Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Removed Virus now computer will not connect to the internet

Started by MikenAL , Dec 29 2011 06:15 PM

  • Please log in to reply

#1
MikenAL
Posted 29 December 2011 - 06:15 PM

MikenAL

    New Member

  • Member
  • Pip
  • 8 posts
Please help. My computer recently became infected with viruses and malware. It would re-direct me on websites when I tried to search for names of viruses, and take up CPU speed. After using a second computer and flash drive I removed a cloud a/v and ping.exe virus from my computer. I used forums to help with that. I installed the following programs to remove the viruses and malware:

Malware bytes' Anti-Malware
rkill
Ccleaner
Fix NCR.exe

After running these programs my computer seems to run normal without the memory being taken but it will not connect to the internet. I always receive the "IE cannot display the web page". After running the diagnose connection problems I receive problem with win sock provider catalog. A few hours ago I found a thread and performed the following:

Posted 30 September 2008 - 07:49 AM

try this...
TCP/IP stack repair options for use with Windows XP with SP2.
For these commands click on Start.... Run..... type in...CMD ....to open a command prompt box Reset WINSOCK entries to installation defaults...type in ... netsh winsock reset catalog .... press ...enter Reset TCP/IP stack to installation defaults...type in...... netsh int ip reset reset.log ... press ...enter
then...
Please go to the malware forum Start HERE....

That will help you clean up 80 percent of all problems by yourself. If at the end of the process you are still having difficulty (and you may not be) then start a new topic in the MALWARE FORUM forum here...
if your still having problems AFTER getting a all clean from the malware guys...post back here

This post has been edited by happyrock: 01 October 2008 - 05:51 AM


Now I get a message that tells me to contact the company that provides Windows XP product support. I have checked all connections, rebooted router, etc.

My system stats:
Windows XP SP3
McAfee

Below is my OTL:

OTL logfile created on: 12/29/2011 4:38:21 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 79.33% Memory free
3.85 Gb Paging File | 3.32 Gb Available in Paging File | 86.26% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 98.62 Gb Free Space | 66.17% Space Free | Partition Type: NTFS
Drive E: | 461.74 Mb Total Space | 421.71 Mb Free Space | 91.33% Space Free | Partition Type: FAT

Computer Name: HP25032670924 | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/29 16:35:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
PRC - [2011/12/03 16:51:37 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/09/23 19:46:28 | 001,195,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/04/14 13:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2011/04/14 13:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011/03/13 10:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 18:12:14 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
PRC - [2005/10/15 03:01:00 | 000,114,688 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic Shared\CineTray.exe
PRC - [2005/10/04 16:23:10 | 000,086,016 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2005/09/28 03:10:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/08/23 10:39:40 | 000,147,456 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\BellSouthBrowser.exe
PRC - [2005/03/06 21:52:20 | 000,476,160 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2005/03/06 21:52:16 | 000,276,480 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsty.exe


========== Modules (No Company Name) ==========

MOD - [2009/10/23 17:01:58 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/03 16:51:37 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/14 13:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/04/14 13:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/03/13 10:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2011/02/02 10:57:54 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/10/07 19:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/09/22 15:31:56 | 000,856,064 | ---- | M] () [Auto | Stopped] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2009/03/03 12:53:08 | 000,033,176 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2005/03/06 21:52:20 | 000,476,160 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)


========== Driver Services (SafeList) ==========

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/04/14 13:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 13:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 13:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/04/14 13:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/04/14 13:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 13:01:38 | 000,084,200 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/04/14 13:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 13:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/03/13 10:20:10 | 000,459,728 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/03/13 10:20:10 | 000,118,784 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/07/27 03:47:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/07/27 03:47:10 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/02/11 06:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2006/03/17 10:24:10 | 001,520,640 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/09/28 03:10:00 | 000,092,700 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/28 03:10:00 | 000,087,004 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/28 03:10:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/28 03:10:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/28 03:10:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/28 03:10:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/28 03:10:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/23 16:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/07/07 07:03:34 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/07/07 07:02:56 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/04/07 23:25:34 | 000,132,352 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/03/04 15:21:36 | 000,065,664 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp)
DRV - [2005/01/07 12:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hdaudio.sys -- (HdAudAddService)
DRV - [2004/11/22 17:36:39 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/11/22 17:36:34 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2004/08/03 18:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 18:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 18:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 18:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 18:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 18:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 18:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 18:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 18:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 18:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 18:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 18:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 18:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 18:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 18:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2002/04/04 00:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hometab.bellsouth.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.att.net
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.att.net"
FF - prefs.js..extensions.enabledItems: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {efa37648-2754-4e3b-ad97-dc088c8805cd}:1.0.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:5.2.0.0
FF - prefs.js..keyword.URL: "http://www.bing.com/...te=20111008&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 54505
FF - prefs.js..network.proxy.type: 1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.Guffins.com/Plugin: C:\Program Files\GuffinsEI\Installr\1.bin\NPu4EISB.dll (Guffins)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Mike\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\WINDOWS\Downloaded Program Files\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Mike\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Documents and Settings\Mike\Local Settings\Application Data\RobloxVersions\version-fb3436d54f9e4598\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Mike\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/09 16:12:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/02 14:27:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/12 13:46:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Mike\Application Data\Move Networks [2009/12/01 13:17:35 | 000,000,000 | ---D | M]

[2009/09/26 09:17:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Extensions
[2011/11/27 17:28:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions
[2009/09/26 09:34:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/08 06:52:52 | 000,000,000 | ---D | M] (Outspark Toolbar) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\{efa37648-2754-4e3b-ad97-dc088c8805cd}
[2010/12/15 11:34:58 | 000,000,000 | ---D | M] (ShopAtHome.com Intelligent Shopping Toolbar) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\[email protected]
[2011/10/08 06:52:58 | 000,001,945 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\searchplugins\bing-zugo.xml
[2009/09/26 09:13:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/01 13:17:35 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\MIKE\APPLICATION DATA\MOVE NETWORKS
[2011/11/09 16:12:10 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/04/14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2009/11/19 15:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/19 15:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2011/12/29 16:18:35 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20111002152702.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Outspark Toolbar) - {efa37648-2754-4e3b-ad97-dc088c8805cd} - C:\Program Files\outsparktoolbar\vmntemplateX.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Outspark Toolbar) - {efa37648-2754-4e3b-ad97-dc088c8805cd} - C:\Program Files\outsparktoolbar\vmntemplateX.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\hdashcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MotiveReportAgent] C:\Program Files\Common Files\Motive\McciBootStrapper.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [SelectRebates] C:\Program Files\SelectRebates\SelectRebates.exe File not found
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.cartoonne...all/index.html" File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Documents and Settings\Mike\Desktop\PartyPoker.net.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Documents and Settings\Mike\Desktop\PartyPoker.net.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll File not found
O15 - HKCU\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: bellsouth.net ([hometab] http in Trusted sites)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.co...ebInstaller.cab (SOE Web Installer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1240418678484 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1240490776671 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin..../p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0AFF4B2-6068-4E9F-BB7D-4DB05BEF876A}: DhcpNameServer = 192.168.1.254 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/29 16:37:48 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2011/12/29 16:23:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/12/29 16:18:58 | 000,000,000 | ---D | C] -- C:\ERDNT
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/29 16:35:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2011/12/29 16:23:57 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/29 16:23:24 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2011/12/29 16:20:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/29 16:20:38 | 2146,848,768 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/29 16:18:35 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/29 16:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2011/12/29 16:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2011/12/29 15:32:28 | 000,648,704 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\MicrosoftFixit50267.msi
[2011/12/29 15:31:26 | 000,650,240 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\MicrosoftFixit50203.msi
[2011/12/28 10:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011/12/28 10:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011/12/26 13:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2011/12/26 13:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2011/12/26 12:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2011/12/26 12:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2011/12/21 23:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2011/12/21 23:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2011/12/21 22:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2011/12/21 22:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2011/12/10 18:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2011/12/10 18:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2011/12/09 17:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2011/12/09 17:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2011/12/09 15:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2011/12/09 15:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2011/12/09 14:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2011/12/09 14:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2011/12/09 11:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2011/12/09 11:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011/12/09 09:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011/12/09 09:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2011/12/09 08:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2011/12/09 08:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011/12/09 07:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2011/12/09 07:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2011/12/09 06:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2011/12/09 06:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011/12/09 05:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011/12/09 05:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2011/12/09 04:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011/12/09 04:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2011/12/09 03:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2011/12/09 03:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2011/12/09 02:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2011/12/09 02:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2011/12/09 01:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/12/09 01:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/12/09 00:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/12/09 00:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/12/08 21:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2011/12/08 21:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2011/12/08 20:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2011/12/08 20:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2011/12/08 19:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2011/12/08 19:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2011/12/03 16:30:22 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/03 12:02:57 | 025,051,846 | ---- | M] () -- C:\BellSouthIW.re~
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/29 15:35:04 | 000,648,704 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\MicrosoftFixit50267.msi
[2011/12/29 15:35:01 | 000,650,240 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\MicrosoftFixit50203.msi
[2011/12/03 12:02:23 | 025,051,846 | ---- | C] () -- C:\BellSouthIW.re~
[2011/11/23 09:57:35 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\EqYh3Yq.dat
[2011/10/08 08:47:41 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2011/10/08 08:47:41 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2011/02/10 00:14:12 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/15 09:34:49 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS69.DLL
[2010/01/31 13:00:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2009/11/14 15:13:40 | 000,074,816 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/26 14:06:30 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/09/26 09:17:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/09/05 12:50:38 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/05/02 17:29:37 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\fusioncache.dat
[2009/05/02 15:26:35 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2009/05/02 15:26:34 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2009/04/23 06:22:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/04/22 11:26:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/04/22 11:24:46 | 000,000,222 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/04/22 11:22:13 | 000,001,996 | ---- | C] () -- C:\WINDOWS\System32\drivers\HDACfg.dat
[2009/04/22 11:22:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/04/22 11:20:42 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/04/22 11:10:05 | 000,121,995 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/04/22 11:03:20 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/04/22 11:02:52 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/04/22 11:02:47 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/04/22 11:02:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/04/22 11:01:16 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2009/04/22 10:50:47 | 000,000,785 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/05/26 19:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 19:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 08:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 08:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 08:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/12/29 15:47:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 11:53:59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/09 14:44:34 | 000,465,838 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/09 14:44:34 | 000,079,598 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/09 14:40:44 | 000,341,832 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/09 14:33:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/09 14:28:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/01/07 13:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/17 14:30:26 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/17 14:30:26 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/17 14:15:40 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/07/21 15:36:50 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/07/21 15:36:06 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== LOP Check ==========

[2011/11/27 20:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2010/11/06 11:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/10/18 17:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/02/13 20:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2011/10/08 06:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/12/14 13:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Learning Company
[2010/04/27 07:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/14 14:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/02 16:28:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/12/03 12:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\74CD5
[2009/10/18 17:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Autodesk
[2011/11/23 09:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\EqqqhYXXwkVrlBx
[2011/11/23 10:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\eRL9gTTXqUekBr
[2011/11/23 09:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\g99hhTXXwjC
[2010/12/14 13:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\InterTrust
[2011/11/23 11:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\jNNyxA0uvS2bFpG
[2011/11/23 19:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\JZZ9hYXwkUVlBPy
[2011/11/23 09:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\kQQJJ6ddEKf
[2009/09/12 16:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Leadertech
[2009/11/17 18:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\LEGO Company
[2011/11/23 09:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\nQQJJ7dEE8gR
[2011/11/23 10:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\oAA11vvD2bF
[2011/10/08 06:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\outsparktoolbar
[2011/11/23 11:46:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\P00ycAA1iD3n4m
[2011/11/23 19:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\p333onGQH6W7f9T
[2011/07/20 09:28:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Sony Online Entertainment
[2011/11/23 19:48:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\TcSS1ivDonGamsK
[2010/01/01 20:33:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Unity
[2011/10/08 06:54:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\vmntemplate
[2009/05/02 17:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Windows Desktop Search
[2009/09/26 13:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Windows Search
[2011/11/23 19:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\XmmGG5QJ7dE8gZh
[2011/12/09 00:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/12/09 04:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2011/12/09 05:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2011/12/09 05:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2011/12/09 06:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2011/12/09 06:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2011/12/09 07:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2011/12/09 07:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2011/12/09 08:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2011/12/09 08:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2011/12/09 09:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2011/12/09 00:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011/12/09 09:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2011/12/28 10:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2011/12/28 10:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2011/12/09 11:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2011/12/09 11:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2011/12/26 12:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2011/12/26 12:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2011/12/26 13:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2011/12/26 13:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2011/12/09 14:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2011/12/09 01:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2011/12/09 14:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2011/12/09 15:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2011/12/09 15:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2011/12/29 16:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2011/12/29 16:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2011/12/09 17:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2011/12/09 17:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2011/12/10 18:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2011/12/10 18:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2011/12/08 19:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2011/12/09 01:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2011/12/08 19:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2011/12/08 20:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2011/12/08 20:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2011/12/08 21:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2011/12/08 21:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2011/12/21 22:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2011/12/21 22:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2011/12/21 23:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2011/12/21 23:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2011/12/09 02:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2011/12/09 02:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2011/12/09 03:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2011/12/09 03:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2011/12/09 04:00:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
RKinner
Posted 29 December 2011 - 10:58 PM

RKinner

    Malware Expert

  • Expert
  • 24,748 posts
  • MVP
In FireFox, (Tools or the Firefox button), Options, Advanced, Settings, check No Proxy then OK. Close Firefox and restart Firefox.

Start, Run, cmd, OK. Type with an Enter after each line:

cd  \windows\tasks

del  AT*.job


sc  start  dhcp

Does this say it is already running?

NO=> 
sc  start  afd  
sc  start  netbt   
sc  start  tcpip
sc  start  ipsec
Which one doesn't say it is already running? Go to XXXX.

YES=>
ipconfig  /release

ipconfig  /renew

Do you get an error?

NO=> 
nslookup  att.com

Does it give you 2 ip addresses?

XXXX

If you did not run Combofix, TDSSKILLER and aswMBR before you need to run them now. rkill and mbam are not enough to really remove the malware:

ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Ron
  • 0

#3
MikenAL
Posted 30 December 2011 - 11:55 AM

MikenAL

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Okay, here is what I get when I did the following:

sc start dhcp
StartService Failed 1068:
The dependency service or group has failed to start

sc start afd
StartService Failed 1056:
An instance is already running

sc start netbt
StartService Failed 1056:
An instance is already running

sc start tcpip
StatService Failed 1075:
The dependency service does not exist or has been marked for deletion

sc start ipsec
StartService: OpenService Failed 1060:
The specified service does not exist as an installed service

ipconfig /release
Windows IP Configuration
An internal error occured: The request is not supported.
Please contact Microsoft Product Support Services for further help.
Additional information: Unable to querry host name.

ipconfig /renew
Windows IP Configuration
An internal error occured: The request is not supported.
Please contact Microsoft Product Support Services for further help.
Additional information: Unable to querry host name.

nslookup att.com
***Default services not available
Server: Unknown
Address: (it gave me an ip address)
**Unknown can't find att.com: No response from server

Here is the log file from ComboFix
During the process it told me that I had Rootkit.zerroaccess installed in the tcp/ip stack

ComboFix 11-12-29.05 - Mike 12/30/2011 11:15:49.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1470 [GMT -6:00]
Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\searchplugins\bing-zugo.xml
c:\program files\GuffinsEI
c:\program files\GuffinsEI\Installr\1.bin\NPu4EISb.dll
c:\program files\GuffinsEI\Installr\1.bin\u4EIPlug.dll
c:\program files\LP
c:\program files\LP\7A67\79.tmp
c:\program files\LP\7A67\7F.tmp
c:\program files\LP\7A67\B.tmp
c:\windows\$NtUninstallKB46295$
c:\windows\$NtUninstallKB46295$\1906099531\@
c:\windows\$NtUninstallKB46295$\1906099531\bckfg.tmp
c:\windows\$NtUninstallKB46295$\1906099531\cfg.ini
c:\windows\$NtUninstallKB46295$\1906099531\Desktop.ini
c:\windows\$NtUninstallKB46295$\1906099531\keywords
c:\windows\$NtUninstallKB46295$\1906099531\kwrd.dll
c:\windows\$NtUninstallKB46295$\1906099531\L\nnznorar
c:\windows\$NtUninstallKB46295$\1906099531\lsflt7.ver
c:\windows\$NtUninstallKB46295$\1906099531\U\00000001.@
c:\windows\$NtUninstallKB46295$\1906099531\U\00000002.@
c:\windows\$NtUninstallKB46295$\1906099531\U\00000004.@
c:\windows\$NtUninstallKB46295$\1906099531\U\80000000.@
c:\windows\$NtUninstallKB46295$\1906099531\U\80000004.@
c:\windows\$NtUninstallKB46295$\1906099531\U\80000032.@
c:\windows\$NtUninstallKB46295$\3386358952
c:\windows\Downloaded Installations\BMP
c:\windows\Downloaded Installations\BMP\{088D3F8A-9DB5-46AF-94A3-35E294E1B7ED}\1033.MST
c:\windows\Downloaded Installations\BMP\{088D3F8A-9DB5-46AF-94A3-35E294E1B7ED}\BMP.msi
F:\autorun.inf
F:\setup.exe
.
c:\windows\system32\drivers\ipsec.sys was missing
Restored copy from - c:\windows\system32\dllcache\ipsec.sys
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-30 )))))))))))))))))))))))))))))))
.
.
2011-12-30 17:25 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2011-12-30 17:25 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\dllcache\ipsec.sys
2011-12-29 22:18 . 2011-12-29 22:19 -------- d-----w- C:\ERDNT
2011-12-03 17:54 . 2011-12-03 17:54 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2004-08-04 07:56 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-14 19:01 . 2011-10-02 20:27 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{efa37648-2754-4e3b-ad97-dc088c8805cd}]
2011-08-25 17:01 81920 ----a-w- c:\program files\outsparktoolbar\vmntemplateX.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{efa37648-2754-4e3b-ad97-dc088c8805cd}"= "c:\program files\outsparktoolbar\vmntemplateX.dll" [2011-08-25 81920]
.
[HKEY_CLASSES_ROOT\clsid\{efa37648-2754-4e3b-ad97-dc088c8805cd}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-10-08 3077528]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 45056]
"PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2005-10-04 86016]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2005-03-07 276480]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-28 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-24 1195408]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"MotiveReportAgent"="c:\program files\Common Files\Motive\McciBootStrapper.exe" [2004-06-25 204800]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Sonic CinePlayer Quick Launch.lnk - c:\program files\Common Files\Sonic Shared\CineTray.exe [2005-10-15 114688]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Documents and Settings\\Mike\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Documents and Settings\\Mike\\Application Data\\Sony Online Entertainment\\Installed Games\\Clone Wars\\CloneWars.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10284:UDP"= 10284:UDP:Xbox
"10280:UDP"= 10280:UDP:Xbox
"10282:UDP"= 10282:UDP:Xbox
"10281:UDP"= 10281:UDP:Xbox
"56907:TCP"= 56907:TCP:Pando Media Booster
"56907:UDP"= 56907:UDP:Pando Media Booster
"57691:TCP"= 57691:TCP:Pando Media Booster
"57691:UDP"= 57691:UDP:Pando Media Booster
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [10/2/2011 2:26 PM 84200]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [7/18/2011 6:02 PM 116608]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/27/2011 3:02 PM 366152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/2/2011 2:26 PM 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/2/2011 2:26 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/2/2011 2:26 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [10/2/2011 2:27 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [10/2/2011 2:11 PM 148520]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [4/22/2009 11:24 AM 476160]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [10/2/2011 2:26 PM 56064]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/27/2011 3:02 PM 22216]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [10/2/2011 2:26 PM 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [10/2/2011 2:26 PM 88736]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [10/2/2011 2:26 PM 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [10/2/2011 2:26 PM 84488]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 1:56 AM 14336]
S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://hometab.bellsouth.net/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: $talisma_url$
Trusted Zone: bellsouth.net\hometab
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254 192.168.0.1
FF - ProfilePath - c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.att.net
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z142&form=ZGAADF&install_date=20111008&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Move Media Player: [email protected] - c:\documents and settings\Mike\Application Data\Move Networks
FF - Ext: ShopAtHome.com Intelligent Shopping Toolbar: [email protected] - %profile%\extensions\[email protected]
FF - Ext: OutsparkToolbar: {efa37648-2754-4e3b-ad97-dc088c8805cd} - %profile%\extensions\{efa37648-2754-4e3b-ad97-dc088c8805cd}
.
.
------- File Associations -------
.
.scr=DWGTrueViewScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-SelectRebates - c:\program files\SelectRebates\SelectRebates.exe
AddRemove-{318104DC-937D-4DF8-8E15-123B5C21D7A2} - c:\program files\InstallShield Installation Information\{318104DC-937D-4DF8-8E15-123B5C21D7A2}\setup.exe
AddRemove-{A9E27FF5-6294-46A8-B8FD-77B1DECA3021} - c:\program files\InstallShield Installation Information\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-30 11:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(632)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3264)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\TVersity\Media Server\MediaServer.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Motive\BellSouthBrowser.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-12-30 11:37:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-30 17:37
.
Pre-Run: 105,789,464,576 bytes free
Post-Run: 107,030,093,824 bytes free
.
- - End Of File - - CC5A8962244EEE2CB5DEA4CCAFECFC14


Here is the TDSS log

11:47:11.0260 2404 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
11:47:11.0572 2404 ============================================================
11:47:11.0572 2404 Current date / time: 2011/12/30 11:47:11.0572
11:47:11.0572 2404 SystemInfo:
11:47:11.0572 2404
11:47:11.0572 2404 OS Version: 5.1.2600 ServicePack: 3.0
11:47:11.0572 2404 Product type: Workstation
11:47:11.0572 2404 ComputerName: HP25032670924
11:47:11.0572 2404 UserName: Mike
11:47:11.0572 2404 Windows directory: C:\WINDOWS
11:47:11.0572 2404 System windows directory: C:\WINDOWS
11:47:11.0572 2404 Processor architecture: Intel x86
11:47:11.0572 2404 Number of processors: 2
11:47:11.0572 2404 Page size: 0x1000
11:47:11.0572 2404 Boot type: Normal boot
11:47:11.0572 2404 ============================================================
11:47:20.0213 2404 Initialize success
11:47:29.0010 3276 ============================================================
11:47:29.0010 3276 Scan started
11:47:29.0010 3276 Mode: Manual;
11:47:29.0010 3276 ============================================================
11:47:29.0447 3276 Abiosdsk - ok
11:47:29.0447 3276 abp480n5 - ok
11:47:29.0494 3276 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
11:47:29.0494 3276 ac97intc - ok
11:47:29.0541 3276 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:47:29.0541 3276 ACPI - ok
11:47:29.0556 3276 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:47:29.0556 3276 ACPIEC - ok
11:47:29.0572 3276 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:47:29.0572 3276 adpu160m - ok
11:47:29.0572 3276 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\system32\DRIVERS\adpu320.sys
11:47:29.0588 3276 adpu320 - ok
11:47:29.0603 3276 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:47:29.0603 3276 aec - ok
11:47:29.0650 3276 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:47:29.0650 3276 AFD - ok
11:47:29.0650 3276 Aha154x - ok
11:47:29.0666 3276 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:47:29.0666 3276 aic78u2 - ok
11:47:29.0697 3276 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:47:29.0697 3276 aic78xx - ok
11:47:29.0713 3276 AliIde - ok
11:47:29.0713 3276 amsint - ok
11:47:29.0728 3276 asc - ok
11:47:29.0744 3276 asc3350p - ok
11:47:29.0744 3276 asc3550 - ok
11:47:29.0760 3276 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:47:29.0760 3276 AsyncMac - ok
11:47:29.0775 3276 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:47:29.0775 3276 atapi - ok
11:47:29.0791 3276 Atdisk - ok
11:47:29.0869 3276 ati2mtag (7f629e438fdaece5de0069b753b3e767) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:47:29.0869 3276 ati2mtag - ok
11:47:29.0900 3276 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:47:29.0900 3276 Atmarpc - ok
11:47:29.0916 3276 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:47:29.0916 3276 audstub - ok
11:47:29.0931 3276 b57w2k (48bf91cffbcdd12a710207f2a08fec4d) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
11:47:29.0947 3276 b57w2k - ok
11:47:29.0947 3276 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:47:29.0947 3276 Beep - ok
11:47:29.0978 3276 Blfp (7f72473390feee312a66af045c8ef0f6) C:\WINDOWS\system32\DRIVERS\baspxp32.sys
11:47:29.0978 3276 Blfp - ok
11:47:29.0994 3276 catchme - ok
11:47:29.0994 3276 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:47:29.0994 3276 cbidf2k - ok
11:47:30.0010 3276 cd20xrnt - ok
11:47:30.0025 3276 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:47:30.0025 3276 Cdaudio - ok
11:47:30.0041 3276 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:47:30.0041 3276 Cdfs - ok
11:47:30.0056 3276 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:47:30.0056 3276 Cdrom - ok
11:47:30.0088 3276 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\WINDOWS\system32\drivers\cfwids.sys
11:47:30.0088 3276 cfwids - ok
11:47:30.0103 3276 Changer - ok
11:47:30.0119 3276 CmdIde - ok
11:47:30.0135 3276 Cpqarray - ok
11:47:30.0150 3276 dac2w2k - ok
11:47:30.0150 3276 dac960nt - ok
11:47:30.0166 3276 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:47:30.0166 3276 Disk - ok
11:47:30.0213 3276 DLABOIOM (9209f9f9d11d8cce6e70dfab46121776) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
11:47:30.0213 3276 DLABOIOM - ok
11:47:30.0228 3276 DLACDBHM (8d45ac148fd8c1a25204aeca1397fa7e) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
11:47:30.0228 3276 DLACDBHM - ok
11:47:30.0228 3276 DLADResN (84e8cd1b2ff95820fda0b56133ae8345) C:\WINDOWS\system32\DLA\DLADResN.SYS
11:47:30.0228 3276 DLADResN - ok
11:47:30.0260 3276 DLAIFS_M (5745f6c87059f3c5780f865b6f77574f) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
11:47:30.0260 3276 DLAIFS_M - ok
11:47:30.0260 3276 DLAOPIOM (a250df82edaac6d57f591295f7582b74) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
11:47:30.0275 3276 DLAOPIOM - ok
11:47:30.0275 3276 DLAPoolM (2583c82a8999523a8f056b040b3dee3d) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
11:47:30.0275 3276 DLAPoolM - ok
11:47:30.0291 3276 DLARTL_N (94accf8f7b87fbeaa27266927319e6ba) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
11:47:30.0291 3276 DLARTL_N - ok
11:47:30.0306 3276 DLAUDFAM (0e4a62d06f3e017488f037d053aba754) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
11:47:30.0306 3276 DLAUDFAM - ok
11:47:30.0322 3276 DLAUDF_M (e2306cc8e7a1c62ee7c2352143128520) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
11:47:30.0322 3276 DLAUDF_M - ok
11:47:30.0369 3276 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:47:30.0385 3276 dmboot - ok
11:47:30.0416 3276 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:47:30.0416 3276 dmio - ok
11:47:30.0431 3276 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:47:30.0431 3276 dmload - ok
11:47:30.0463 3276 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:47:30.0463 3276 DMusic - ok
11:47:30.0478 3276 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
11:47:30.0478 3276 dpti2o - ok
11:47:30.0494 3276 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:47:30.0494 3276 drmkaud - ok
11:47:30.0494 3276 DRVMCDB (ab6c5c26fff9b3c456aeaf7e0093c2fe) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
11:47:30.0510 3276 DRVMCDB - ok
11:47:30.0510 3276 DRVNDDM (4a307ade1638d9358b6eb90076481cc6) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
11:47:30.0510 3276 DRVNDDM - ok
11:47:30.0525 3276 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
11:47:30.0525 3276 E100B - ok
11:47:30.0541 3276 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:47:30.0556 3276 Fastfat - ok
11:47:30.0556 3276 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:47:30.0572 3276 Fdc - ok
11:47:30.0588 3276 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:47:30.0588 3276 Fips - ok
11:47:30.0588 3276 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:47:30.0588 3276 Flpydisk - ok
11:47:30.0635 3276 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:47:30.0635 3276 FltMgr - ok
11:47:30.0635 3276 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:47:30.0635 3276 Fs_Rec - ok
11:47:30.0650 3276 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:47:30.0650 3276 Ftdisk - ok
11:47:30.0666 3276 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:47:30.0681 3276 GEARAspiWDM - ok
11:47:30.0713 3276 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:47:30.0713 3276 Gpc - ok
11:47:30.0728 3276 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
11:47:30.0744 3276 HdAudAddService - ok
11:47:30.0760 3276 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:47:30.0760 3276 HDAudBus - ok
11:47:30.0775 3276 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:47:30.0775 3276 HidUsb - ok
11:47:30.0791 3276 hpn - ok
11:47:30.0822 3276 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:47:30.0822 3276 HTTP - ok
11:47:30.0838 3276 i2omgmt - ok
11:47:30.0853 3276 i2omp - ok
11:47:30.0869 3276 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:47:30.0869 3276 i8042prt - ok
11:47:30.0900 3276 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
11:47:30.0900 3276 i81x - ok
11:47:30.0931 3276 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
11:47:30.0931 3276 iAimFP0 - ok
11:47:30.0947 3276 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
11:47:30.0947 3276 iAimFP1 - ok
11:47:30.0947 3276 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
11:47:30.0947 3276 iAimFP2 - ok
11:47:30.0963 3276 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
11:47:30.0963 3276 iAimFP3 - ok
11:47:30.0978 3276 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
11:47:30.0978 3276 iAimFP4 - ok
11:47:30.0994 3276 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
11:47:30.0994 3276 iAimFP5 - ok
11:47:30.0994 3276 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
11:47:30.0994 3276 iAimFP6 - ok
11:47:31.0010 3276 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
11:47:31.0010 3276 iAimFP7 - ok
11:47:31.0025 3276 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
11:47:31.0025 3276 iAimTV0 - ok
11:47:31.0025 3276 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
11:47:31.0025 3276 iAimTV1 - ok
11:47:31.0041 3276 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
11:47:31.0041 3276 iAimTV3 - ok
11:47:31.0056 3276 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
11:47:31.0056 3276 iAimTV4 - ok
11:47:31.0056 3276 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
11:47:31.0072 3276 iAimTV5 - ok
11:47:31.0072 3276 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
11:47:31.0072 3276 iAimTV6 - ok
11:47:31.0103 3276 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:47:31.0103 3276 Imapi - ok
11:47:31.0119 3276 ini910u - ok
11:47:31.0244 3276 IntcAzAudAddService (a30685283f90ae02f1cd50972c6065e3) C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:47:31.0260 3276 IntcAzAudAddService - ok
11:47:31.0306 3276 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:47:31.0306 3276 IntelIde - ok
11:47:31.0338 3276 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:47:31.0338 3276 intelppm - ok
11:47:31.0353 3276 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:47:31.0353 3276 Ip6Fw - ok
11:47:31.0385 3276 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:47:31.0385 3276 IpFilterDriver - ok
11:47:31.0400 3276 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:47:31.0416 3276 IpInIp - ok
11:47:31.0431 3276 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:47:31.0431 3276 IpNat - ok
11:47:31.0478 3276 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:47:31.0478 3276 IPSec - ok
11:47:31.0494 3276 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:47:31.0494 3276 IRENUM - ok
11:47:31.0525 3276 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:47:31.0525 3276 isapnp - ok
11:47:31.0541 3276 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:47:31.0541 3276 Kbdclass - ok
11:47:31.0556 3276 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:47:31.0556 3276 kbdhid - ok
11:47:31.0572 3276 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:47:31.0572 3276 kmixer - ok
11:47:31.0588 3276 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:47:31.0603 3276 KSecDD - ok
11:47:31.0603 3276 lbrtfdc - ok
11:47:31.0650 3276 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
11:47:31.0650 3276 MBAMProtector - ok
11:47:31.0666 3276 MBAMSwissArmy - ok
11:47:31.0728 3276 mfeapfk (688b626fca708ee9eb161cad1f7363a9) C:\WINDOWS\system32\drivers\mfeapfk.sys
11:47:31.0728 3276 mfeapfk - ok
11:47:31.0775 3276 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\WINDOWS\system32\drivers\mfeavfk.sys
11:47:31.0775 3276 mfeavfk - ok
11:47:31.0775 3276 mfeavfk01 - ok
11:47:31.0806 3276 mfebopk (a528b15e330edb83ea649be318d841d5) C:\WINDOWS\system32\drivers\mfebopk.sys
11:47:31.0806 3276 mfebopk - ok
11:47:31.0822 3276 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\WINDOWS\system32\drivers\mfefirek.sys
11:47:31.0822 3276 mfefirek - ok
11:47:31.0838 3276 mfehidk (44184f32392fa2e94d08d056ce750d56) C:\WINDOWS\system32\drivers\mfehidk.sys
11:47:31.0853 3276 mfehidk - ok
11:47:31.0885 3276 mfendisk (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
11:47:31.0885 3276 mfendisk - ok
11:47:31.0885 3276 mfendiskmp (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
11:47:31.0885 3276 mfendiskmp - ok
11:47:31.0900 3276 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\WINDOWS\system32\drivers\mferkdet.sys
11:47:31.0900 3276 mferkdet - ok
11:47:31.0916 3276 mfetdi2k (25e12c68b49a64ffc873603dfd578236) C:\WINDOWS\system32\drivers\mfetdi2k.sys
11:47:31.0916 3276 mfetdi2k - ok
11:47:31.0947 3276 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:47:31.0947 3276 mnmdd - ok
11:47:31.0978 3276 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:47:31.0978 3276 Modem - ok
11:47:32.0010 3276 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:47:32.0010 3276 Mouclass - ok
11:47:32.0025 3276 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:47:32.0025 3276 mouhid - ok
11:47:32.0041 3276 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:47:32.0041 3276 MountMgr - ok
11:47:32.0041 3276 mraid35x - ok
11:47:32.0119 3276 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
11:47:32.0119 3276 MREMP50 - ok
11:47:32.0150 3276 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
11:47:32.0150 3276 MREMPR5 - ok
11:47:32.0166 3276 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
11:47:32.0166 3276 MRENDIS5 - ok
11:47:32.0181 3276 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
11:47:32.0181 3276 MRESP50 - ok
11:47:32.0197 3276 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:47:32.0197 3276 MRxDAV - ok
11:47:32.0244 3276 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:47:32.0244 3276 MRxSmb - ok
11:47:32.0275 3276 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:47:32.0275 3276 Msfs - ok
11:47:32.0291 3276 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:47:32.0291 3276 MSKSSRV - ok
11:47:32.0306 3276 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:47:32.0322 3276 MSPCLOCK - ok
11:47:32.0338 3276 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:47:32.0338 3276 MSPQM - ok
11:47:32.0353 3276 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:47:32.0353 3276 mssmbios - ok
11:47:32.0369 3276 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:47:32.0385 3276 Mup - ok
11:47:32.0400 3276 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:47:32.0400 3276 NDIS - ok
11:47:32.0416 3276 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:47:32.0416 3276 NdisTapi - ok
11:47:32.0431 3276 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:47:32.0447 3276 Ndisuio - ok
11:47:32.0478 3276 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:47:32.0478 3276 NdisWan - ok
11:47:32.0494 3276 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:47:32.0494 3276 NDProxy - ok
11:47:32.0510 3276 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:47:32.0510 3276 NetBIOS - ok
11:47:32.0541 3276 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:47:32.0541 3276 NetBT - ok
11:47:32.0572 3276 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:47:32.0572 3276 Npfs - ok
11:47:32.0588 3276 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:47:32.0603 3276 Ntfs - ok
11:47:32.0619 3276 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:47:32.0619 3276 Null - ok
11:47:32.0650 3276 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:47:32.0650 3276 NwlnkFlt - ok
11:47:32.0650 3276 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:47:32.0650 3276 NwlnkFwd - ok
11:47:32.0681 3276 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
11:47:32.0681 3276 P3 - ok
11:47:32.0713 3276 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
11:47:32.0713 3276 Parport - ok
11:47:32.0713 3276 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:47:32.0713 3276 PartMgr - ok
11:47:32.0744 3276 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:47:32.0744 3276 ParVdm - ok
11:47:32.0744 3276 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:47:32.0760 3276 PCI - ok
11:47:32.0760 3276 PCIDump - ok
11:47:32.0775 3276 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:47:32.0775 3276 PCIIde - ok
11:47:32.0806 3276 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:47:32.0806 3276 Pcmcia - ok
11:47:32.0822 3276 PDCOMP - ok
11:47:32.0838 3276 PDFRAME - ok
11:47:32.0838 3276 PDRELI - ok
11:47:32.0853 3276 PDRFRAME - ok
11:47:32.0869 3276 perc2 - ok
11:47:32.0869 3276 perc2hib - ok
11:47:32.0900 3276 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:47:32.0900 3276 PptpMiniport - ok
11:47:32.0916 3276 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:47:32.0931 3276 PSched - ok
11:47:32.0947 3276 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:47:32.0947 3276 Ptilink - ok
11:47:32.0963 3276 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:47:32.0978 3276 PxHelp20 - ok
11:47:32.0978 3276 ql1080 - ok
11:47:32.0994 3276 Ql10wnt - ok
11:47:32.0994 3276 ql12160 - ok
11:47:33.0010 3276 ql1240 - ok
11:47:33.0025 3276 ql1280 - ok
11:47:33.0025 3276 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:47:33.0041 3276 RasAcd - ok
11:47:33.0056 3276 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:47:33.0056 3276 Rasl2tp - ok
11:47:33.0072 3276 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:47:33.0072 3276 RasPppoe - ok
11:47:33.0088 3276 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:47:33.0088 3276 Raspti - ok
11:47:33.0103 3276 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:47:33.0103 3276 Rdbss - ok
11:47:33.0119 3276 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:47:33.0119 3276 RDPCDD - ok
11:47:33.0150 3276 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:47:33.0150 3276 rdpdr - ok
11:47:33.0197 3276 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
11:47:33.0197 3276 RDPWD - ok
11:47:33.0213 3276 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:47:33.0213 3276 redbook - ok
11:47:33.0291 3276 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
11:47:33.0291 3276 SASDIFSV - ok
11:47:33.0306 3276 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
11:47:33.0306 3276 SASKUTIL - ok
11:47:33.0338 3276 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:47:33.0338 3276 Secdrv - ok
11:47:33.0353 3276 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:47:33.0353 3276 serenum - ok
11:47:33.0369 3276 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:47:33.0369 3276 Serial - ok
11:47:33.0400 3276 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:47:33.0400 3276 Sfloppy - ok
11:47:33.0416 3276 Simbad - ok
11:47:33.0416 3276 Sparrow - ok
11:47:33.0463 3276 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:47:33.0463 3276 splitter - ok
11:47:33.0478 3276 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:47:33.0478 3276 sr - ok
11:47:33.0525 3276 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:47:33.0525 3276 Srv - ok
11:47:33.0541 3276 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:47:33.0541 3276 swenum - ok
11:47:33.0556 3276 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:47:33.0556 3276 swmidi - ok
11:47:33.0603 3276 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
11:47:33.0603 3276 symc810 - ok
11:47:33.0619 3276 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
11:47:33.0619 3276 symc8xx - ok
11:47:33.0635 3276 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\WINDOWS\system32\DRIVERS\symmpi.sys
11:47:33.0635 3276 Symmpi - ok
11:47:33.0635 3276 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
11:47:33.0650 3276 sym_hi - ok
11:47:33.0650 3276 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
11:47:33.0650 3276 sym_u3 - ok
11:47:33.0681 3276 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:47:33.0681 3276 sysaudio - ok
11:47:33.0728 3276 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:47:33.0728 3276 Tcpip - ok
11:47:33.0775 3276 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
11:47:33.0775 3276 Tcpip6 - ok
11:47:33.0791 3276 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:47:33.0806 3276 TDPIPE - ok
11:47:33.0822 3276 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:47:33.0822 3276 TDTCP - ok
11:47:33.0838 3276 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:47:33.0838 3276 TermDD - ok
11:47:33.0853 3276 TosIde - ok
11:47:33.0885 3276 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
11:47:33.0885 3276 tunmp - ok
11:47:33.0916 3276 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:47:33.0931 3276 Udfs - ok
11:47:33.0947 3276 ultra - ok
11:47:33.0994 3276 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
11:47:33.0994 3276 USBAAPL - ok
11:47:34.0025 3276 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:47:34.0025 3276 usbccgp - ok
11:47:34.0041 3276 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:47:34.0041 3276 usbehci - ok
11:47:34.0056 3276 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:47:34.0056 3276 usbhub - ok
11:47:34.0088 3276 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:47:34.0088 3276 usbprint - ok
11:47:34.0119 3276 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:47:34.0119 3276 usbscan - ok
11:47:34.0150 3276 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:47:34.0150 3276 USBSTOR - ok
11:47:34.0166 3276 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:47:34.0166 3276 usbuhci - ok
11:47:34.0197 3276 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:47:34.0197 3276 VgaSave - ok
11:47:34.0228 3276 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
11:47:34.0228 3276 ViaIde - ok
11:47:34.0244 3276 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:47:34.0244 3276 VolSnap - ok
11:47:34.0275 3276 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:47:34.0275 3276 Wanarp - ok
11:47:34.0275 3276 WDICA - ok
11:47:34.0306 3276 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:47:34.0306 3276 wdmaud - ok
11:47:34.0338 3276 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
11:47:34.0338 3276 WmiAcpi - ok
11:47:34.0400 3276 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:47:34.0416 3276 WudfPf - ok
11:47:34.0416 3276 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:47:34.0416 3276 WudfRd - ok
11:47:34.0431 3276 XDva385 - ok
11:47:34.0478 3276 MBR (0x1B8) (df9769dbafc477636448ab0154b8bbc9) \Device\Harddisk0\DR0
11:47:34.0650 3276 \Device\Harddisk0\DR0 - ok
11:47:35.0119 3276 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR2
11:47:35.0119 3276 \Device\Harddisk1\DR2 - ok
11:47:35.0135 3276 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk2\DR6
11:47:35.0838 3276 \Device\Harddisk2\DR6 - ok
11:47:35.0838 3276 Boot (0x1200) (c3ec1d32d5863ba6dd3c9f7c37db0020) \Device\Harddisk0\DR0\Partition0
11:47:35.0838 3276 \Device\Harddisk0\DR0\Partition0 - ok
11:47:35.0853 3276 Boot (0x1200) (2b1e36c70cf71a8b256010caa23ff396) \Device\Harddisk1\DR2\Partition0
11:47:35.0869 3276 \Device\Harddisk1\DR2\Partition0 - ok
11:47:35.0869 3276 Boot (0x1200) (3741a1fcba9f95487b05a9e55c6f42eb) \Device\Harddisk2\DR6\Partition0
11:47:35.0869 3276 \Device\Harddisk2\DR6\Partition0 - ok
11:47:35.0869 3276 ============================================================
11:47:35.0869 3276 Scan finished
11:47:35.0869 3276 ============================================================
11:47:35.0885 0680 Detected object count: 0
11:47:35.0885 0680 Actual detected object count: 0


Here is the aswMBR log file. The fix button was NOT enabled.

aswMBR version 0.9.9.1124 Copyright© 2011 AVAST Software
Run date: 2011-12-30 11:49:33
-----------------------------
11:49:33.447 OS Version: Windows 5.1.2600 Service Pack 3
11:49:33.447 Number of processors: 2 586 0x604
11:49:33.447 ComputerName: HP25032670924 UserName: Mike
11:49:33.947 Initialize success
11:49:52.322 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
11:49:52.322 Disk 0 Vendor: SAMSUNG_HD160JJ/P ZM100-43 Size: 152627MB BusType: 3
11:49:52.338 Disk 0 MBR read successfully
11:49:52.338 Disk 0 MBR scan
11:49:52.338 Disk 0 Windows XP default MBR code
11:49:52.338 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
11:49:52.338 Disk 0 scanning sectors +312560640
11:49:52.400 Disk 0 scanning C:\WINDOWS\system32\drivers
11:49:56.838 Service scanning
11:49:57.869 Modules scanning
11:50:00.713 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
11:50:01.306 Scan finished successfully
11:50:34.603 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mike\Desktop\MBR.dat"
11:50:34.603 The log file has been saved successfully to "C:\Documents and Settings\Mike\Desktop\aswMBR.txt"


thanks for the help.
  • 0

#4
RKinner
Posted 30 December 2011 - 12:16 PM

RKinner

    Malware Expert

  • Expert
  • 24,748 posts
  • MVP
OK. Looks like it ate ipsec.

Download and save the attached ipsec.zip file. Right click on it and Extract All. Find the ipsec.reg file and right click on it and MERGE. Find the Legacy_IPSEC.reg file and MERGE. Report any errors.

If you didn't get any errors then try the 

sc  start  ipsec

again. If it works (says it is already started or that it started) see if

sc  start  tcpip

will also start or say it is already started.

Then try

sc  start  dhcp

If all three work, reboot and see if you can get on line.



Run OTL, Quickscan and post the log.
  • 0

#5
MikenAL
Posted 30 December 2011 - 01:18 PM

MikenAL

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
well I tried the internet and it is working now. Thank you so much for the help. Is there anything else I need to do?
  • 0

#6
RKinner
Posted 30 December 2011 - 02:23 PM

RKinner

    Malware Expert

  • Expert
  • 24,748 posts
  • MVP
We need to clean up System Restore.

Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]
Run OTL. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

This thing likes to eat anti-virus programs so I think you should uninstall McAfee and install the free Avast. Run the boot-time scan then if you really want to you can uninstall Avast and reinstall McAfee.

Download and Save the free Avast installer.
http://www.avast.com...ivirus-download
Download the McAfee Removal tool
http://download.mcaf...atches/MCPR.exe
(If you think you might want to reinstall McAfee later then follow the instructions here to save your license info:
http://service.mcafe...spx?id=TS100507 )
Uninstall McAfee, run the McAfee uninstall tool, reboot.
Install Avast.

Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours so it's a good one to do just before you go to bed.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?

I think on XP systems the log file can be found in text form in C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report\aswboot.txt If you find it copy and paste it into the next reply.


Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.
  • 0

#7
MikenAL
Posted 30 December 2011 - 10:59 PM

MikenAL

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Okay made it through the Avast boot scan. It found 1 item:

12/30/2011 22:00
Scan of all local drives

File C:\Documents and Settings\Mike\Application Data\74CD5\54D9.4CD is infected by INI:Cycbot-gen [Trj], Moved to chest
File C:\Documents and Settings\Mike\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\quarantine.db|>data Error 42125 {ZIP archive is corrupted.}
File C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\g43kb6j34kblq6jh34kb6j3kl4.jar-13cb5c85-70ed7156.zip|>photo\Crop.class is infected by Java:Agent-ACY [Expl]




Vino's Event Viewer v01c run on Windows XP in English
Report run at 30/12/2011 10:58:14 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 30/12/2011 10:55:49 PM
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: i8042prt

Log: 'System' Date/Time: 30/12/2011 10:55:49 PM
Type: error Category: 0
Event: 7022 Source: Service Control Manager
The IPv6 Helper Service service hung on starting.

Log: 'System' Date/Time: 30/12/2011 10:54:25 PM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 30/12/2011 10:55:56 PM
Type: warning Category: 0
Event: 20192 Source: RemoteAccess
A certificate could not be found. Connections that use the L2TP protocol over IPSec require the installation of a machine certificate, also known as a computer certificate. No L2TP calls will be accepted.
  • 0

#8
RKinner
Posted 30 December 2011 - 11:52 PM

RKinner

    Malware Expert

  • Expert
  • 24,748 posts
  • MVP

The IPv6 Helper Service service hung on starting.


No need for it to run. Turn it off:

Control Panel > Network and Internet Connections > Network Connections > Select Local Area Connection > Properties button in the General Tab > Select Microsoft TCP/IP version 6 > Uninstall

The following boot-start or system-start driver(s) failed to load: i8042prt


This the keyboard driver. Let's see if there is anything strange about it:

Copy the text in the code box:

/md5start
i8042prt.sys
/md5stop

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

then Run Scan.

You will get one log. Please copy and paste to a reply.


A certificate could not be found. Connections that use the L2TP protocol over IPSec require the installation of a machine certificate, also known as a computer certificate. No L2TP calls will be accepted.


If you do not intend to use L2TP-type connections, you can eliminate this error message by following these steps:

Open the Routing and Remote Access snap-in in Microsoft Management Console (MMC) by clicking Start, pointing to Programs, pointing to Administrative Tools, and then clicking Routing and Remote Access.
Expand the appropriate server, right-click Ports and then click Properties.
Click WAN Miniport (L2TP), and then click Configure.
In the Maximum Ports box, click 0 (zero), and then click OK.
When you receive a warning dialog box, click Yes. Then, click OK in the Ports Properties dialog box.
Close the Routing and Remote Access snap-in.

Event ID 20192 does not occur on subsequent reboots.
Back to the top
REFERENCES
If you want to use L2TP connections on your server, click Start, click Help, click the Index tab, and then type l2tp. There are many topics to help you set up a certificate server and IP Security (IPSec).


The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


If you don't use this service (and you probably don't) you can turn it off.

Start, Run, services.msc, OK and then find Windows Media Player Network Sharing Service right click on it and select Properties. Change the Startup Type: to Disabled.
  • 0

#9
MikenAL
Posted 31 December 2011 - 12:10 AM

MikenAL

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I ran the OTL but not as Admin. I know this is crazy but cannot remember Admin password. Does that matter?


OTL logfile created on: 12/31/2011 12:00:58 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 70.75% Memory free
3.85 Gb Paging File | 3.37 Gb Available in Paging File | 87.51% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 99.76 Gb Free Space | 66.94% Space Free | Partition Type: NTFS
Drive F: | 931.28 Gb Total Space | 911.34 Gb Free Space | 97.86% Space Free | Partition Type: FAT32

Computer Name: HP25032670924 | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/29 16:35:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
PRC - [2011/12/07 05:16:29 | 001,047,096 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011/12/03 16:51:37 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/11/28 12:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009/09/22 15:31:56 | 000,856,064 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
PRC - [2009/04/22 11:19:23 | 000,241,772 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
PRC - [2009/04/22 11:19:23 | 000,036,972 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0\bin\jusched.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/01/02 19:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/10/15 03:01:00 | 000,114,688 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic Shared\CineTray.exe
PRC - [2005/10/04 16:23:10 | 000,086,016 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2005/09/28 03:10:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/03/06 21:52:20 | 000,476,160 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2005/03/06 21:52:16 | 000,276,480 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsty.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/30 13:59:07 | 001,660,928 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11123001\algo.dll
MOD - [2011/12/29 14:38:40 | 000,268,808 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11123001\aswRep.dll
MOD - [2011/12/07 05:16:28 | 000,411,192 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\ppgooglenaclpluginchrome.dll
MOD - [2011/12/07 05:16:27 | 003,767,864 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
MOD - [2011/12/07 05:14:56 | 000,122,952 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\avutil-51.dll
MOD - [2011/12/07 05:14:55 | 000,222,280 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\avformat-53.dll
MOD - [2011/12/07 05:14:53 | 001,746,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\16.0.912.63\avcodec-53.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/15 10:10:43 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_77743f04\mscorlib.dll
MOD - [2011/10/15 10:10:39 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_8a0ac7fb\system.drawing.dll
MOD - [2011/10/15 10:10:31 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_d4dd8685\system.xml.dll
MOD - [2011/10/15 10:10:26 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_f82e585e\system.windows.forms.dll
MOD - [2011/10/15 10:10:16 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_76a78224\system.dll
MOD - [2011/10/15 10:10:06 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2011/10/15 10:10:05 | 001,265,664 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2010/02/05 12:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/09/22 15:31:56 | 000,856,064 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
MOD - [2009/08/24 15:47:44 | 000,729,088 | ---- | M] () -- C:\Program Files\TVersity\Media Server\X11.dll
MOD - [2009/08/24 15:47:44 | 000,712,704 | ---- | M] () -- C:\Program Files\TVersity\Media Server\log4cxx.dll
MOD - [2009/08/24 15:47:44 | 000,505,835 | ---- | M] () -- C:\Program Files\TVersity\Media Server\sqlite3.dll
MOD - [2009/08/24 15:47:44 | 000,344,064 | ---- | M] () -- C:\Program Files\TVersity\Media Server\taglib.dll
MOD - [2009/08/24 15:47:44 | 000,327,680 | ---- | M] () -- C:\Program Files\TVersity\Media Server\libcurl.dll
MOD - [2009/08/24 15:47:42 | 000,163,840 | ---- | M] () -- C:\Program Files\TVersity\Media Server\CORE_RL_lcms_.dll
MOD - [2009/08/24 15:47:30 | 004,055,040 | ---- | M] () -- C:\Program Files\TVersity\Media Server\avcodec-51.dll
MOD - [2009/08/24 15:47:30 | 000,443,904 | ---- | M] () -- C:\Program Files\TVersity\Media Server\avformat-51.dll
MOD - [2009/08/24 15:47:30 | 000,026,112 | ---- | M] () -- C:\Program Files\TVersity\Media Server\avutil-49.dll
MOD - [2009/04/22 11:18:30 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2009/04/22 11:18:30 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2009/04/22 11:18:30 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2009/04/22 11:18:29 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2009/04/22 11:18:29 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2006/09/15 23:03:02 | 000,007,680 | ---- | M] () -- C:\Program Files\TVersity\Media Server\ImageMagickCoders\IM_MOD_RL_gray_.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/03 16:51:37 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/02/02 10:57:54 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2009/09/22 15:31:56 | 000,856,064 | ---- | M] () [Auto | Running] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2009/03/03 12:53:08 | 000,033,176 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2005/03/06 21:52:20 | 000,476,160 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)


========== Driver Services (SafeList) ==========

DRV - [2011/11/28 11:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 11:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 11:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 11:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 11:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 11:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/28 11:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/07/27 03:47:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/07/27 03:47:10 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/02/11 06:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stop_Pending] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2006/03/17 10:24:10 | 001,520,640 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/09/28 03:10:00 | 000,092,700 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/28 03:10:00 | 000,087,004 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/28 03:10:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/28 03:10:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/28 03:10:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/28 03:10:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/28 03:10:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/23 16:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/07/07 07:03:34 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/07/07 07:02:56 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/04/07 23:25:34 | 000,132,352 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/03/04 15:21:36 | 000,065,664 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp)
DRV - [2005/01/07 12:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hdaudio.sys -- (HdAudAddService)
DRV - [2004/11/22 17:36:39 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/11/22 17:36:34 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2004/08/03 18:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 18:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 18:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 18:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 18:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 18:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 18:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 18:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 18:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 18:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 18:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 18:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 18:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 18:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 18:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2002/04/04 00:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hometab.bellsouth.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.att.net"
FF - prefs.js..extensions.enabledItems: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {efa37648-2754-4e3b-ad97-dc088c8805cd}:1.0.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:5.2.0.0
FF - prefs.js..keyword.URL: "http://www.bing.com/...te=20111008&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 54505

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.Guffins.com/Plugin: C:\Program Files\GuffinsEI\Installr\1.bin\NPu4EISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Mike\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\WINDOWS\Downloaded Program Files\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Mike\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Documents and Settings\Mike\Local Settings\Application Data\RobloxVersions\version-fb3436d54f9e4598\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Mike\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/30 21:42:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/30 12:35:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Mike\Application Data\Move Networks [2009/12/01 13:17:35 | 000,000,000 | ---D | M]

[2009/09/26 09:17:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Extensions
[2011/11/27 17:28:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions
[2009/09/26 09:34:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/08 06:52:52 | 000,000,000 | ---D | M] (Outspark Toolbar) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\{efa37648-2754-4e3b-ad97-dc088c8805cd}
[2010/12/15 11:34:58 | 000,000,000 | ---D | M] (ShopAtHome.com Intelligent Shopping Toolbar) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\[email protected]
[2009/09/26 09:13:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/01 13:17:35 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\MIKE\APPLICATION DATA\MOVE NETWORKS
File not found (No name found) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2009/11/19 15:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/19 15:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/...uage={language}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Mike\Application Data\Move Networks\plugins\npqmp071505000011.dll
CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Documents and Settings\Mike\Local Settings\Application Data\RobloxVersions\version-fb3436d54f9e4598\\NPRobloxProxy.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Mike\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\WINDOWS\Downloaded Program Files\npsoe.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\

O1 HOSTS File: ([2011/12/30 11:31:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Outspark Toolbar) - {efa37648-2754-4e3b-ad97-dc088c8805cd} - C:\Program Files\outsparktoolbar\vmntemplateX.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Outspark Toolbar) - {efa37648-2754-4e3b-ad97-dc088c8805cd} - C:\Program Files\outsparktoolbar\vmntemplateX.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\hdashcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MotiveReportAgent] C:\Program Files\Common Files\Motive\McciBootStrapper.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Documents and Settings\Mike\Desktop\PartyPoker.net.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Documents and Settings\Mike\Desktop\PartyPoker.net.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll File not found
O15 - HKCU\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: bellsouth.net ([hometab] http in Trusted sites)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.co...ebInstaller.cab (SOE Web Installer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1240418678484 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1240490776671 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin..../p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0AFF4B2-6068-4E9F-BB7D-4DB05BEF876A}: DhcpNameServer = 192.168.1.254 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/06 14:30:36 | 000,000,000 | ---D | M] - F:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/30 22:56:21 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Mike\Desktop\VEW.exe
[2011/12/30 21:53:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2011/12/30 21:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/12/30 21:51:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\Google
[2011/12/30 21:51:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/12/30 21:50:59 | 000,314,456 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/12/30 21:50:59 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/12/30 21:50:57 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/12/30 21:50:56 | 000,435,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/12/30 21:50:56 | 000,052,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/12/30 21:50:55 | 000,111,320 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/12/30 21:50:55 | 000,105,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/12/30 21:50:55 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/12/30 21:50:33 | 000,199,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/12/30 21:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/12/30 21:50:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/12/30 21:36:59 | 001,832,544 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\Mike\Desktop\MCPR.exe
[2011/12/30 21:20:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/30 12:49:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/12/30 12:47:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/30 12:46:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/30 12:35:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/12/30 12:34:11 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/12/30 12:29:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/12/30 11:47:00 | 004,702,720 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Mike\Desktop\aswMBR.exe
[2011/12/30 11:46:53 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mike\Desktop\tdsskiller.exe
[2011/12/30 11:37:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/12/30 11:25:16 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsec.sys
[2011/12/30 11:03:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/30 11:03:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/30 11:03:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/30 11:03:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/30 11:03:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/30 11:03:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/30 11:02:40 | 004,356,196 | R--- | C] (Swearware) -- C:\Documents and Settings\Mike\Desktop\ComboFix.exe
[2011/12/29 16:37:48 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2011/12/29 16:18:58 | 000,000,000 | ---D | C] -- C:\ERDNT
[2011/12/29 15:34:58 | 000,347,944 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Mike\Desktop\MicrosoftFixit-portable (1).exe
[2011/12/29 15:34:51 | 000,347,944 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Mike\Desktop\MicrosoftFixit-portable.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/31 00:01:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/30 22:56:21 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\Mike\Desktop\VEW.exe
[2011/12/30 22:54:34 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/30 22:54:33 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/30 22:53:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/30 22:53:38 | 2146,848,768 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/30 21:55:33 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/30 21:53:22 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/12/30 21:51:00 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/12/30 21:50:56 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/12/30 21:37:04 | 001,832,544 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Mike\Desktop\MCPR.exe
[2011/12/30 21:36:37 | 064,207,032 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\setup_av_free_cnet.exe
[2011/12/30 16:17:46 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/30 12:49:55 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/12/30 12:35:20 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/12/30 12:30:26 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/12/30 12:30:26 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/12/30 12:23:37 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/30 11:50:34 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\MBR.dat
[2011/12/30 11:45:52 | 004,702,720 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Mike\Desktop\aswMBR.exe
[2011/12/30 11:44:12 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mike\Desktop\tdsskiller.exe
[2011/12/30 11:31:47 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/30 11:00:32 | 004,356,196 | R--- | M] (Swearware) -- C:\Documents and Settings\Mike\Desktop\ComboFix.exe
[2011/12/29 16:35:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2011/12/29 15:32:28 | 000,648,704 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\MicrosoftFixit50267.msi
[2011/12/29 15:31:26 | 000,650,240 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\MicrosoftFixit50203.msi
[2011/12/29 15:28:18 | 000,347,944 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Mike\Desktop\MicrosoftFixit-portable (1).exe
[2011/12/29 15:27:16 | 000,347,944 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Mike\Desktop\MicrosoftFixit-portable.exe
[2011/12/03 12:02:57 | 025,051,846 | ---- | M] () -- C:\BellSouthIW.re~
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/30 21:53:22 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/12/30 21:53:22 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/30 21:51:13 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/30 21:51:12 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/30 21:51:00 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/12/30 21:36:34 | 064,207,032 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\setup_av_free_cnet.exe
[2011/12/30 12:49:55 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/12/30 12:35:20 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/12/30 12:30:26 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2011/12/30 12:21:09 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/30 11:50:34 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\MBR.dat
[2011/12/30 11:03:16 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/30 11:03:16 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/30 11:03:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/30 11:03:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/30 11:03:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/29 15:35:04 | 000,648,704 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\MicrosoftFixit50267.msi
[2011/12/29 15:35:01 | 000,650,240 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\MicrosoftFixit50203.msi
[2011/12/03 12:02:23 | 025,051,846 | ---- | C] () -- C:\BellSouthIW.re~
[2011/11/23 09:57:35 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\EqYh3Yq.dat
[2011/10/08 08:47:41 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2011/10/08 08:47:41 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2011/02/10 00:14:12 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/15 09:34:49 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS69.DLL
[2010/01/31 13:00:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2009/11/14 15:13:40 | 000,074,816 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/26 14:06:30 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/09/26 09:17:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/09/05 12:50:38 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/05/02 17:29:37 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\fusioncache.dat
[2009/05/02 15:26:35 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2009/05/02 15:26:34 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2009/04/23 06:22:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/04/22 11:26:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/04/22 11:24:46 | 000,000,222 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/04/22 11:22:13 | 000,001,996 | ---- | C] () -- C:\WINDOWS\System32\drivers\HDACfg.dat
[2009/04/22 11:22:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/04/22 11:20:42 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/04/22 11:10:05 | 000,121,995 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/04/22 11:03:20 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/04/22 11:02:52 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/04/22 11:02:47 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/04/22 11:02:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/04/22 11:01:16 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2009/04/22 10:50:47 | 000,000,785 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/05/26 19:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 19:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 08:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 08:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 08:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/12/29 15:47:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 11:53:59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/09 14:44:34 | 000,465,838 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/09 14:44:34 | 000,079,598 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/09 14:40:44 | 000,341,832 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/09 14:33:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/09 14:28:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/01/07 13:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/17 14:30:26 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/17 14:30:26 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/17 14:15:40 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/07/21 15:36:50 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/07/21 15:36:06 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== Custom Scans ==========



< MD5 for: I8042PRT.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:i8042prt.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:i8042prt.sys
[2009/04/22 09:38:10 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:i8042prt.sys
[2009/04/22 09:38:10 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:i8042prt.sys
[2009/04/22 09:38:10 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\sp3.cab:i8042prt.sys
[2008/04/13 13:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) MD5=4A0B06AA8943C1E332520F7440C0AA30 -- C:\WINDOWS\ServicePackFiles\i386\i8042prt.sys
[2008/04/13 13:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) MD5=4A0B06AA8943C1E332520F7440C0AA30 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\i8042prt.sys
[2008/04/13 13:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) MD5=4A0B06AA8943C1E332520F7440C0AA30 -- C:\WINDOWS\system32\drivers\i8042prt.sys
[2004/08/04 00:14:38 | 000,052,736 | ---- | M] (Microsoft Corporation) MD5=5502B58EEF7486EE6F93F3F164DCB808 -- C:\WINDOWS\$NtServicePackUninstall$\i8042prt.sys

< End of report >
  • 0

#10
RKinner
Posted 31 December 2011 - 12:44 AM

RKinner

    Malware Expert

  • Expert
  • 24,748 posts
  • MVP
You don't need to run as Admin since you are not Win 7 or Vista system.

Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
FF - prefs.js..extensions.enabledItems: {efa37648-2754-4e3b-ad97-dc088c8805cd}:1.0.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:5.2.0.0
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 54505
[2011/10/08 06:52:52 | 000,000,000 | ---D | M] (Outspark Toolbar) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\{efa37648-2754-4e3b-ad97-dc088c8805cd}
[2010/12/15 11:34:58 | 000,000,000 | ---D | M] (ShopAtHome.com Intelligent Shopping Toolbar) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
O2 - BHO: (Outspark Toolbar) - {efa37648-2754-4e3b-ad97-dc088c8805cd} - C:\Program Files\outsparktoolbar\vmntemplateX.dll ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe (Sun Microsystems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll File not found
[2011/11/23 09:57:35 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\EqYh3Yq.dat

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
     
:Commands
[RESETHOSTS]
[purity]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK


Let's run Combofix one more time now that we have connectivity. It may want to update - let it. It may also want to install the Recovery Console. Please let it. Remember to turn off Avast before running Combofix. Right click on the Avast Ball and select Avast! Shields Control and Disable Until Computer is Restarted


Run OTL

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron
  • 0

#11
MikenAL
Posted 31 December 2011 - 01:49 AM

MikenAL

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here is the first log:


========== PROCESSES ==========
All processes killed
========== OTL ==========
Prefs.js: {efa37648-2754-4e3b-ad97-dc088c8805cd}:1.0.0.0 removed from extensions.enabledItems
Prefs.js: [email protected]:5.2.0.0 removed from extensions.enabledItems
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 54505 removed from network.proxy.http_port
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\{efa37648-2754-4e3b-ad97-dc088c8805cd}\components folder moved successfully.
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\{efa37648-2754-4e3b-ad97-dc088c8805cd}\chrome\skin\searchbar folder moved successfully.
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\{efa37648-2754-4e3b-ad97-dc088c8805cd}\chrome\skin\options folder moved successfully.
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\{efa37648-2754-4e3b-ad97-dc088c8805cd}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\{efa37648-2754-4e3b-ad97-dc088c8805cd}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\{efa37648-2754-4e3b-ad97-dc088c8805cd}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\{efa37648-2754-4e3b-ad97-dc088c8805cd}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\{efa37648-2754-4e3b-ad97-dc088c8805cd}\chrome\skin\lib\uwa folder moved successfully.
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\{efa37648-2754-4e3b-ad97-dc088c8805cd}\chrome\skin\lib\radio\images folder moved successfully.
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\{efa37648-2754-4e3b-ad97-dc088c8805cd}\chrome\skin\lib\radio\css folder moved successfully.
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\{efa37648-2754-4e3b-ad97-dc088c8805cd}\chrome\skin\lib\radio folder moved successfully.
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\{efa37648-2754-4e3b-ad97-dc088c8805cd}\chrome\skin\lib\panels\images folder moved successfully.
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\{efa37648-2754-4e3b-ad97-dc088c8805cd}\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\{efa37648-2754-4e3b-ad97-dc088c8805cd}\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\{efa37648-2754-4e3b-ad97-dc088c8805cd}\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\{efa37648-2754-4e3b-ad97-dc088c8805cd}\chrome\skin\lib\panels\default folder moved successfully.
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\{efa37648-2754-4e3b-ad97-dc088c8805cd}\chrome\skin\lib\panels\css folder moved successfully.
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\{efa37648-2754-4e3b-ad97-dc088c8805cd}\chrome\skin\lib\panels folder moved successfully.
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\{efa37648-2754-4e3b-ad97-dc088c8805cd}\chrome\skin\lib\debugbar folder moved successfully.
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\{efa37648-2754-4e3b-ad97-dc088c8805cd}\chrome\skin\lib folder moved successfully.
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\{efa37648-2754-4e3b-ad97-dc088c8805cd}\chrome\skin folder moved successfully.
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\{efa37648-2754-4e3b-ad97-dc088c8805cd}\chrome\data\weather folder moved successfully.
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\{efa37648-2754-4e3b-ad97-dc088c8805cd}\chrome\data\search folder moved successfully.
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\{efa37648-2754-4e3b-ad97-dc088c8805cd}\chrome\data\rss folder moved successfully.
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\{efa37648-2754-4e3b-ad97-dc088c8805cd}\chrome\data\dynamicElements folder moved successfully.
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\{efa37648-2754-4e3b-ad97-dc088c8805cd}\chrome\data folder moved successfully.
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\{efa37648-2754-4e3b-ad97-dc088c8805cd}\chrome\content\widgets\com.pandonetworks.widgets.GameLauncher\images folder moved successfully.
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\{efa37648-2754-4e3b-ad97-dc088c8805cd}\chrome\content\widgets\com.pandonetworks.widgets.GameLauncher folder moved successfully.
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\{efa37648-2754-4e3b-ad97-dc088c8805cd}\chrome\content\widgets folder moved successfully.
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\{efa37648-2754-4e3b-ad97-dc088c8805cd}\chrome\content\newtab\images folder moved successfully.
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\{efa37648-2754-4e3b-ad97-dc088c8805cd}\chrome\content\newtab folder moved successfully.
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\{efa37648-2754-4e3b-ad97-dc088c8805cd}\chrome\content\modules folder moved successfully.
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\{efa37648-2754-4e3b-ad97-dc088c8805cd}\chrome\content\lib folder moved successfully.
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\{efa37648-2754-4e3b-ad97-dc088c8805cd}\chrome\content folder moved successfully.
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\{efa37648-2754-4e3b-ad97-dc088c8805cd}\chrome folder moved successfully.
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\{efa37648-2754-4e3b-ad97-dc088c8805cd} folder moved successfully.
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\[email protected]\defaults folder moved successfully.
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\[email protected]\chrome folder moved successfully.
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\[email protected] folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{efa37648-2754-4e3b-ad97-dc088c8805cd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{efa37648-2754-4e3b-ad97-dc088c8805cd}\ deleted successfully.
C:\Program Files\outsparktoolbar\vmntemplateX.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
C:\Program Files\Java\jre1.5.0\bin\jusched.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\.spop\ deleted successfully.
C:\Documents and Settings\All Users\Application Data\EqYh3Yq.dat moved successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Mike\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Mike\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Mike\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Mike\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Mike\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Mike\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Mike\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Mike\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 12312011_011337

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Here is the second:


ComboFix 11-12-30.02 - Mike 12/31/2011 1:25.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1520 [GMT -6:00]
Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-31 )))))))))))))))))))))))))))))))
.
.
2011-12-31 03:51 . 2011-12-31 03:55 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Google
2011-12-31 03:51 . 2011-12-31 03:53 -------- d-----w- c:\program files\Google
2011-12-31 03:50 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-12-31 03:50 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-12-31 03:50 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-12-31 03:50 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-31 03:50 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-12-31 03:50 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-12-31 03:50 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-12-31 03:50 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-12-31 03:50 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-12-31 03:50 . 2011-12-31 03:50 -------- d-----w- c:\program files\AVAST Software
2011-12-31 03:50 . 2011-12-31 03:50 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-12-31 03:20 . 2011-12-31 03:20 -------- d-----w- C:\_OTL
2011-12-30 18:47 . 2011-12-30 18:47 -------- d-----w- c:\program files\iPod
2011-12-30 18:46 . 2011-12-30 18:49 -------- d-----w- c:\program files\iTunes
2011-12-30 18:29 . 2011-12-30 18:29 -------- d-----w- c:\program files\Bonjour
2011-12-30 17:25 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2011-12-30 17:25 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\dllcache\ipsec.sys
2011-12-29 22:18 . 2011-12-29 22:19 -------- d-----w- C:\ERDNT
2011-12-03 17:54 . 2011-12-03 17:54 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 18:01 . 2010-11-06 17:40 41184 ----a-w- c:\windows\avastSS.scr
2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-10 14:22 . 2004-08-04 07:56 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-30_17.32.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-12 05:02 . 2009-07-12 05:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 06:05 . 2009-07-12 06:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
- 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 06:05 . 2009-07-12 06:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
- 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2011-12-30 18:38 . 2011-08-02 23:38 42496 c:\windows\system32\DRVSTORE\usbaapl_091115F4EDEB41DBA0EC91574CE905B4E0482482\usbaapl.sys
+ 2011-12-30 18:38 . 2011-08-02 23:38 18432 c:\windows\system32\DRVSTORE\netaapl_63AA05C4700EB9CAF2D048DAC1D06D764A0D4C41\netaapl.sys
+ 2010-04-27 13:39 . 2011-08-02 23:38 42496 c:\windows\system32\drivers\usbaapl.sys
+ 2011-08-31 05:05 . 2011-08-31 05:05 73064 c:\windows\system32\dnssd.dll
+ 2011-08-31 05:05 . 2011-08-31 05:05 83816 c:\windows\system32\dns-sd.exe
- 2009-04-22 17:28 . 2011-12-03 18:02 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-22 17:28 . 2011-12-30 18:48 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-22 17:28 . 2011-12-03 18:02 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-04-22 17:28 . 2011-12-30 18:48 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-12-30 18:37 . 2011-12-30 18:48 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-04-22 17:28 . 2011-12-03 18:02 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-12-31 03:56 . 2011-12-31 03:56 22016 c:\windows\Installer\36029.msi
+ 2011-12-30 18:23 . 2011-12-30 18:23 27136 c:\windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
- 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
- 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-12 06:05 . 2009-07-12 06:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2011-12-30 18:30 . 2011-12-30 18:30 897024 c:\windows\Installer\{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}\SafariIco.exe
+ 2011-12-30 18:50 . 2011-12-30 18:50 380928 c:\windows\Installer\{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}\iTunesIco.exe
+ 2009-07-12 06:02 . 2009-07-12 06:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 06:02 . 2009-07-12 06:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
- 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2010-04-27 13:39 . 2011-08-02 23:38 4517664 c:\windows\system32\usbaaplrc.dll
+ 2011-12-30 18:38 . 2011-08-02 23:38 4517664 c:\windows\system32\DRVSTORE\usbaapl_091115F4EDEB41DBA0EC91574CE905B4E0482482\usbaaplrc.dll
+ 2011-12-30 18:38 . 2010-04-20 01:29 1461992 c:\windows\system32\DRVSTORE\netaapl_63AA05C4700EB9CAF2D048DAC1D06D764A0D4C41\wdfcoinstaller01009.dll
+ 2011-12-30 18:51 . 2011-12-30 18:51 1709568 c:\windows\Installer\2ccf40.msi
+ 2011-12-30 18:50 . 2011-12-30 18:50 5651456 c:\windows\Installer\2ccf0e.msi
+ 2011-12-30 18:39 . 2011-12-30 18:39 1717248 c:\windows\Installer\2cc668.msi
+ 2011-12-30 18:35 . 2011-12-30 18:35 9474048 c:\windows\Installer\2cc60a.msi
+ 2011-12-30 18:30 . 2011-12-30 18:30 3470848 c:\windows\Installer\2cc337.msi
+ 2011-12-30 18:29 . 2011-12-30 18:29 2002432 c:\windows\Installer\2cc250.msi
+ 2011-12-30 18:27 . 2011-12-30 18:27 1530368 c:\windows\Installer\2cc202.msi
+ 2011-12-30 18:23 . 2011-12-30 18:23 1769984 c:\windows\Installer\2cc0d9.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-10-08 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 45056]
"PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2005-10-04 86016]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2005-03-07 276480]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-28 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"MotiveReportAgent"="c:\program files\Common Files\Motive\McciBootStrapper.exe" [2004-06-25 204800]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Sonic CinePlayer Quick Launch.lnk - c:\program files\Common Files\Sonic Shared\CineTray.exe [2005-10-15 114688]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Documents and Settings\\Mike\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Documents and Settings\\Mike\\Application Data\\Sony Online Entertainment\\Installed Games\\Clone Wars\\CloneWars.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10284:UDP"= 10284:UDP:Xbox
"10280:UDP"= 10280:UDP:Xbox
"10282:UDP"= 10282:UDP:Xbox
"10281:UDP"= 10281:UDP:Xbox
"56907:TCP"= 56907:TCP:Pando Media Booster
"56907:UDP"= 56907:UDP:Pando Media Booster
"57691:TCP"= 57691:TCP:Pando Media Booster
"57691:UDP"= 57691:UDP:Pando Media Booster
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12/30/2011 9:50 PM 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/30/2011 9:50 PM 314456]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [7/18/2011 6:02 PM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/30/2011 9:50 PM 20568]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/27/2011 3:02 PM 366152]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [4/22/2009 11:24 AM 476160]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/27/2011 3:02 PM 22216]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/30/2011 9:51 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/30/2011 9:51 PM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 1:56 AM 14336]
S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:34]
.
2011-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-31 03:51]
.
2011-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-31 03:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://hometab.bellsouth.net/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: $talisma_url$
Trusted Zone: bellsouth.net\hometab
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254 192.168.0.1
FF - ProfilePath - c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.att.net
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z142&form=ZGAADF&install_date=20111008&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Move Media Player: [email protected] - c:\documents and settings\Mike\Application Data\Move Networks
.
.
------- File Associations -------
.
.scr=DWGTrueViewScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{efa37648-2754-4e3b-ad97-dc088c8805cd} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-31 01:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(708)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1800)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-12-31 01:41:56
ComboFix-quarantined-files.txt 2011-12-31 07:41
ComboFix2.txt 2011-12-30 17:37
.
Pre-Run: 107,039,268,864 bytes free
Post-Run: 107,296,948,224 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - E5C2FE57CAB9346104F4F6ED7AC7A250


Here is the log from OTL

OTL logfile created on: 12/31/2011 1:43:39 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 69.72% Memory free
3.85 Gb Paging File | 3.40 Gb Available in Paging File | 88.40% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 99.97 Gb Free Space | 67.08% Space Free | Partition Type: NTFS
Drive F: | 931.28 Gb Total Space | 911.34 Gb Free Space | 97.86% Space Free | Partition Type: FAT32

Computer Name: HP25032670924 | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/29 16:35:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
PRC - [2011/12/03 16:51:37 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/11/28 12:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/10/08 06:52:50 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/01/02 19:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/10/15 03:01:00 | 000,114,688 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic Shared\CineTray.exe
PRC - [2005/10/04 16:23:10 | 000,086,016 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2005/09/28 03:10:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/08/23 10:39:40 | 000,147,456 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\BellSouthBrowser.exe
PRC - [2005/03/06 21:52:20 | 000,476,160 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2005/03/06 21:52:16 | 000,276,480 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsty.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/30 13:59:07 | 001,660,928 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11123001\algo.dll
MOD - [2011/12/29 14:38:40 | 000,268,808 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11123001\aswRep.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/15 10:10:43 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_77743f04\mscorlib.dll
MOD - [2011/10/15 10:10:39 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_8a0ac7fb\system.drawing.dll
MOD - [2011/10/15 10:10:31 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_d4dd8685\system.xml.dll
MOD - [2011/10/15 10:10:26 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_f82e585e\system.windows.forms.dll
MOD - [2011/10/15 10:10:16 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_76a78224\system.dll
MOD - [2011/10/15 10:10:06 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2011/10/15 10:10:05 | 001,265,664 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2011/10/08 06:52:50 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2009/04/22 11:18:30 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2009/04/22 11:18:30 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2009/04/22 11:18:30 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2009/04/22 11:18:29 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2009/04/22 11:18:29 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/03 16:51:37 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/02/02 10:57:54 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2009/09/22 15:31:56 | 000,856,064 | ---- | M] () [Auto | Stopped] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2009/03/03 12:53:08 | 000,033,176 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2005/03/06 21:52:20 | 000,476,160 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/11/28 11:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 11:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 11:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 11:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 11:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 11:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/28 11:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/07/27 03:47:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/07/27 03:47:10 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2006/03/17 10:24:10 | 001,520,640 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/09/28 03:10:00 | 000,092,700 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/28 03:10:00 | 000,087,004 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/28 03:10:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/28 03:10:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/28 03:10:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/28 03:10:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/28 03:10:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/23 16:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/07/07 07:03:34 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/07/07 07:02:56 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/04/07 23:25:34 | 000,132,352 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/03/04 15:21:36 | 000,065,664 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp)
DRV - [2005/01/07 12:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hdaudio.sys -- (HdAudAddService)
DRV - [2004/11/22 17:36:39 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/11/22 17:36:34 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2004/08/03 18:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 18:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 18:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 18:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 18:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 18:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 18:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 18:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 18:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 18:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 18:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 18:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 18:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 18:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 18:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2002/04/04 00:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hometab.bellsouth.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.att.net"
FF - prefs.js..extensions.enabledItems: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..keyword.URL: "http://www.bing.com/...te=20111008&q="
FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: ""

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.Guffins.com/Plugin: C:\Program Files\GuffinsEI\Installr\1.bin\NPu4EISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Mike\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\WINDOWS\Downloaded Program Files\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Mike\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Documents and Settings\Mike\Local Settings\Application Data\RobloxVersions\version-fb3436d54f9e4598\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Mike\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/30 21:42:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/30 12:35:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Mike\Application Data\Move Networks [2009/12/01 13:17:35 | 000,000,000 | ---D | M]

[2009/09/26 09:17:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Extensions
[2011/12/31 01:13:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions
[2009/09/26 09:34:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/26 09:13:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/01 13:17:35 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\MIKE\APPLICATION DATA\MOVE NETWORKS
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MIKE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\P36IV0RU.DEFAULT\EXTENSIONS\{EFA37648-2754-4E3B-AD97-DC088C8805CD}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MIKE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\P36IV0RU.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2009/11/19 15:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/19 15:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/...uage={language}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Mike\Application Data\Move Networks\plugins\npqmp071505000011.dll
CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Documents and Settings\Mike\Local Settings\Application Data\RobloxVersions\version-fb3436d54f9e4598\\NPRobloxProxy.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Mike\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\WINDOWS\Downloaded Program Files\npsoe.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\

O1 HOSTS File: ([2011/12/31 01:13:55 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\hdashcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MotiveReportAgent] C:\Program Files\Common Files\Motive\McciBootStrapper.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Documents and Settings\Mike\Desktop\PartyPoker.net.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Documents and Settings\Mike\Desktop\PartyPoker.net.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: bellsouth.net ([hometab] http in Trusted sites)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.co...ebInstaller.cab (SOE Web Installer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1240418678484 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1240490776671 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin..../p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0AFF4B2-6068-4E9F-BB7D-4DB05BEF876A}: DhcpNameServer = 192.168.1.254 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/06 14:30:36 | 000,000,000 | ---D | M] - F:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/31 01:21:03 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/30 22:56:21 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Mike\Desktop\VEW.exe
[2011/12/30 21:53:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2011/12/30 21:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/12/30 21:51:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\Google
[2011/12/30 21:51:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/12/30 21:50:59 | 000,314,456 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/12/30 21:50:59 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/12/30 21:50:57 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/12/30 21:50:56 | 000,435,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/12/30 21:50:56 | 000,052,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/12/30 21:50:55 | 000,111,320 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/12/30 21:50:55 | 000,105,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/12/30 21:50:55 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/12/30 21:50:33 | 000,199,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/12/30 21:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/12/30 21:50:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/12/30 21:36:59 | 001,832,544 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\Mike\Desktop\MCPR.exe
[2011/12/30 21:20:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/30 12:49:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/12/30 12:47:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/30 12:46:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/30 12:35:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/12/30 12:34:11 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/12/30 12:29:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/12/30 11:47:00 | 004,702,720 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Mike\Desktop\aswMBR.exe
[2011/12/30 11:46:53 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mike\Desktop\tdsskiller.exe
[2011/12/30 11:37:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/12/30 11:25:16 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsec.sys
[2011/12/30 11:03:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/30 11:03:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/30 11:03:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/30 11:03:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/30 11:03:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/30 11:03:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/30 11:02:40 | 004,358,014 | R--- | C] (Swearware) -- C:\Documents and Settings\Mike\Desktop\ComboFix.exe
[2011/12/29 16:37:48 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2011/12/29 16:18:58 | 000,000,000 | ---D | C] -- C:\ERDNT
[2011/12/29 15:34:58 | 000,347,944 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Mike\Desktop\MicrosoftFixit-portable (1).exe
[2011/12/29 15:34:51 | 000,347,944 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Mike\Desktop\MicrosoftFixit-portable.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/31 01:21:10 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/12/31 01:19:27 | 004,358,014 | R--- | M] (Swearware) -- C:\Documents and Settings\Mike\Desktop\ComboFix.exe
[2011/12/31 01:16:12 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/31 01:15:58 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/31 01:15:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/31 01:15:12 | 2146,848,768 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/31 01:13:55 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/12/31 00:01:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/30 22:56:21 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\Mike\Desktop\VEW.exe
[2011/12/30 21:55:33 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/30 21:53:22 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/12/30 21:51:00 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/12/30 21:50:56 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/12/30 21:37:04 | 001,832,544 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Mike\Desktop\MCPR.exe
[2011/12/30 21:36:37 | 064,207,032 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\setup_av_free_cnet.exe
[2011/12/30 16:17:46 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/30 12:49:55 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/12/30 12:35:20 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/12/30 12:30:26 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/12/30 12:30:26 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/12/30 12:23:37 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/30 11:50:34 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\MBR.dat
[2011/12/30 11:45:52 | 004,702,720 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Mike\Desktop\aswMBR.exe
[2011/12/30 11:44:12 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mike\Desktop\tdsskiller.exe
[2011/12/29 16:35:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2011/12/29 15:32:28 | 000,648,704 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\MicrosoftFixit50267.msi
[2011/12/29 15:31:26 | 000,650,240 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\MicrosoftFixit50203.msi
[2011/12/29 15:28:18 | 000,347,944 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Mike\Desktop\MicrosoftFixit-portable (1).exe
[2011/12/29 15:27:16 | 000,347,944 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Mike\Desktop\MicrosoftFixit-portable.exe
[2011/12/03 12:02:57 | 025,051,846 | ---- | M] () -- C:\BellSouthIW.re~
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/31 01:21:10 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/12/31 01:21:08 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/30 21:53:22 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/12/30 21:53:22 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/30 21:51:13 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/30 21:51:12 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/30 21:51:00 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/12/30 21:36:34 | 064,207,032 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\setup_av_free_cnet.exe
[2011/12/30 12:49:55 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/12/30 12:35:20 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/12/30 12:30:26 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2011/12/30 12:21:09 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/30 11:50:34 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\MBR.dat
[2011/12/30 11:03:16 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/30 11:03:16 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/30 11:03:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/30 11:03:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/30 11:03:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/29 15:35:04 | 000,648,704 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\MicrosoftFixit50267.msi
[2011/12/29 15:35:01 | 000,650,240 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\MicrosoftFixit50203.msi
[2011/12/03 12:02:23 | 025,051,846 | ---- | C] () -- C:\BellSouthIW.re~
[2011/10/08 08:47:41 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2011/10/08 08:47:41 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2011/02/10 00:14:12 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/15 09:34:49 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS69.DLL
[2010/01/31 13:00:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2009/11/14 15:13:40 | 000,074,816 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/26 14:06:30 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/09/26 09:17:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/09/05 12:50:38 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/05/02 17:29:37 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\fusioncache.dat
[2009/05/02 15:26:35 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2009/05/02 15:26:34 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2009/04/23 06:22:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/04/22 11:26:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/04/22 11:24:46 | 000,000,222 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/04/22 11:22:13 | 000,001,996 | ---- | C] () -- C:\WINDOWS\System32\drivers\HDACfg.dat
[2009/04/22 11:22:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/04/22 11:20:42 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/04/22 11:10:05 | 000,121,995 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/04/22 11:03:20 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/04/22 11:02:52 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/04/22 11:02:47 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/04/22 11:02:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/04/22 11:01:16 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2009/04/22 10:50:47 | 000,000,785 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/05/26 19:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 19:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 08:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 08:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 08:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/12/29 15:47:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 11:53:59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/09 14:44:34 | 000,465,838 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/09 14:44:34 | 000,079,598 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/09 14:40:44 | 000,341,832 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/09 14:33:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/09 14:28:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/01/07 13:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/17 14:30:26 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/17 14:30:26 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/17 14:15:40 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/07/21 15:36:50 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/07/21 15:36:06 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

< End of report >
  • 0

#12
MikenAL
Posted 31 December 2011 - 01:51 AM

MikenAL

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
The second OTL


OTL Extras logfile created on: 12/31/2011 1:43:39 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 69.72% Memory free
3.85 Gb Paging File | 3.40 Gb Available in Paging File | 88.40% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 99.97 Gb Free Space | 67.08% Space Free | Partition Type: NTFS
Drive F: | 931.28 Gb Total Space | 911.34 Gb Free Space | 97.86% Space Free | Partition Type: FAT32

Computer Name: HP25032670924 | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.scr [@ = DWGTrueViewScriptFile] -- C:\WINDOWS\System32\notepad.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [TVersity] -- "C:\Program Files\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"56907:TCP" = 56907:TCP:*:Enabled:Pando Media Booster
"56907:UDP" = 56907:UDP:*:Enabled:Pando Media Booster
"57691:TCP" = 57691:TCP:*:Enabled:Pando Media Booster
"57691:UDP" = 57691:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10284:UDP" = 10284:UDP:*:Enabled:Xbox
"10280:UDP" = 10280:UDP:*:Enabled:Xbox
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Xbox
"10282:UDP" = 10282:UDP:*:Enabled:Xbox
"10281:UDP" = 10281:UDP:*:Enabled:Xbox
"56907:TCP" = 56907:TCP:*:Enabled:Pando Media Booster
"56907:UDP" = 56907:UDP:*:Enabled:Pando Media Booster
"57691:TCP" = 57691:TCP:*:Enabled:Pando Media Booster
"57691:UDP" = 57691:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\TVersity\Media Server\MediaServer.exe" = C:\Program Files\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server -- ()
"C:\Documents and Settings\Mike\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Mike\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"C:\Documents and Settings\Mike\Application Data\Sony Online Entertainment\Installed Games\Clone Wars\CloneWars.exe" = C:\Documents and Settings\Mike\Application Data\Sony Online Entertainment\Installed Games\Clone Wars\CloneWars.exe:*:Enabled:CloneWars -- ()
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0271DC0A-B6E0-4129-92DC-4FDD63362D58}" = ATI Catalyst Control Center
"{063BF5C1-89DB-433F-9D74-2E4F043E3F5E}" = Broadcom Management Programs
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio Data Module
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD Plus
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26792CA7-D87A-4DBE-896B-C2F66B344511}" = Roxio CinePlayer
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010
"{5783F2D7-8028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2010
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{914E1AB1-DCA0-4A7D-935F-B58C4B887A2B}" = HP ProtectTools Security Manager 2.00 B3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support 4.0
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio Audio Module
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AE052EF7-2640-48D7-8915-69B810D975CB}" = HP BIOS Configuration for ProtectTools 2.00 A17
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio Copy Module
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3350D7C-9D1B-44B3-A5A1-EDADC0D66109}" = Kid Pix Deluxe 4
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D755C7A3-C03E-4460-8C00-AC6E55505FB5}" = LightScribe 1.4.74.1
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{E02C0C32-1103-42E3-B2B3-1630675B778C}" = Avatar - Legends of The Arena
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Autodesk Design Review 2010" = Autodesk Design Review 2010
"avast" = avast! Free Antivirus
"Blockland" = Blockland
"CCleaner" = CCleaner
"Cisco Connect" = Cisco Connect
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Disney Toontown Online" = Disney Toontown Online
"DWG TrueView 2010" = DWG TrueView 2010
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"Google Chrome" = Google Chrome
"HOTLLAMA Media Player" = HOTLLAMA Media Player
"HOTLLAMA Media Player - Update" = HOTLLAMA Media Player - Update
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"LHTTSSPE" = L&H TTS3000 Espańol
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MotiveReportAgent" = BellSouth FastAccess DSL Report Agent
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NetDevil_LEGO_Universe_is1" = LEGO Universe
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"outsparktoolbar" = Outspark Toolbar
"PartyPokerNet" = PartyPoker.net
"PCFriendly" = PCFriendly
"PDF Complete" = PDF Complete
"Software Setup" = Software Setup
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"TVersity Codec Pack" = TVersity Codec Pack 1.2
"TVersity Media Server" = TVersity Media Server 1.7.2.1 Beta
"UnityWebPlayer" = Unity Web Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Mike
"Move Media Player" = Move Media Player
"New LEGO Digital Designer" = LEGO Digital Designer
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"SOE-Clone Wars" = Clone Wars
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/31/2011 3:00:22 AM | Computer Name = HP25032670924 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 336532

Error - 12/31/2011 3:00:24 AM | Computer Name = HP25032670924 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/31/2011 3:00:24 AM | Computer Name = HP25032670924 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 338485

Error - 12/31/2011 3:00:24 AM | Computer Name = HP25032670924 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 338485

Error - 12/31/2011 3:00:26 AM | Computer Name = HP25032670924 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/31/2011 3:00:26 AM | Computer Name = HP25032670924 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 340594

Error - 12/31/2011 3:00:26 AM | Computer Name = HP25032670924 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 340594

Error - 12/31/2011 3:10:49 AM | Computer Name = HP25032670924 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/31/2011 3:10:49 AM | Computer Name = HP25032670924 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 964110

Error - 12/31/2011 3:10:49 AM | Computer Name = HP25032670924 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 964110

[ System Events ]
Error - 12/31/2011 3:13:38 AM | Computer Name = HP25032670924 | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 12/31/2011 3:13:38 AM | Computer Name = HP25032670924 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 12/31/2011 3:13:38 AM | Computer Name = HP25032670924 | Source = Service Control Manager | ID = 7034
Description = The LightScribeService Direct Disc Labeling Service service terminated
unexpectedly. It has done this 1 time(s).

Error - 12/31/2011 3:13:38 AM | Computer Name = HP25032670924 | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).

Error - 12/31/2011 3:13:38 AM | Computer Name = HP25032670924 | Source = Service Control Manager | ID = 7034
Description = The McciCMService service terminated unexpectedly. It has done this
1 time(s).

Error - 12/31/2011 3:13:38 AM | Computer Name = HP25032670924 | Source = Service Control Manager | ID = 7034
Description = The PDF Document Manager service terminated unexpectedly. It has
done this 1 time(s).

Error - 12/31/2011 3:13:38 AM | Computer Name = HP25032670924 | Source = Service Control Manager | ID = 7034
Description = The TVersityMediaServer service terminated unexpectedly. It has done
this 1 time(s).

Error - 12/31/2011 3:13:40 AM | Computer Name = HP25032670924 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 12/31/2011 3:16:10 AM | Computer Name = HP25032670924 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 12/31/2011 3:25:01 AM | Computer Name = HP25032670924 | Source = Service Control Manager | ID = 7034
Description = The TVersityMediaServer service terminated unexpectedly. It has done
this 1 time(s).


< End of report >
  • 0

#13
RKinner
Posted 31 December 2011 - 02:28 AM

RKinner

    Malware Expert

  • Expert
  • 24,748 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\windows\system32\XDva385.sys

Driver::
XDva385
nosGetPlusHelper

Folder::
C:\Program Files\NOS

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"nosGetPlusHelper"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.


Uninstall:
J2SE Runtime Environment 5.0 <==This one is dangerous to have.
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Bonjour <=having problems It will get reinstalled at the next apple or adobe update.

How is it running now? Any problems left?
  • 0

#14
MikenAL
Posted 31 December 2011 - 10:03 AM

MikenAL

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here is the log. i just placed the .txt file over ComboFix and let go. I assume it worked.

Also, what programs should I run to keep the system clean periodically? I really appreciate the help. It has been running great since yesterday.


ComboFix 11-12-31.02 - Mike 12/31/2011 9:04.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1148 [GMT -6:00]
Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mike\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
FILE ::
"c:\windows\system32\XDva385.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\NOS
c:\program files\NOS\bin\getPlus_Helper_3004.dll
c:\program files\NOS\bin\getPlus_HelperSvc.exe
c:\program files\NOS\bin\getPlusUninst_Adobe.exe
c:\windows\system32\_000005_.tmp.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NOSGETPLUSHELPER
-------\Legacy_XDVA385
-------\Service_nosGetPlusHelper
-------\Service_XDva385
-------\Legacy_getPlus®_Helper
-------\Legacy_getPlus®_Helper
-------\Service_getPlus® Helper
-------\Service_getPlus® Helper
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-31 )))))))))))))))))))))))))))))))
.
.
2011-12-31 15:33 . 2011-12-31 15:33 -------- d-----w- c:\windows\LastGood
2011-12-31 03:51 . 2011-12-31 03:55 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Google
2011-12-31 03:51 . 2011-12-31 03:53 -------- d-----w- c:\program files\Google
2011-12-31 03:50 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-12-31 03:50 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-12-31 03:50 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-12-31 03:50 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-31 03:50 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-12-31 03:50 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-12-31 03:50 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-12-31 03:50 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-12-31 03:50 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-12-31 03:50 . 2011-12-31 03:50 -------- d-----w- c:\program files\AVAST Software
2011-12-31 03:50 . 2011-12-31 03:50 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-12-31 03:20 . 2011-12-31 03:20 -------- d-----w- C:\_OTL
2011-12-30 18:47 . 2011-12-30 18:47 -------- d-----w- c:\program files\iPod
2011-12-30 18:46 . 2011-12-30 18:49 -------- d-----w- c:\program files\iTunes
2011-12-30 18:29 . 2011-12-30 18:29 -------- d-----w- c:\program files\Bonjour
2011-12-30 17:25 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2011-12-30 17:25 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\dllcache\ipsec.sys
2011-12-29 22:18 . 2011-12-29 22:19 -------- d-----w- C:\ERDNT
2011-12-03 17:54 . 2011-12-03 17:54 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 18:01 . 2010-11-06 17:40 41184 ----a-w- c:\windows\avastSS.scr
2011-10-28 05:31 . 2004-08-04 07:56 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2004-08-04 06:20 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-04 15:00 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-18 11:13 . 2004-08-04 07:56 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2004-08-04 07:56 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((( SnapShot_2011-12-31_07.37.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-14 00:12 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe
- 2008-04-14 00:12 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe
- 2009-12-14 07:08 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2009-12-14 07:08 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2009-04-23 12:21 . 2011-11-09 22:25 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-04-23 12:21 . 2011-12-31 14:58 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-04-23 12:21 . 2011-12-31 14:58 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2009-04-23 12:21 . 2011-11-09 22:25 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-04-23 12:21 . 2011-12-31 14:58 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-04-23 12:21 . 2011-11-09 22:25 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-04-23 12:21 . 2011-11-09 22:25 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-04-23 12:21 . 2011-12-31 14:58 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-04-23 12:21 . 2011-12-31 14:58 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-04-23 12:21 . 2011-11-09 22:25 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-04-23 12:21 . 2011-12-31 14:58 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2009-04-23 12:21 . 2011-11-09 22:25 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2009-04-23 12:21 . 2011-11-09 22:25 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-04-23 12:21 . 2011-12-31 14:58 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2011-02-09 13:53 . 2011-10-18 11:13 186880 c:\windows\system32\dllcache\encdec.dll
- 2011-02-09 13:53 . 2011-02-09 13:53 186880 c:\windows\system32\dllcache\encdec.dll
+ 2009-04-23 12:21 . 2011-12-31 14:58 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-04-23 12:21 . 2011-11-09 22:25 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-04-23 12:21 . 2011-11-09 22:25 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-04-23 12:21 . 2011-12-31 14:58 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-04-23 12:21 . 2011-12-31 14:58 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-04-23 12:21 . 2011-11-09 22:25 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-04-23 12:21 . 2011-11-09 22:25 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-04-23 12:21 . 2011-12-31 14:58 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-04-23 12:21 . 2011-12-31 14:58 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-04-23 12:21 . 2011-11-09 22:25 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-04-23 12:21 . 2011-11-09 22:25 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-04-23 12:21 . 2011-12-31 14:58 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-04-22 16:48 . 2011-10-25 13:33 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
- 2009-04-22 16:48 . 2010-12-09 13:38 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
- 2009-04-22 16:48 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-04-22 16:48 . 2011-10-25 12:52 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-07 23:02 . 2011-10-25 12:52 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-02-07 23:02 . 2010-12-09 13:07 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-04-22 16:48 . 2010-12-09 13:42 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-04-22 16:48 . 2011-10-25 13:37 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2011-10-30 05:10 . 2011-10-30 05:10 6824960 c:\windows\Installer\1a75a1f.msp
+ 2011-10-31 18:37 . 2011-10-31 18:37 4146688 c:\windows\Installer\1a75a09.msp
+ 2011-11-17 16:55 . 2011-11-17 16:55 5522944 c:\windows\Installer\1a759f2.msp
+ 2009-04-22 16:48 . 2011-10-25 13:33 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2009-04-22 16:48 . 2010-12-09 13:38 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-04-22 16:48 . 2011-10-25 12:52 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-04-22 16:48 . 2010-12-09 13:07 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-02-07 23:02 . 2010-12-09 13:07 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-02-07 23:02 . 2011-10-25 12:52 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-04-22 16:48 . 2010-12-09 13:42 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-04-22 16:48 . 2011-10-25 13:37 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-04-22 16:51 . 2011-12-31 14:59 52988224 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-10-08 3077528]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 45056]
"PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2005-10-04 86016]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2005-03-07 276480]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-28 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"MotiveReportAgent"="c:\program files\Common Files\Motive\McciBootStrapper.exe" [2004-06-25 204800]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Sonic CinePlayer Quick Launch.lnk - c:\program files\Common Files\Sonic Shared\CineTray.exe [2005-10-15 114688]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Documents and Settings\\Mike\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Documents and Settings\\Mike\\Application Data\\Sony Online Entertainment\\Installed Games\\Clone Wars\\CloneWars.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10284:UDP"= 10284:UDP:Xbox
"10280:UDP"= 10280:UDP:Xbox
"10282:UDP"= 10282:UDP:Xbox
"10281:UDP"= 10281:UDP:Xbox
"56907:TCP"= 56907:TCP:Pando Media Booster
"56907:UDP"= 56907:UDP:Pando Media Booster
"57691:TCP"= 57691:TCP:Pando Media Booster
"57691:UDP"= 57691:UDP:Pando Media Booster
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12/30/2011 9:50 PM 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/30/2011 9:50 PM 314456]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [7/18/2011 6:02 PM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/30/2011 9:50 PM 20568]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/27/2011 3:02 PM 366152]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [4/22/2009 11:24 AM 476160]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/27/2011 3:02 PM 22216]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/30/2011 9:51 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/30/2011 9:51 PM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:34]
.
2011-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-31 03:51]
.
2011-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-31 03:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://hometab.bellsouth.net/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: $talisma_url$
Trusted Zone: bellsouth.net\hometab
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254 192.168.0.1
FF - ProfilePath - c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\p36iv0ru.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.att.net
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z142&form=ZGAADF&install_date=20111008&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Move Media Player: [email protected] - c:\documents and settings\Mike\Application Data\Move Networks
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} - c:\program files\NOS\bin\getPlus_HelperSvc.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-31 09:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(720)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2740)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\TVersity\Media Server\MediaServer.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Motive\BellSouthBrowser.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-12-31 09:46:38 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-31 15:46
ComboFix2.txt 2011-12-31 07:41
ComboFix3.txt 2011-12-30 17:37
.
Pre-Run: 106,929,770,496 bytes free
Post-Run: 106,887,938,048 bytes free
.
- - End Of File - - C8E0CB32FD1EB124563981020302ECBA
  • 0

#15
RKinner
Posted 31 December 2011 - 10:47 AM

RKinner

    Malware Expert

  • Expert
  • 24,748 posts
  • MVP
If you keep Avast instead of that worthless McAfee you should be OK. Turn the sandbox back on:
Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then check Enable AutoSandbox. OK
You can run a boot-time scan once in a while or set it up to automatically scan your system at night when you are not using it.

You can also hang on to MBAM and maybe run it once a week. The free version doesn't update on its own but it will let you do manual updates. Make very sure you have no old Java or adobe versions and keep up to date with Window Automatic Update and use FileHippo's Update Checker (See below) to make sure you stay up to date.

That's about all I see so I think we can clean up now.

We need to clean up System Restore.

Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]
Run OTL. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

OTL has a cleanup tab so if you run it again and select cleanup it will remove itself and its backup files.

To hide hidden files again (If you do not run OTL cleanup):

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

You probably do not have the latest Java (Java™ 6 Update 29 or 7 update 1). Get the latest at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Note on Java and Firefox. For some reason Java does not remove old consoles from Firefox. Any time you update Java you should do Firefox, Add-ons, Extensions and disable any old Java Consoles

They will look like: Java Console 6.xx. The xx corresponds to the update number. When they switch to 7 update 0 then it will be Java Console 7.

Multiple Java Consoles will slow down the Firefox boot. After any change to Firefox or its extension you should run Speedyfox. (Mentioned later.)



Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. You can right click on the updatechecker icon (looks like a downward green arrowhead) and select Settings and tell it no betas. If you don't use MSN Messenger I would not upgdate it. MS installs a bunch of stuff when you do. You can tell the program to not show you that update.)
If you use Firefox or Chome then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Click on Speedup my Firefox. When it finishes click on Exit.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP