Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Running super slow, intermittent internet, testendonline popups, shop


  • This topic is locked This topic is locked

#1
Maxihup

Maxihup

    Member

  • Member
  • PipPip
  • 64 posts
Clicked on a bad link and got an infection here. Computer is running super slow, testendonline.com and other popups, shop at home bar. The good news is I keep winning 100,000,000 visitor prizes!! Need some help. Thanks,


OTL log:

OTL logfile created on: 11/10/2011 8:21:16 PM - Run 6
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Documents and Settings\user1\Desktop\virus
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 63.89% Memory free
3.78 Gb Paging File | 3.39 Gb Available in Paging File | 89.86% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 29.46 Gb Free Space | 19.77% Space Free | Partition Type: NTFS

Computer Name: L1 | User Name: user1 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/06 12:31:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user1\Desktop\virus\OTL.exe
PRC - [2011/04/11 20:07:50 | 000,756,680 | ---- | M] (Immunet Corporation) -- C:\Program Files\Immunet Protect\2.0.17\agent.exe
PRC - [2010/12/30 04:23:20 | 000,874,832 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
PRC - [2010/12/21 12:05:52 | 000,548,864 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PrismXL.sys
PRC - [2010/12/16 19:14:52 | 001,597,120 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
PRC - [2010/12/16 19:09:54 | 001,509,312 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
PRC - [2010/10/06 05:56:16 | 002,002,728 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\Teamviewer\Version5\TeamViewer_Service.exe
PRC - [2010/10/06 05:56:12 | 006,265,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\Teamviewer\Version5\TeamViewer.exe
PRC - [2009/10/21 10:10:58 | 000,370,952 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe
PRC - [2009/07/17 07:32:00 | 003,576,320 | ---- | M] (Native Instruments GmbH) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
PRC - [2009/03/19 02:53:02 | 000,098,304 | ---- | M] () -- C:\WINDOWS\system32\DTS.exe
PRC - [2009/03/19 02:48:34 | 001,680,632 | ---- | M] (AuthenTec, Inc.) -- C:\WINDOWS\system32\AtService.exe
PRC - [2008/10/17 08:32:35 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/08/28 11:36:22 | 000,081,920 | ---- | M] (PatchLink Corporation) -- C:\Program Files\PatchLink\Update Agent\GravitixService.exe
PRC - [2008/08/28 11:35:54 | 000,847,872 | ---- | M] (PatchLink Corporation) -- C:\Program Files\PatchLink\Update Agent\pddm.exe
PRC - [2008/08/18 16:45:42 | 000,346,720 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2008/07/03 21:17:00 | 000,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2008/06/15 13:34:20 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/01/07 14:35:08 | 000,049,152 | ---- | M] () -- C:\Program Files\gAlwaysIdle\gidle.exe
PRC - [2007/09/13 19:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/01/04 17:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2007/01/01 15:22:02 | 003,776,512 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006/11/06 18:33:56 | 000,035,880 | ---- | M] (International Business Machines Corporation) -- C:\Program Files\Quest Software\Toad for Data Analysis Trial 1.0\DB2 Client\BIN\db2mgmtsvc.exe
PRC - [2006/11/03 17:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/05/23 19:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2004/07/20 10:34:28 | 000,851,968 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter2\brctrcen.exe
PRC - [2004/05/25 10:16:56 | 000,049,152 | ---- | M] (Brother Industories, Ltd.) -- C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
PRC - [2003/12/12 18:50:34 | 000,033,792 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2003/05/05 20:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe


========== Modules (SafeList) ==========

MOD - [2011/07/06 12:31:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user1\Desktop\virus\OTL.exe
MOD - [2008/04/14 03:42:52 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/01/09 04:40:18 | 000,065,536 | ---- | M] () -- C:\Program Files\gAlwaysIdle\gidle.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SessionLauncher)
SRV - File not found [Auto | Stopped] -- -- (r_server)
SRV - [2011/04/11 20:07:50 | 000,756,680 | ---- | M] (Immunet Corporation) [Auto | Running] -- C:\Program Files\Immunet Protect\2.0.17\agent.exe -- (ImmunetProtect)
SRV - [2011/04/04 09:04:39 | 000,326,224 | ---- | M] (Immunet) [On_Demand | Stopped] -- C:\Program Files\Immunet Protect\tetra\scan.dll -- (scan)
SRV - [2010/12/21 12:05:52 | 000,548,864 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PrismXL.sys -- (PrismXL)
SRV - [2010/12/16 19:14:52 | 001,597,120 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe -- (tmlisten)
SRV - [2010/12/16 19:09:54 | 001,509,312 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe -- (ntrtscan)
SRV - [2010/11/19 05:57:14 | 001,150,936 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/10/06 05:56:16 | 002,002,728 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\Teamviewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/06/29 11:20:40 | 000,497,080 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe -- (TmPfw)
SRV - [2010/06/15 11:34:30 | 000,345,424 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\..\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2010/04/25 00:36:36 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2010/03/15 13:02:36 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/07/17 07:32:00 | 003,576,320 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2009/05/07 12:52:30 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/19 02:55:36 | 000,118,784 | ---- | M] (AuthenTec,Inc) [On_Demand | Stopped] -- C:\WINDOWS\system32\FpLogonServ.exe -- (FingerprintServer)
SRV - [2009/03/19 02:53:02 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\DTS.exe -- (dtsvc)
SRV - [2009/03/19 02:52:56 | 000,106,496 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\ADMonitor.exe -- (ADMonitor)
SRV - [2009/03/19 02:48:34 | 001,680,632 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\WINDOWS\system32\AtService.exe -- (ATService)
SRV - [2008/08/28 11:36:22 | 000,081,920 | ---- | M] (PatchLink Corporation) [Auto | Running] -- C:\Program Files\PatchLink\Update Agent\GravitixService.exe -- (PatchLink Update)
SRV - [2008/08/18 16:45:42 | 000,346,720 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2008/06/15 13:34:20 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/04/25 06:15:24 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2007/01/04 17:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/06 18:35:10 | 000,014,376 | ---- | M] (International Business Machines Corporation) [On_Demand | Stopped] -- C:\Program Files\Quest Software\Toad for Data Analysis Trial 1.0\DB2 Client\BIN\db2sec.exe -- (DB2NTSECSERVER_TAEVAL10) DB2 Security Server (TAEVAL10)
SRV - [2006/11/06 18:33:56 | 000,035,880 | ---- | M] (International Business Machines Corporation) [Auto | Running] -- C:\Program Files\Quest Software\Toad for Data Analysis Trial 1.0\DB2 Client\BIN\db2mgmtsvc.exe -- (DB2MGMTSVC_TAEVAL10) DB2 Management Service (TAEVAL10)
SRV - [2006/11/03 17:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stop_Pending] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/05/23 19:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Stop_Pending] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/03/03 18:11:32 | 000,466,944 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbtcoms.exe -- (dlbt_device)
SRV - [2003/05/05 20:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)


