157a9)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\temp1\Local Settings\Temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\temp1\Local Settings\Temp\SAS_SelfExtract\saskutil.sys -- (SASKUTIL)
DRV - [2010/11/09 13:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2006/12/21 03:26:00 | 004,405,248 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/10/13 08:49:40 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/10/13 08:49:36 | 000,058,112 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/04/24 04:52:28 | 000,100,736 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/12/21 16:44:28 | 000,299,904 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MRVW225.sys -- (MRVW225)
DRV - [2001/08/17 11:51:10 | 000,138,528 | ---- | M] (Trident Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tgiulnt5.sys -- (tgiul50)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.c...64&gct=&gc=1&q=


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-57989841-602162358-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
IE - HKU\S-1-5-21-57989841-602162358-725345543-1004\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
IE - HKU\S-1-5-21-57989841-602162358-725345543-1004\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
IE - HKU\S-1-5-21-57989841-602162358-725345543-1004\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
IE - HKU\S-1-5-21-57989841-602162358-725345543-1004\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
IE - HKU\S-1-5-21-57989841-602162358-725345543-1004\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
IE - HKU\S-1-5-21-57989841-602162358-725345543-1004\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
IE - HKU\S-1-5-21-57989841-602162358-725345543-1004\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
IE - HKU\S-1-5-21-57989841-602162358-725345543-1004\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
IE - HKU\S-1-5-21-57989841-602162358-725345543-1004\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
IE - HKU\S-1-5-21-57989841-602162358-725345543-1004\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKU\S-1-5-21-57989841-602162358-725345543-1004\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
IE - HKU\S-1-5-21-57989841-602162358-725345543-1004\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
IE - HKU\S-1-5-21-57989841-602162358-725345543-1004\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKU\S-1-5-21-57989841-602162358-725345543-1004\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - No CLSID value found
IE - HKU\S-1-5-21-57989841-602162358-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-57989841-602162358-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.1
FF - prefs.js..extensions.enabledItems: {9545B14F-4A03-48E0-94FD-9062893F58F4}:1.0
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/02 12:00:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/07 15:30:55 | 000,000,000 | ---D | M]

[2011/11/07 19:27:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\TEMP1\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\75CFV5EL.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2011/07/10 14:20:21 | 000,000,000 | ---D | M] (WOT) -- C:\DOCUMENTS AND SETTINGS\TEMP1\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\75CFV5EL.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\TEMP1\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\75CFV5EL.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\TEMP1\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\75CFV5EL.DEFAULT\EXTENSIONS\[email protected]
[2011/10/02 12:00:55 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/03/03 00:18:47 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2011/05/07 15:30:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2003/03/31 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-57989841-602162358-725345543-1004\..\Toolbar\WebBrowser: (no name) - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-57989841-602162358-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\temp1\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.micros...cs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5621F8BC-EBBC-4265-BFF4-C9062B682AC0}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BDC787A5-B661-4FBF-B96E-259C1F41DA6C}: DhcpNameServer = 192.168.10.15 192.168.10.2
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\temp1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\temp1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/05 07:40:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/07 19:30:08 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2011/11/07 19:27:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\temp1\Desktop\GooredFix Backups
[2011/11/07 19:26:02 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\temp1\Desktop\GooredFix.exe
[2011/11/07 18:31:06 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\temp1\Desktop\aswMBR.exe
[2011/11/03 19:02:31 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/10/23 17:15:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\temp1\Application Data\SUPERAntiSpyware.com
[2011/10/23 17:15:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
[2011/10/23 12:23:20 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/10/23 12:23:20 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2011/10/23 12:23:06 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/10/22 20:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\iTunes
[2011/10/22 20:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/22 20:46:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/22 20:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2004/11/24 14:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\temp1\*.tmp files -> C:\Documents and Settings\temp1\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/07 19:31:59 | 008,066,405 | ---- | M] () -- C:\Documents and Settings\temp1\Desktop\otlinstruction.rtf
[2011/11/07 19:30:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2011/11/07 19:26:02 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\temp1\Desktop\GooredFix.exe
[2011/11/07 18:39:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/07 18:39:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/07 18:31:13 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\temp1\Desktop\aswMBR.exe
[2011/11/07 15:33:04 | 000,311,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/07 15:33:04 | 000,040,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/07 15:29:05 | 000,250,071 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/11/07 15:29:02 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/07 15:28:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/05 19:17:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/03 19:02:31 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/10/26 19:45:54 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\temp1\Desktop\Microsoft Office Word 2003.lnk
[2011/10/22 20:47:47 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\iTunes.lnk
[2011/10/14 18:14:48 | 000,112,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/13 23:07:03 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\temp1\*.tmp files -> C:\Documents and Settings\temp1\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/07 19:31:59 | 008,066,405 | ---- | C] () -- C:\Documents and Settings\temp1\Desktop\otlinstruction.rtf
[2011/10/22 20:47:47 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\iTunes.lnk
[2010/08/08 16:46:56 | 000,018,264 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/07/25 11:21:03 | 000,000,275 | ---- | C] () -- C:\WINDOWS\EReg104.dat
[2009/11/09 14:06:24 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2009/09/12 18:09:00 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009/07/18 15:03:03 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/06/10 05:03:00 | 001,597,690 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/05/17 14:02:02 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/05/17 14:02:02 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/04/19 14:40:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/04/19 14:31:57 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/04/19 11:51:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/04/19 11:47:21 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/04/19 10:51:24 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\temp1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/13 21:48:27 | 000,001,548 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2009/04/13 20:06:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/04/13 20:02:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/04/13 15:57:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/13 15:56:32 | 000,112,584 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/19 10:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/12/17 12:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/12/17 12:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/12/17 12:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/17 12:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/12/17 11:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006/11/02 11:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2004/10/03 12:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2003/03/31 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 07:00:00 | 000,311,934 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 07:00:00 | 000,040,196 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2008/06/12 23:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/03/02 17:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2007/11/22 14:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/03/02 17:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Launcher
[2008/06/12 23:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/03/22 20:19:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/06/13 17:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AIM
[2010/06/20 12:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2009/11/09 14:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\iolo
[2010/08/08 16:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/09 14:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User.WINDOWS\Application Data\iolo
[2009/11/09 14:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\iolo
[2010/06/13 17:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\temp1\Application Data\acccore
[2009/11/25 22:04:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\temp1\Application Data\com.adobe.example.avatarAirApplication.199ED43C2CFEB351CD0244628B93195D7C58F98C.1
[2009/12/29 18:41:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\temp1\Application Data\EuroTalk
[2009/09/28 03:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\temp1\Application Data\FooPetsDesktop.E1A59F4315F58433140DC6A108B4F20995854275.1
[2009/11/09 14:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\temp1\Application Data\iolo
[2011/11/06 03:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\temp1\Application Data\uTorrent

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2011/11/07 19:30:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\OTL.exe


< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 02:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 02:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 02:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/10/02 12:00:52 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/10/02 12:00:52 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/10/02 12:00:52 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/10/02 12:00:55 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/10/02 12:00:55 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/10/02 12:00:55 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2003/03/31 07:00:00 | 000,094,208 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/03/21 19:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/03/21 19:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/03/21 19:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/03/21 19:10:48 | 002,388,264 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/10/02 12:00:52 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/10/02 12:00:52 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/10/02 12:00:52 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/10/02 12:00:55 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/10/02 12:00:55 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/10/02 12:00:55 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2003/03/31 07:00:00 | 000,094,208 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/03/21 19:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/03/21 19:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/03/21 19:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/03/21 19:10:48 | 002,388,264 | ---- | M] (Apple Inc.)

< End of report >



OTL Extras logfile created on: 11/7/2011 7:36:31 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 63.57% Memory free
3.85 Gb Paging File | 3.30 Gb Available in Paging File | 85.77% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 109.40 Gb Free Space | 46.98% Space Free | Partition Type: NTFS

Computer Name: TEMP | User Name: temp1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-57989841-602162358-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0959198E-9CB6-4BF2-905A-D275DDDED3DC}" = Petz 5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{253E469A-8F3D-487E-82C9-B9EB66044022}" = Wireless USB utility V1.01
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26615EF-AF0A-486C-99C9-B65C8C401EBC}" = EuroTalk Talk Now!
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIM_7" = AIM 7
"CCleaner" = CCleaner
"Celestia_is1" = Celestia 1.6.0
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Medical Coding Specialist Exam Review-Physician" = Medical Coding Specialist Exam Review-Physician
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PetzA_is1" = PetzA 2.2.5
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpeedFan" = SpeedFan (remove only)
"Tinker_is1" = Tinker 1.9.1
"UnityWebPlayer" = Unity Web Player
"VLC media player" = VLC media player 1.0.1
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"XP Codec Pack" = XP Codec Pack
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-57989841-602162358-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/29/2011 6:23:01 AM | Computer Name = TEMP | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 12 4.2.168.192.in-addr.arpa.
PTR temp.local.

Error - 8/8/2011 11:45:02 PM | Computer Name = TEMP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 3.0.8402.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 9/12/2011 6:22:28 PM | Computer Name = TEMP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 10/9/2011 11:10:46 PM | Computer Name = TEMP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0, P2 moaccapability, P3 3.0.8402.0, P4
0, P5 0, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 10/14/2011 7:25:15 PM | Computer Name = TEMP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 10/18/2011 6:33:42 PM | Computer Name = TEMP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0,
P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 10/22/2011 9:44:03 PM | Computer Name = TEMP | Source = Bonjour Service | ID = 100
Description = 212: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/22/2011 9:44:03 PM | Computer Name = TEMP | Source = Bonjour Service | ID = 100
Description = 392: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/22/2011 9:44:03 PM | Computer Name = TEMP | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 12/23/2011 12:59:55 PM | Computer Name = TEMP | Source = Microsoft Security Client | ID = 5000
Description =

[ System Events ]
Error - 9/8/2011 6:16:19 PM | Computer Name = TEMP | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 9/8/2011 6:16:19 PM | Computer Name = TEMP | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 9/12/2011 6:22:28 PM | Computer Name = TEMP | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.111.1933.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7604.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 10/14/2011 7:25:14 PM | Computer Name = TEMP | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.113.1622.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7702.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 10/18/2011 6:33:41 PM | Computer Name = TEMP | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.113.1870.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7702.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 12/23/2011 12:59:54 PM | Computer Name = TEMP | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.115.380.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%800 Update Type: %%803 User: TEMP\temp1 Current Engine Version: Previous Engine
Version: 1.1.7801.0 Error code: 0x80072f76 Error description: The requested header
was not found

Error - 12/23/2011 12:59:54 PM | Computer Name = TEMP | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.115.380.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%801 Update Type: %%803 User: TEMP\temp1 Current Engine Version: Previous Engine
Version: 1.1.7801.0 Error code: 0x80072f76 Error description: The requested header
was not found

Error - 12/23/2011 12:59:54 PM | Computer Name = TEMP | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.115.380.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%800 Update Type: %%803 User: TEMP\temp1 Current Engine Version: Previous Engine
Version: 1.1.7801.0 Error code: 0x80072f76 Error description: The requested header
was not found

Error - 12/23/2011 12:59:54 PM | Computer Name = TEMP | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.115.380.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%801 Update Type: %%803 User: TEMP\temp1 Current Engine Version: Previous Engine
Version: 1.1.7801.0 Error code: 0x80072f76 Error description: The requested header
was not found

Error - 10/23/2011 6:21:25 PM | Computer Name = TEMP | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.115.380.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error
code: 0x800704c7 Error description: The operation was canceled by the user.


< End of report >

[Render]

I'm sorry for the late reply. Somehow I missed your post. Please send me a Personal Message if that happen again.

Do the following:

Download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
  
  
• Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK button.
  
  
  
• Click the Start Scan button.
  
  
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  
  
• If malicious objects are found, they will show in the Scan results and offer three (3) options.
• Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  
  
  
• Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt".
Please copy and paste its contents on your next reply.

[Render]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.