========== Driver Services (SafeList) ==========

DRV - [2011/07/12 11:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter)
DRV - [2011/07/12 11:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2011/07/12 11:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\VsapiNT.sys -- (VSApiNt)
DRV - [2011/04/11 20:07:56 | 000,041,424 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ImmunetProtect.sys -- (ImmunetProtectDriver)
DRV - [2011/04/11 20:07:56 | 000,031,184 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ImmunetSelfProtect.sys -- (ImmunetSelfProtectDriver)
DRV - [2010/12/14 10:34:14 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/12/14 10:34:14 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/12/07 14:54:52 | 000,177,232 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/12/07 14:54:52 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/12/07 14:54:52 | 000,057,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/11/25 09:43:00 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/11/08 20:05:38 | 000,090,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010/07/21 15:47:00 | 000,341,584 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2010/07/18 20:58:34 | 000,822,400 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2010/07/16 13:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 13:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/05/10 12:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\user1\Local Settings\Temp\SAS_SelfExtract\saskutil.sys -- (SASKUTIL)
DRV - [2010/02/17 12:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\user1\Local Settings\Temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/08/20 10:19:18 | 000,033,920 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\covpndrv.sys -- (urvpndrv)
DRV - [2009/08/20 10:19:15 | 000,010,752 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\urfltw2k.sys -- (f5ipfw)
DRV - [2009/07/07 18:53:02 | 000,028,160 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2009/03/19 19:09:40 | 000,482,176 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/09/25 05:22:02 | 003,634,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/09/24 22:49:52 | 000,031,680 | R--- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2008/09/19 21:29:54 | 000,243,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2008/08/19 19:15:06 | 000,991,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/08/19 19:15:04 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/04/09 17:16:48 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/04/09 17:16:48 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/04/09 17:16:48 | 000,210,560 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/03/26 12:21:06 | 000,013,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (tpm)
DRV - [2008/03/26 12:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2008/02/15 16:01:00 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/01/03 12:32:52 | 002,782,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/07/30 09:54:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 08:42:00 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..keyword.URL: "http://websearch.ask...YYYYYYYYUS&&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@onlive.com/OlGameDetect,version=1.1.0.69034: C:\Program Files\OnLive\FirefoxPlugin\npolgdet.dll (OnLive)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\user1\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\user1\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\user1\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKLM\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/17 21:08:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/14 08:37:09 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/17 21:08:22 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/14 08:37:09 | 000,000,000 | ---D | M]

[2009/06/01 16:23:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user1\Application Data\Mozilla\Extensions
[2011/11/07 22:47:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\slul1wop.default\extensions
[2011/11/04 20:58:57 | 000,002,572 | ---- | M] () -- C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Profiles\slul1wop.default\searchplugins\askcom.xml
[2011/08/01 09:04:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/01 09:04:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\user1\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SLUL1WOP.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\user1\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SLUL1WOP.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\user1\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SLUL1WOP.DEFAULT\EXTENSIONS\[email protected]_EASIESTYOUTUBE.XPI
[2011/08/01 09:03:53 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/17 21:08:21 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/01 09:03:51 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/03/09 17:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2011/10/17 21:08:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DLBTCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.DLL ()
O4 - HKLM..\Run: [gidle] C:\Program Files\gAlwaysIdle\gidle.exe ()
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [Immunet Protect] C:\Program Files\Immunet Protect\2.0.17\iptray.exe (Immunet)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PDDM] C:\Program Files\PatchLink\Update Agent\pddm.exe (PatchLink Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [reCNnSpMgbpW.exe] C:\Documents and Settings\All Users\Application Data\reCNnSpMgbpW.exe (Recover Inc)
O4 - HKLM..\Run: [sealmon.exe] C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe (Oracle Corporation)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK = C:\Program Files\New Boundary\Client\LocalClient.EXE (New Boundary Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\user1\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\user1\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\user1\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - File not found
O15 - HKCU\..Trusted Domains: centerc.com ([access] http in Trusted sites)
O15 - HKCU\..Trusted Domains: centerc.com ([access] https in Trusted sites)
O15 - HKCU\..Trusted Domains: centerc.com ([magellan] * in Trusted sites)
O15 - HKCU\..Trusted Domains: centerc.com ([magellantest] * in Trusted sites)
O15 - HKCU\..Trusted Domains: centerc-ECAA189 ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: centerc-ECAA189 ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: centerc-ECAA189 ([centerc-ECAA189] http in Trusted sites)
O15 - HKCU\..Trusted Domains: centerclearning.com ([transform] * in Trusted sites)
O15 - HKCU\..Trusted Domains: concsolutions.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: cop.local ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: merchrs.com ([iefitcenter] https in Trusted sites)
O15 - HKCU\..Trusted Domains: reachingpeople.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: centerclea.com ([transform] * in Trusted sites)
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://ohc01:4343/o...ll/WinNTChk.cab (ObjWinNTCheck Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://ca01:4343/of...stall/setup.cab (OfficeScan Corp Edition Web-Deployment SetupCtrl Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} https://access.cente...1,2011,803,1915 (OPSWAT AntiViruses Class)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanne...yerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {21EC36C8-5D54-4EF8-AAFC-BE6D34661A2A} http://magellan.cent...tBound_mail.cab (Siebel Email Support for Microsoft Outlook and Lotus Notes)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} https://access.cente...,2010,1215,1100 (F5 Networks VPN Manager)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} https://www-307.ibm....ntent/AcpIR.cab (IASRunner Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} https://access.cente...1,2011,803,1915 (OPSWAT FireWalls Class)
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} https://ohcv01:4343/...root/AtxEnc.cab (Encrypt Class)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://access.cente...,2010,1215,1053 (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://access.cente...,2010,0617,2017 (F5 Networks Auto Update)
O16 - DPF: {49EC7987-E331-44E3-B170-748B58A268B9} https://access.cente...1,2011,803,1915 (OPSWAT ProcessesScanner Class)
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} https://access.cente...,2010,0617,2003 (F5 Networks Policy Agent Host Class)
O16 - DPF: {609DE3A4-42CB-4C10-8D47-67D81B53E59A} http://centerc.com/s...Ax_Calendar.cab (Siebel Calendar)
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} https://access.cente...,2008,0717,1602 (F5 Networks Static Application Tunnel Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8C244272-1DC1-4CE7-9C6C-FABCA09EB543} http://magellan.cent...Integration.cab (Siebel Desktop Integration)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://access.cente...1,2010,617,2010 (F5 Networks SuperHost Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://freetrial.we...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://access.cente...31,2010,902,806 (F5 Networks Host Control)
O16 - DPF: {E1025617-5E52-47B1-A865-AC4AD132A16B} http://magellan.cent...x_HI_Client.cab (Siebel High Interactivity Framework)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} https://access.cente...,2010,1005,1351 (F5 Networks OS Policy Agent)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} https://access.cente...1,2011,803,1915 (F5 Networks OPSWAT Helper Control)
O18 - Protocol\Handler\qrev {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - C:\Program Files\Quest Software\Toad for Oracle\RNetPin.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ATFUS: DllName - C:\WINDOWS\system32\FpWinLogonNp.dll - C:\WINDOWS\system32\FpWinlogonNp.dll (AuthenTec,Inc)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/17 21:01:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2c52f558-81e7-11de-9e82-0022fa93e9b0}\Shell\AutoRun\command - "" = E:\DRIVE\file.exe
O33 - MountPoints2\{2c52f558-81e7-11de-9e82-0022fa93e9b0}\Shell\open\command - "" = E:\DRIVE\file.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/10 15:43:18 | 000,498,688 | ---- | C] (Recover Inc) -- C:\Documents and Settings\All Users\Application Data\reCNnSpMgbpW.exe
[2011/11/10 14:54:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/11/10 14:18:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/11/10 14:18:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2011/11/10 14:04:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/11/10 13:16:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/11/10 13:15:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/11/08 21:30:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\Skype
[2011/11/08 21:29:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/11/08 21:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/11/08 21:29:50 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/11/08 21:13:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011/11/08 09:21:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Games
[2011/11/07 16:15:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Desktop\Neil Young Archives Volume 1 1963-72 (CD-Edition)
[2011/11/04 19:57:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\TruePianos Settings
[2011/11/04 19:56:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\My Documents\Native Instruments
[2011/11/04 19:55:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\Cakewalk
[2011/11/04 19:53:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{D69A48BF-7653-4AA8-94BC-5847522A4573}
[2011/11/04 19:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Digidesign
[2011/11/04 19:51:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Native Instruments
[2011/11/04 19:51:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}
[2011/11/04 19:50:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
[2011/11/04 19:50:24 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments
[2011/11/04 19:50:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments
[2011/11/04 19:50:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Native Instruments
[2011/11/04 19:31:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Identities
[2011/11/04 19:31:05 | 000,000,000 | ---D | C] -- C:\Cakewalk Projects
[2011/11/04 19:31:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cakewalk
[2011/11/04 19:21:36 | 000,368,640 | ---- | C] (Propellerhead Software AB) -- C:\WINDOWS\System32\ReWire.dll
[2011/11/04 19:11:45 | 000,000,000 | ---D | C] -- C:\Cakewalk Content
[2011/11/04 19:04:42 | 000,000,000 | ---D | C] -- C:\Program Files\Cakewalk
[2011/11/04 19:04:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2011/11/04 17:30:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Desktop\wios
[2011/11/04 16:59:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\ImgBurn
[2011/11/04 16:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2011/11/04 16:50:03 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011/11/04 16:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011/11/04 16:49:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Local Settings\Application Data\AskToolbar
[2011/11/04 16:39:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Desktop\Old Wil Pics
[2011/11/02 21:18:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Application Data\Voxatron
[2011/11/02 21:13:06 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/11/02 21:12:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Local Settings\Application Data\uTorrent
[2011/10/25 12:48:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Desktop\Orth Backup 2
[2011/10/25 09:09:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Desktop\ORTHPARENT BACKUP
[2011/10/24 12:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Desktop\Orthoddox_Parenting_Powerpoint
[2011/10/22 18:43:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Local Settings\Application Data\Logitech® Webcam Software
[2011/10/22 18:43:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
[2011/10/22 12:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2011/10/22 12:51:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Logitech
[2011/10/22 12:51:15 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2011/10/22 12:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2011/10/21 22:28:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Desktop\OrthParent
[2011/10/21 21:52:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Desktop\Building_Tomorrows_Church_Orthodox_Parenting2 (hrlocDBARBAT-D1's conflicted copy 2011-10-21)
[2011/10/21 19:51:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Local Settings\Application Data\TechSmith
[2011/10/21 19:44:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\My Documents\Camtasia Studio
[2011/10/21 19:42:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2011/10/21 19:42:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Camtasia Studio 7
[2011/10/21 19:41:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TechSmith Shared
[2011/10/21 19:41:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/10/21 19:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2011/10/21 19:33:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Bluetooth Software
[2011/10/21 19:33:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\My Documents\Bluetooth Exchange Folder
[2011/10/21 09:15:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\My Documents\Click Bump
[2011/10/17 14:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\My Documents\French Class
[2011/10/14 08:37:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\My Documents\My Widgets
[2011/10/14 08:37:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user1\Local Settings\Application Data\Yahoo
[2011/10/14 08:36:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Widgets
[2011/10/14 08:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[5 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/10 20:44:01 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/11/10 20:42:49 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4027829005-1107895287-290554039-19765UA.job
[2011/11/10 20:42:23 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/10 20:33:26 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/10 20:32:42 | 000,425,304 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\EMcGxdUaDTp.exe
[2011/11/10 20:27:14 | 000,467,832 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/10 20:27:14 | 000,087,716 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/10 20:20:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/10 20:20:30 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/10 20:19:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/10 18:31:23 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\MBR.dat
[2011/11/10 17:49:03 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/11/10 15:58:00 | 000,498,688 | ---- | M] (Recover Inc) -- C:\Documents and Settings\All Users\Application Data\reCNnSpMgbpW.exe
[2011/11/10 13:50:04 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/11/10 10:40:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4027829005-1107895287-290554039-19765Core.job
[2011/11/09 11:58:12 | 000,009,446 | ---- | M] () -- C:\WINDOWS\cfgall.ini
[2011/11/09 10:41:49 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Word 2007.lnk
[2011/11/08 21:37:55 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/11/08 13:32:26 | 000,000,155 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2011/11/08 12:50:35 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\Excel 2007.lnk
[2011/11/08 09:25:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\ic.ini
[2011/11/08 09:21:59 | 000,001,807 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Impossible Creatures.lnk
[2011/11/07 09:42:30 | 000,068,928 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/11/04 20:25:54 | 000,337,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/04 20:22:07 | 000,652,822 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/11/04 19:53:37 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Guitar Rig 4.lnk
[2011/11/04 19:31:05 | 000,001,765 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SONAR X1 Producer.lnk
[2011/11/04 16:50:10 | 000,001,555 | ---- | M] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/11/04 16:50:10 | 000,001,537 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2011/11/04 12:16:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/03 09:59:04 | 001,964,042 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\RichDadCancel.pdf
[2011/11/02 21:13:07 | 000,000,657 | ---- | M] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/11/02 21:13:07 | 000,000,639 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2011/11/02 14:28:19 | 002,017,652 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\chicago blues g.mp3
[2011/11/01 11:40:38 | 000,030,077 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\_102411.pdf
[2011/10/25 11:51:07 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2011/10/25 11:14:45 | 034,592,295 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\racter_policemansbeard[1].pdf
[2011/10/25 09:08:39 | 000,003,295 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\wp-config.php
[2011/10/25 09:04:10 | 000,000,397 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\index.php
[2011/10/25 08:36:30 | 000,005,252 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\sitemap.xml
[2011/10/24 14:35:33 | 000,000,269 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\preview.reg
[2011/10/24 14:34:36 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\REGEDIT4.reg
[2011/10/24 09:38:50 | 182,892,964 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\Parenting presentation_StConstantineand Helen_102211.camrec
[2011/10/23 08:55:30 | 000,000,053 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\google3982f3f06bcdfc58.html
[2011/10/22 12:51:18 | 000,001,270 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech Webcam Software .lnk
[2011/10/22 12:32:38 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\user1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/22 09:39:33 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\user1\Desktop\Microsoft Office PowerPoint 2007.lnk
[2011/10/21 19:42:12 | 000,000,902 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Camtasia Studio 7.lnk
[2011/10/14 08:37:29 | 000,000,743 | ---- | M] () -- C:\Documents and Settings\user1\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
[2011/10/13 11:37:19 | 000,164,381 | ---- | M] () -- C:\Documents and Settings\user1\My Documents\4bato.pdf
[5 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/10 19:12:16 | 000,425,304 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\EMcGxdUaDTp.exe
[2011/11/10 18:31:23 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\MBR.dat
[2011/11/08 21:29:52 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/11/08 20:44:01 | 000,139,552 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\DSC06398.JPG
[2011/11/08 20:43:56 | 000,144,338 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\DSC06385.JPG
[2011/11/08 09:25:41 | 000,000,027 | ---- | C] () -- C:\WINDOWS\ic.ini
[2011/11/08 09:21:59 | 000,001,807 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Impossible Creatures.lnk
[2011/11/04 19:53:37 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Guitar Rig 4.lnk
[2011/11/04 19:31:05 | 000,001,765 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SONAR X1 Producer.lnk
[2011/11/04 16:50:10 | 000,001,555 | ---- | C] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/11/04 16:50:10 | 000,001,537 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2011/11/04 16:49:54 | 000,000,240 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/11/04 16:43:58 | 629,145,600 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\MMM-16.iso
[2011/11/03 09:59:04 | 001,964,042 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\RichDadCanc.pdf
[2011/11/02 21:13:07 | 000,000,657 | ---- | C] () -- C:\Documents and Settings\user1\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/11/02 21:13:07 | 000,000,639 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2011/11/02 14:28:09 | 002,017,652 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\chicago blues g.mp3
[2011/10/25 11:14:32 | 034,592,295 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\racter_policemansbeard[1].pdf
[2011/10/25 09:04:10 | 000,000,397 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\index.php
[2011/10/25 08:36:30 | 000,005,252 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\sitemap.xml
[2011/10/25 08:32:38 | 000,003,295 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\wp-config.php
[2011/10/25 08:16:15 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/10/24 17:55:53 | 000,030,077 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\D_102411.pdf
[2011/10/24 14:35:31 | 000,000,269 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\preview.reg
[2011/10/24 14:34:36 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\REGEDIT4.reg
[2011/10/23 08:55:25 | 000,000,053 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\google3982f3f06bcdfc58.html
[2011/10/22 12:51:18 | 000,001,270 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech Webcam Software .lnk
[2011/10/22 10:35:00 | 182,892,964 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\Parenting presentation_StConstantineand Helen_102211.camrec
[2011/10/21 19:44:50 | 000,002,483 | ---- | C] () -- C:\Documents and Settings\user1\Desktop\Microsoft Office PowerPoint 2007.lnk
[2011/10/21 19:42:12 | 000,000,902 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Camtasia Studio 7.lnk
[2011/10/14 08:37:29 | 000,000,743 | ---- | C] () -- C:\Documents and Settings\user1\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
[2011/10/13 11:37:19 | 000,164,381 | ---- | C] () -- C:\Documents and Settings\user1\My Documents\ato.pdf
[2011/09/20 11:19:02 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2011/08/12 11:20:14 | 000,015,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2011/07/15 16:08:06 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/15 16:08:06 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/15 16:08:06 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/15 16:08:06 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/15 16:08:06 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/25 10:24:44 | 000,186,616 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/22 20:45:27 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\user1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/30 13:55:52 | 000,314,070 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/12/14 10:34:14 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010/12/14 10:34:14 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010/12/01 13:21:43 | 000,010,579 | ---- | C] () -- C:\WINDOWS\cfgwtp.ini
[2010/07/16 14:30:12 | 000,000,205 | ---- | C] () -- C:\WINDOWS\Hop.ini
[2010/07/14 11:49:55 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\user1\Application Data\winscp.rnd
[2010/07/09 13:55:03 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2010/06/15 13:52:41 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/05/18 12:44:31 | 000,000,067 | ---- | C] () -- C:\WINDOWS\ERK.INI
[2010/03/29 08:12:32 | 000,003,530 | ---- | C] () -- C:\Documents and Settings\user1\Local Settings\Application Data\springsettings.cfg
[2010/01/22 14:19:21 | 000,000,571 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2010/01/22 14:15:32 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsb.dll
[2010/01/22 14:15:32 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dlbtcub.dll
[2010/01/22 14:15:31 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlbtins.dll
[2010/01/22 14:15:31 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsr.dll
[2010/01/22 14:15:31 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
[2010/01/22 14:15:29 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2010/01/22 14:15:29 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2010/01/22 14:15:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll
[2010/01/22 14:15:28 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll
[2010/01/22 14:15:27 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2010/01/22 14:15:22 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2009/12/31 15:07:02 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/12/31 15:07:02 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2009/12/10 18:47:59 | 000,068,928 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/06/27 13:50:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2009/06/27 13:47:28 | 000,000,236 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/06/27 13:47:28 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/06/27 13:47:28 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2009/06/27 13:47:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2009/06/27 00:06:22 | 000,000,463 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/06/27 00:06:22 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/06/27 00:06:22 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2009/06/24 10:03:55 | 000,000,073 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2009/06/01 16:23:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/05/28 11:21:58 | 000,378,880 | ---- | C] () -- C:\WINDOWS\System32\KXauth.dll
[2009/05/15 17:17:40 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2009/05/15 17:17:19 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2009/05/07 13:16:20 | 000,009,446 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2009/05/07 01:46:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/05/07 01:46:42 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/05/07 01:46:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/05/07 01:46:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/05/07 01:46:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/05/07 01:46:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/04/23 06:56:40 | 002,026,604 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/04/23 06:56:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4990.dll
[2009/04/23 06:56:38 | 000,442,964 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/03/19 02:53:02 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\DTS.exe
[2009/03/19 02:52:56 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\ADMonitor.exe
[2009/01/05 07:27:08 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009/01/05 07:27:08 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/01/05 07:27:08 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/01/05 07:27:07 | 000,158,080 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/01/05 07:25:24 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/12/30 06:45:13 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/12/30 06:45:12 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/12/30 06:45:12 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/30 06:45:12 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/12/30 06:45:10 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/10/20 07:27:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/10/17 21:03:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/10/17 20:59:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/10/17 16:55:48 | 000,004,392 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/17 16:54:36 | 000,337,568 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/17 09:36:53 | 000,060,928 | ---- | C] () -- C:\WINDOWS\unleap.exe
[2008/10/17 09:33:04 | 000,029,728 | ---- | C] () -- C:\WINDOWS\System32\raddrv.dll
[2008/10/17 09:29:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/17 09:25:30 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/10/17 09:22:46 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\cwbrw.dll
[2008/10/17 09:22:46 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\cwbsv.dll
[2008/10/17 09:22:46 | 000,020,533 | ---- | C] () -- C:\WINDOWS\System32\cwbunplp.exe
[2008/10/17 09:22:46 | 000,020,528 | ---- | C] () -- C:\WINDOWS\System32\cwbwiz.dll
[2008/10/17 09:22:46 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbsy.dll
[2008/10/17 09:22:46 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbnl.dll
[2008/10/17 09:22:46 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbnldlg.dll
[2008/10/17 09:22:46 | 000,000,251 | ---- | C] () -- C:\WINDOWS\System32\drivers\hlldrvr.sys
[2008/10/17 09:22:45 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbco.dll
[2008/10/17 09:22:45 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbad.dll
[2008/10/17 08:32:40 | 000,457,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\mrxsmb.sys
[2008/10/17 08:31:05 | 000,008,636 | ---- | C] () -- C:\WINDOWS\modifyPE.exe
[2008/10/17 08:31:04 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll
[2008/10/17 08:31:03 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\cabarc.exe
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/08/18 16:44:34 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 03:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/12/31 05:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/11/14 11:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/08/23 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 06:00:00 | 000,467,832 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 06:00:00 | 000,087,716 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 06:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll
[2001/08/23 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 06:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/10/13 14:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2011/11/04 19:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2009/12/31 15:03:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/12/10 15:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DS Development
[2011/11/04 19:51:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Native Instruments
[2011/04/10 21:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/05/17 15:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCB Artist
[2009/05/28 11:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Quest Software
[2011/10/21 19:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/11/10 14:02:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/08 17:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TmForever
[2009/05/07 01:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2011/11/04 19:51:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}
[2011/09/19 15:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/23 14:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/11/04 19:53:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D69A48BF-7653-4AA8-94BC-5847522A4573}
[2011/11/04 19:50:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
[2010/09/21 11:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\.minecraft
[2009/12/07 22:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Amazon
[2011/11/04 19:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Cakewalk
[2008/10/17 09:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Canneverbe_Limited
[2011/04/10 19:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\DriverCure
[2011/11/10 20:24:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Dropbox
[2009/12/10 15:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\DS Development
[2011/11/10 09:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\emf
[2011/11/04 17:18:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\ImgBurn
[2011/04/04 09:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Immunet
[2009/06/01 21:18:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\InterVideo
[2010/12/29 10:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Jeskola
[2009/12/10 14:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\MAPILab Ltd
[2010/12/02 19:33:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\OnLive App
[2011/04/10 19:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\ParetoLogic
[2011/01/21 22:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\PriceGong
[2011/09/23 10:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\redsn0w
[2009/05/18 13:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Software
[2010/03/29 08:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\springsettings
[2010/07/14 11:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\SSH
[2010/12/21 12:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\TeamViewer
[2010/12/14 10:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Ubisoft
[2011/11/10 20:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\uTorrent
[2011/11/02 21:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Voxatron
[2011/04/24 13:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\wargaming.net
[2010/04/05 12:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\WarZone
[2011/09/30 10:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\webex
[2010/08/23 12:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Windows Desktop Search
[2010/08/23 13:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Windows Search
[2011/03/15 13:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Wizards of the Coast
[2011/03/25 10:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user1\Application Data\Xtranormal
[2011/11/10 20:49:06 | 000,000,240 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 238 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D282699C
@Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello Maxihup and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKLM..\Run: [reCNnSpMgbpW.exe] C:\Documents and Settings\All Users\Application Data\reCNnSpMgbpW.exe (Recover Inc)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O33 - MountPoints2\{2c52f558-81e7-11de-9e82-0022fa93e9b0}\Shell\AutoRun\command - "" = E:\DRIVE\file.exe
    O33 - MountPoints2\{2c52f558-81e7-11de-9e82-0022fa93e9b0}\Shell\open\command - "" = E:\DRIVE\file.exe
    [2011/11/10 15:43:18 | 000,498,688 | ---- | C] (Recover Inc) -- C:\Documents and Settings\All Users\Application Data\reCNnSpMgbpW.exe
    [2011/11/10 20:32:42 | 000,425,304 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\EMcGxdUaDTp.exe
    [2011/11/10 15:58:00 | 000,498,688 | ---- | M] (Recover Inc) -- C:\Documents and Settings\All Users\Application Data\reCNnSpMgbpW.exe

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • Malwarebytes log
It would be helpful if you could post each log in separate post
  • 0

#3
Maxihup

Maxihup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Ran fix above in OTL. Rebooted as needed and had explorer freeze upon saving log and had to reboot.Here is the log:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\reCNnSpMgbpW.exe deleted successfully.
C:\Documents and Settings\All Users\Application Data\reCNnSpMgbpW.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c52f558-81e7-11de-9e82-0022fa93e9b0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c52f558-81e7-11de-9e82-0022fa93e9b0}\ not found.
File E:\DRIVE\file.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c52f558-81e7-11de-9e82-0022fa93e9b0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c52f558-81e7-11de-9e82-0022fa93e9b0}\ not found.
File E:\DRIVE\file.exe not found.
File C:\Documents and Settings\All Users\Application Data\reCNnSpMgbpW.exe not found.
C:\Documents and Settings\All Users\Application Data\EMcGxdUaDTp.exe moved successfully.
File C:\Documents and Settings\All Users\Application Data\reCNnSpMgbpW.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\user1\Desktop\virus\cmd.bat deleted successfully.
C:\Documents and Settings\user1\Desktop\virus\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: user1
->Temp folder emptied: 666007749 bytes
->Temporary Internet Files folder emptied: 62283359 bytes
->Java cache emptied: 1231063 bytes
->Apple Safari cache emptied: 18544640 bytes
->Flash cache emptied: 95642 bytes

User: Default User
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 685958 bytes

User: NetworkService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 465135108 bytes
->Java cache emptied: 196863 bytes
->Flash cache emptied: 44987 bytes

User: selfhelp
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 192640 bytes
Windows Temp folder emptied: 35095903 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1502050639 bytes

Total Files Cleaned = 2,624.00 mb


OTL by OldTimer - Version 3.2.26.0 log created on 11112011_082720

Files\Folders moved on Reboot...
C:\Documents and Settings\user1\Local Settings\Temp\ExchangePerflog_8484fa314942f669ddcd67da.dat moved successfully.
File\Folder C:\Documents and Settings\user1\Local Settings\Temp\~DF98D9.tmp not found!
File\Folder C:\Documents and Settings\user1\Local Settings\Temp\~DF99E7.tmp not found!
File\Folder C:\Documents and Settings\user1\Local Settings\Temp\~DF9BBD.tmp not found!
File\Folder C:\Documents and Settings\user1\Local Settings\Temp\~DF9CD2.tmp not found!
File\Folder C:\Documents and Settings\user1\Local Settings\Temp\~DFA459.tmp not found!
File\Folder C:\Documents and Settings\user1\Local Settings\Temp\~DFA6EB.tmp not found!
C:\Documents and Settings\user1\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...
  • 0

#4
Maxihup

Maxihup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Has many issues on reboot. Freezes, no programs opening etc. Finally got MbAM to work after 4 reboots. Updated and scanned. Here is the log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8139

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/11/2011 9:56:01 AM
mbam-log-2011-11-11 (09-56-01).txt

Scan type: Quick scan
Objects scanned: 206592
Time elapsed: 13 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\6to4ex.dll (Trojan.Agent) -> Delete on reboot.
  • 0

#5
Maxihup

Maxihup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Still not running right. No programs run. Can't do anything.
  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Maxihup,

Let's take a deeper scan and see what is going on.

Step 1

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply

Step 3

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 4

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • aswMBR log
  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#7
Maxihup

Maxihup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
There is about a 30 second window when my computer first boots up that I can run a program in(safe mode does not do this same thing). After that it locks up hard and clicks do nothing.

Tried to run TDSSKiller and get the message 'program too big to fit into memory'

Tried TDSSKiller in safe mode and get the same thing...
  • 0

#8
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Maxihup,

Please try to run aswMBR or Combofix. If you manage to run ether of them please post logs for me. Try to run them in safe mode too.
  • 0

#9
Maxihup

Maxihup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Would only boot into safe mode.

Running aswMNB.exe


Just scanned, did not fix.

Log below

Had to email the log to myself(using my desktop to post, virus is on my laptop)


Getting www.windowslivetechsupport.com popups in IE.


aswMBR version 0.9.7.750 Copyright© 2011 AVAST Software
Run date: 2011-11-10 18:27:06
-----------------------------
18:27:06.296 OS Version: Windows 5.1.2600 Service Pack 3
18:27:06.296 Number of processors: 2 586 0x170A
18:27:06.296 ComputerName: L1 UserName: user1
18:27:39.125 Initialize success
18:28:23.296 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:28:23.296 Disk 0 Vendor: ST916082 3.CM Size: 152627MB BusType: 3
18:28:23.390 Disk 0 MBR read successfully
18:28:23.390 Disk 0 MBR scan
18:28:23.406 Disk 0 Windows XP default MBR code
18:28:23.406 Disk 0 MBR hidden
18:28:23.468 Disk 0 scanning sectors +312581792
18:28:23.640 Disk 0 scanning C:\WINDOWS\system32\drivers
18:28:34.234 File: C:\WINDOWS\system32\drivers\ati2mtag.sys **SUSPICIOUS**
18:28:42.750 File: C:\WINDOWS\system32\drivers\cdrom.sys **SUSPICIOUS**
18:29:22.671 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **SUSPICIOUS**
18:30:26.296 Service scanning
18:30:33.984 Disk 0 trace - called modules:
18:30:34.015 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x881b1f10]<<
18:30:34.031 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89e75ab8]
18:30:34.031 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> [0x88ce9f08]
18:30:34.031 \Driver\00003327[0x8919e4f8] -> IRP_MJ_CREATE -> 0x881b1f10
18:30:34.031 Scan finished successfully
18:31:23.562 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user1\Desktop\MBR.dat"
18:31:23.593 The log file has been saved successfully to "C:\Documents and Settings\user1\Desktop\aswMBR.txt"


aswMBR version 0.9.7.750 Copyright© 2011 AVAST Software
Run date: 2011-11-13 20:37:48
-----------------------------
20:37:48.859 OS Version: Windows 5.1.2600 Service Pack 3
20:37:48.859 Number of processors: 2 586 0x170A
20:37:48.859 ComputerName: L1 UserName: user1
20:38:09.875 Initialize success
20:38:19.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:38:19.187 Disk 0 Vendor: ST916082 3.CM Size: 152627MB BusType: 3
20:38:19.234 Disk 0 MBR read successfully
20:38:19.234 Disk 0 MBR scan
20:38:19.250 Disk 0 Windows XP default MBR code
20:38:19.250 Disk 0 MBR hidden
20:38:19.281 Disk 0 scanning sectors +312581792
20:38:19.484 Disk 0 scanning C:\WINDOWS\system32\drivers
20:38:27.343 File: C:\WINDOWS\system32\drivers\ati2mtag.sys **SUSPICIOUS**
20:38:37.000 File: C:\WINDOWS\system32\drivers\cdrom.sys **SUSPICIOUS**
20:39:13.109 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **SUSPICIOUS**
20:39:57.859 Service scanning
20:40:03.250 Disk 0 trace - called modules:
20:40:03.296 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86a8af10]<<
20:40:03.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a7d2030]
20:40:03.343 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> [0x86cc4f08]
20:40:03.375 \Driver\00000706[0x86ac4250] -> IRP_MJ_CREATE -> 0x86a8af10
20:40:03.421 Scan finished successfully
20:41:29.718 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user1\Desktop\MBR.dat"
20:41:29.765 The log file has been been saved successfully to "C:\Documents and Settings\user1\Desktop\aswMBR.txt"

Edited by Maxihup, 13 November 2011 - 08:55 PM.

  • 0

#10
Maxihup

Maxihup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Ran combofix. Stops on:

Can't write c:32788R22FWJFW\NirScript.dat
  • 0

Advertisements


#11
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Do you have recovery partition on your laptop? Recovery partition is part of the disk where Windows installation is saved so you can restore your notebook to factory settings.

Please download MBRCheck.exe to your desktop.

  • Double click to run it
  • It will prompt you with some text
  • A text file will be generated on your desktop
  • Now paste that text here for me.

  • 0

#12
Maxihup

Maxihup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Dunno if I have a recovery partition. If that needs to be done do I lose everything?

Here is the MBRCheck log

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 127):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF74D7000 fltMgr.sys
0xF7607000 ohci1394.sys
0xF7617000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF789B000 compbatt.sys
0xF789F000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF798B000 aliide.sys
0xF798D000 cmdide.sys
0xF798F000 toside.sys
0xF7991000 viaide.sys
0xF7993000 intelide.sys
0xF74B9000 pcmcia.sys
0xF7627000 MountMgr.sys
0xF749A000 ftdisk.sys
0xF7995000 dmload.sys
0xF7474000 dmio.sys
0xF770F000 PartMgr.sys
0xF78A3000 ACPIEC.sys
0xF7A50000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF7637000 VolSnap.sys
0xF745C000 atapi.sys
0xF7B0F000 iaStor.sys
0xF7647000 disk.sys
0xF7657000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF744A000 sr.sys
0xF740D000 PCTCore.sys
0xF7840000 pctDS.sys
0xBA75B000 pctEFA.sys
0xF7667000 PxHelp20.sys
0xBA6A4000 KSecDD.sys
0xBA691000 WudfPf.sys
0xBA604000 Ntfs.sys
0xBA5D7000 NDIS.sys
0xBA5BD000 Mup.sys
0xF7677000 agp440.sys
0xF76A7000 \SystemRoot\system32\DRIVERS\HECI.sys
0xBA433000 \SystemRoot\system32\DRIVERS\e1y5132.sys
0xF77C7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xBA40F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77F7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA3E7000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA06F000 \SystemRoot\system32\DRIVERS\NETw5x32.sys
0xBA05E000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xBA04A000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xB9FF8000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0xF7537000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7817000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB9FC0000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF79F9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7757000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA551000 \SystemRoot\system32\DRIVERS\tpm.sys
0xF7767000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0xF7527000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7517000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7507000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB9F9D000 \SystemRoot\system32\DRIVERS\ks.sys
0xF77BF000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xBA505000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF77DF000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xF77EF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xBA74B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA4F9000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9EBE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA71B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA6FB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB9EAD000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA6DB000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF775F000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7777000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7787000 \SystemRoot\system32\DRIVERS\covpndrv.sys
0xB9E7D000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF76E7000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB9E60000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0xB9E48000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0xF79FF000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB9DEA000 \SystemRoot\system32\DRIVERS\update.sys
0xBA471000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB9C31000 \SystemRoot\system32\DRIVERS\TM_CFW.sys
0xF7567000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7557000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7999000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7AAC000 \SystemRoot\System32\Drivers\Null.SYS
0xF799D000 \SystemRoot\System32\Drivers\Beep.SYS
0xF771F000 \SystemRoot\System32\drivers\vga.sys
0xB9B2B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xF79A1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF773F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF774F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA475000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB9AF8000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB9A9F000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB9A77000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB9A51000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB9A2F000 \SystemRoot\System32\drivers\afd.sys
0xBA6EB000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB9A04000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB9C0D000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA6CB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB9B47000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA6BB000 \SystemRoot\system32\drivers\libusb0.sys
0xB9974000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA491000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB9F55000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF781F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB9B7F000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xB9C19000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB987C000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xB9958000 \SystemRoot\System32\drivers\Dxapi.sys
0xF772F000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7A5B000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB9874000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB8823000 \SystemRoot\system32\DRIVERS\srv.sys
0xB9844000 \??\C:\DOCUME~1\user1\LOCALS~1\Temp\aswMBR.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 20):
0 System Idle Process
4 System
1348 C:\WINDOWS\system32\smss.exe
1404 csrss.exe
1428 C:\WINDOWS\system32\winlogon.exe
1472 C:\WINDOWS\system32\services.exe
1484 C:\WINDOWS\system32\lsass.exe
1644 C:\WINDOWS\system32\svchost.exe
1732 svchost.exe
264 C:\WINDOWS\system32\svchost.exe
280 svchost.exe
416 svchost.exe
860 C:\WINDOWS\explorer.exe
724 C:\WINDOWS\system32\ctfmon.exe
628 C:\32788R22FWJFW\iexplore.exe
3728 C:\Program Files\Internet Explorer\iexplore.exe
2676 C:\Program Files\Internet Explorer\iexplore.exe
2372 C:\WINDOWS\system32\taskmgr.exe
2216 C:\WINDOWS\system32\ping.exe
1292 C:\Documents and Settings\user1\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST9160827AS, Rev: 3.CMG

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:
  • 0

#13
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
We won't do any windows repair now. I just need to know that information about your system. Let's fix this.

Re-Run aswMBR

  • Click Scan
  • On completion of the scan
  • Click the FIXMBR button (DON'T press FIX button if it is enabled)
  • Save the log as before and post in your next reply

After this step please try to run TDSSKiller and post log as I describe before.
  • 0

#14
Maxihup

Maxihup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Scanned and ran FIXMBR Here ias the log. Should I reset before running TDSSKILLER?

aswMBR version 0.9.7.750 Copyright© 2011 AVAST Software
Run date: 2011-11-14 09:47:05
-----------------------------
09:47:05.734 OS Version: Windows 5.1.2600 Service Pack 3
09:47:05.734 Number of processors: 2 586 0x170A
09:47:05.734 ComputerName: L1 UserName: user1
09:47:40.203 Initialize success
09:47:58.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:47:58.187 Disk 0 Vendor: ST916082 3.CM Size: 152627MB BusType: 3
09:47:58.203 Disk 0 MBR read successfully
09:47:58.218 Disk 0 MBR scan
09:47:58.234 Disk 0 Windows XP default MBR code
09:47:58.250 Disk 0 MBR hidden
09:47:58.265 Disk 0 scanning sectors +312581792
09:47:58.375 Disk 0 scanning C:\WINDOWS\system32\drivers
09:47:59.234 File: C:\WINDOWS\system32\drivers\ati2mtag.sys **SUSPICIOUS**
09:48:00.312 File: C:\WINDOWS\system32\drivers\cdrom.sys **SUSPICIOUS**
09:48:05.140 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **SUSPICIOUS**
09:48:13.578 Service scanning
09:48:19.515 Disk 0 trace - called modules:
09:48:19.546 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86a8af10]<<
09:48:19.562 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a7d2030]
09:48:19.593 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> [0x86cc4f08]
09:48:19.625 \Driver\00000706[0x86ac4250] -> IRP_MJ_CREATE -> 0x86a8af10
09:48:19.671 Scan finished successfully
09:48:50.656 Verifying
09:49:00.687 Disk 0 Windows 501 MBR fixed successfully
09:49:32.125 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user1\Desktop\MBR.dat"
09:49:32.140 The log file has been saved successfully to "C:\Documents and Settings\user1\Desktop\aswMBR.txt"
09:50:00.671 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user1\Desktop\MBR.dat"
09:50:00.687 The log file has been saved successfully to "C:\Documents and Settings\user1\Desktop\aswMBRmonday.txt"
  • 0

#15
Maxihup

Maxihup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Have not rebooted yet.

Tried to run tdsskiller and got 'Program too big to fit in memory'

Edited by Maxihup, 14 November 2011 - 03:10 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP