Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

System Infected: Tidserv Activity 2 [Solved]

Started by gitarman , Jan 22 2012 03:28 PM

This topic is locked

#1
gitarman

Posted 22 January 2012 - 03:28 PM

Member

Member
10 posts

Hello,

For the past week now, I've been getting this popup from my Norton Security Suite with the following message: Threat requiring manual removal detected: System Infected: Tidserv Activity 2. This popup has a link (labeled "Tell me how") which takes me to a website instructing me to download and execute a tool called FixTDSS.exe. I did use FixTDSS but it found nothing. I then ran MalwareBytes full scan and that did find some malware/viruses but still didn't fix the Tidserv Activity 2 problem. I then downloaded and ran complete scan with SuperAntiSypware which found hundreds of issues; after cleaning them out, it still didn't get rid of the Tidserv problem. I'm noticing after booting up my PC, I can run it for about 15 - 20 minutes then it just freezes forcing me to hard reboot. I'm running Microsoft XP, Media Center Edition, Version 2002, Service Pack 3 with Pentium D CPU 3.00GHz, 2.00 GB RAM.

I did a search on the web and found geekstogo.com as a highly-recommended site for resolving these types of issues. I would appreciate if you could help me out.

Thanks,
gitarman

#2
Essexboy

Posted 22 January 2012 - 04:38 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi there lets have a look see

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

#3
gitarman

Posted 22 January 2012 - 06:33 PM

Member

Topic Starter
Member
10 posts

Hi,

Ran OTL and it only created OTL.txt (see attached).

gitarman

OTL logfile created on: 1/22/2012 3:49:32 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Sherman\My Documents\OTL
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 58.87% Memory free
4.84 Gb Paging File | 4.25 Gb Available in Paging File | 87.84% Paging File free
Paging file location(s): C:\pagefile.sys 3069 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 297.97 Gb Total Space | 223.57 Gb Free Space | 75.03% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 602.13 Gb Free Space | 64.64% Space Free | Partition Type: NTFS

Computer Name: UBANGIE | User Name: Gitarman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/22 13:43:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sherman\My Documents\OTL\OTL.exe
PRC - [2012/01/02 08:02:53 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/11 15:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/04/16 16:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe
PRC - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/06/24 18:56:38 | 000,431,384 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/18 17:02:08 | 000,069,632 | ---- | M] (Nikon Corporation) -- C:\Program Files\Nikon\WT-4 Setup Utility\NkPtpEnum.exe
PRC - [2007/11/12 17:19:44 | 000,467,028 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2006/03/03 20:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/04/25 05:50:08 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2005/04/25 05:49:52 | 000,086,142 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/02 08:02:52 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/04 16:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/02/05 10:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/06/20 08:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 08:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/13 16:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 16:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe

========== Win32 Services (SafeList) ==========

SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/11 15:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/16 16:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/06/24 18:56:38 | 000,431,384 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2008/01/18 17:02:08 | 000,069,632 | ---- | M] (Nikon Corporation) [Auto | Running] -- C:\Program Files\Nikon\WT-4 Setup Utility\NkPtpEnum.exe -- (NkPtpEnumWT3)
SRV - [2007/11/12 17:19:44 | 000,467,028 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/03/03 20:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/04/25 05:49:52 | 000,086,142 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel®

========== Driver Services (SafeList) ==========

DRV - [2012/01/22 11:16:42 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/30 18:25:03 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111223.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/09 19:43:16 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/11/09 19:43:15 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/09/14 22:59:15 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120120.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/09/14 22:59:15 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120120.004\NAVENG.SYS -- (NAVENG)
DRV - [2011/09/14 04:12:08 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120119.006\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/07/22 08:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 13:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/25 23:09:00 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/30 19:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 19:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 16:39:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/14 18:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/02/23 16:04:32 | 000,013,496 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2011/01/26 22:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2010/11/15 17:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010/08/21 11:44:02 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/08/21 11:44:02 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010/08/21 11:43:57 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/08/21 11:43:53 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2010/05/14 14:04:02 | 006,842,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Pro Webcam C910(UVC)
DRV - [2010/05/14 14:02:48 | 000,066,528 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvselsus.sys -- (lvselsus)
DRV - [2010/05/14 14:02:26 | 000,276,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/05/14 13:58:58 | 000,020,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvbusflt.sys -- (CompFilter)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/04/13 10:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/02/09 14:31:53 | 000,026,112 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2008/01/18 17:02:14 | 000,017,824 | ---- | M] (Nikon Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NkVBus.sys -- (VBus)
DRV - [2008/01/17 16:34:34 | 000,418,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WNDA31.sys -- (WNDA3100)
DRV - [2007/11/22 10:21:32 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/09/28 13:09:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2006/11/02 00:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/02/05 16:06:27 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2005/03/25 13:42:56 | 000,132,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/08/12 17:40:50 | 000,904,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2004/08/06 19:29:14 | 000,006,656 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfModNT)
DRV - [2004/08/06 12:43:26 | 000,366,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2004/07/13 12:15:48 | 000,148,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2004/07/13 12:13:14 | 000,145,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2004/07/13 12:12:36 | 000,130,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/07/13 12:11:58 | 000,006,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2004/07/13 12:11:28 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2004/07/13 12:09:32 | 000,645,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2004/07/05 08:12:00 | 000,014,336 | R--- | M] (Cisco-Linksys, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BEFCMU10V4XP.sys -- (BEFCMU10V4XP)
DRV - [2004/06/16 00:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 01:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 01:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 01:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/12/04 10:33:20 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2k)
DRV - [2003/11/12 23:11:54 | 000,333,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/08/18 14:33:48 | 000,014,564 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PCLEPCI.sys -- (PCLEPCI)
DRV - [2003/07/24 11:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2002/11/08 16:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2002/07/17 07:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)
DRV - [2002/06/13 14:08:46 | 000,014,604 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001/11/05 08:23:52 | 000,299,923 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonyhcs.sys -- (sonyhcs)
DRV - [2001/11/05 08:23:14 | 000,006,097 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sonyhcb.sys -- (sonyhcb)
DRV - [2001/10/02 07:37:40 | 000,017,432 | ---- | M] (lecs Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\IcRecUsb.sys -- (IcRecUsb)
DRV - [2001/08/17 14:05:44 | 000,141,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Icam3.sys -- (ICAM3NT5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsof...arch/search.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsof...obby/search.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 69 D4 64 00 5E D7 84 45 86 FE D4 B9 27 A4 2D EA [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 69 D4 64 00 5E D7 84 45 86 FE D4 B9 27 A4 2D EA [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 69 D4 64 00 5E D7 84 45 86 FE D4 B9 27 A4 2D EA [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 69 D4 64 00 5E D7 84 45 86 FE D4 B9 27 A4 2D EA [binary data]

IE - HKU\S-1-5-21-2195040411-3469293690-431585837-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsof...arch/search.asp
IE - HKU\S-1-5-21-2195040411-3469293690-431585837-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsof...obby/search.asp
IE - HKU\S-1-5-21-2195040411-3469293690-431585837-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2195040411-3469293690-431585837-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2195040411-3469293690-431585837-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/m/
IE - HKU\S-1-5-21-2195040411-3469293690-431585837-1006\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 69 D4 64 00 5E D7 84 45 86 FE D4 B9 27 A4 2D EA [binary data]
IE - HKU\S-1-5-21-2195040411-3469293690-431585837-1006\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2195040411-3469293690-431585837-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2195040411-3469293690-431585837-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2195040411-3469293690-431585837-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://google.com"
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..keyword.URL: "http://vshare.toolba...spx?srch=ku&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Sherman\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Sherman\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Sherman\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Sherman\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/10/09 09:59:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_4_3 [2012/01/22 15:47:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/02 08:02:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/21 10:09:19 | 000,000,000 | ---D | M]

[2010/05/21 08:16:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sherman\Application Data\Mozilla\Extensions
[2010/05/21 08:16:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sherman\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/07/29 09:48:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sherman\Application Data\Mozilla\Firefox\Profiles\ln0itgw4.default\extensions
[2010/09/10 20:30:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sherman\Application Data\Mozilla\Firefox\Profiles\ln0itgw4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/07 09:50:36 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Sherman\Application Data\Mozilla\Firefox\Profiles\ln0itgw4.default\extensions\{3e5cb8ed-d477-468f-bc46-8b0a710ba2b5}
[2011/03/27 10:25:27 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Sherman\Application Data\Mozilla\Firefox\Profiles\ln0itgw4.default\extensions\[email protected]
[2010/10/17 10:31:47 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\Sherman\Application Data\Mozilla\Firefox\Profiles\ln0itgw4.default\searchplugins\web-search.xml
[2008/09/01 07:33:47 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\Sherman\Application Data\Mozilla\Firefox\Profiles\ln0itgw4.default\searchplugins\winamp-search.xml
[2011/05/19 22:08:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/21 18:25:13 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/04/24 15:08:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/25 10:10:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2012/01/02 08:02:54 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/01/22 22:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/02 08:02:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/02 08:02:49 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/01/29 15:35:21 | 000,430,261 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 14798 more lines...
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-2195040411-3469293690-431585837-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2195040411-3469293690-431585837-1006\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKU\S-1-5-21-2195040411-3469293690-431585837-1006\..\Toolbar\WebBrowser: (no name) - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - No CLSID value found.
O3 - HKU\S-1-5-21-2195040411-3469293690-431585837-1006\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Mee-Kyung\Start Menu\Programs\Startup\ViiKiiDesktopPlugin.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = B1 00 00 00 [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = B1 00 00 00 [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2195040411-3469293690-431585837-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-21-2195040411-3469293690-431585837-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MSO07\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Voice Editing Launcher - C:\Program Files\Panasonic\Voice Editing\VEd1_IEMenu.html ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - mswsock.dll File not found
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} http://fpdownload2.m...ash/swflash.cab (Reg Error: Value error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,26/mcgdmgr.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{727D0E8D-82A2-4882-8E33-70AE93682D8B}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Sherman\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sherman\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (relog_ap) -C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/19 13:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = mdaw] -- "C:\Documents and Settings\LocalService\Local Settings\Application Data\qkm.exe" -a "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = mdaw] -- "C:\Documents and Settings\LocalService\Local Settings\Application Data\qkm.exe" -a "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/22 15:25:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sherman\My Documents\OTL
[2012/01/22 11:16:42 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/01/20 20:57:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/20 20:57:50 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/20 20:57:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/15 19:48:14 | 001,972,528 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Sherman\My Documents\tdsskiller.exe
[2012/01/15 11:35:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sherman\Application Data\SUPERAntiSpyware.com
[2012/01/15 11:35:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/01/15 11:34:57 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/01/15 11:34:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/01/15 10:58:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sherman\My Documents\PC Stuff
[2012/01/02 09:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sherman\Local Settings\Application Data\PackageAware
[2011/12/30 07:38:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/12/30 07:37:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/30 07:31:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/12/30 07:31:45 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/12/30 07:30:10 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2011/12/24 19:48:38 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sherman\IECompatCache
[2011/12/24 10:32:36 | 000,000,000 | ---D | C] -- C:\logs
[2008/08/14 18:02:05 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
[2006/02/05 15:50:41 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2005/07/17 06:00:47 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE
[2005/07/17 06:00:46 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[1 C:\Documents and Settings\Sherman\*.tmp files -> C:\Documents and Settings\Sherman\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/22 15:48:41 | 000,007,330 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/01/22 15:47:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/22 15:47:44 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/22 15:47:43 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2012/01/22 15:47:43 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2012/01/22 15:47:39 | 003,720,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/22 15:46:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/22 15:36:20 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/22 15:21:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2195040411-3469293690-431585837-1006UA.job
[2012/01/22 14:47:45 | 000,033,120 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000003-00001102-00000004-20061102}.rfx
[2012/01/22 14:47:45 | 000,033,120 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000003-00001102-00000004-20061102}.rfx
[2012/01/22 14:47:45 | 000,032,088 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-00000003-00001102-00000004-20061102}.rfx
[2012/01/22 14:47:45 | 000,032,088 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-00000003-00001102-00000004-20061102}.rfx
[2012/01/22 14:47:45 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2012/01/22 14:47:45 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2012/01/22 14:47:45 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000005-00000000-00000003-00001102-00000004-20061102}.dat
[2012/01/22 14:47:45 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000003-00001102-00000004-20061102}.dat
[2012/01/22 13:10:09 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/22 11:16:42 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/01/21 10:09:19 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/01/20 22:21:42 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2195040411-3469293690-431585837-1006Core.job
[2012/01/20 20:57:52 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Sherman\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/01/20 20:57:52 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/17 02:33:06 | 004,932,601 | ---- | M] () -- C:\WINDOWS\{00000005-00000000-00000003-00001102-00000004-20061102}.CDF
[2012/01/17 02:00:01 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-UBANGIE-Sherman.job
[2012/01/15 19:48:23 | 001,972,528 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Sherman\My Documents\tdsskiller.exe
[2012/01/15 19:29:30 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2012/01/15 13:59:30 | 000,001,690 | ---- | M] () -- C:\Documents and Settings\Sherman\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/15 11:16:21 | 000,008,987 | ---- | M] () -- C:\Documents and Settings\Sherman\Application Data\1273fa69
[2012/01/15 11:16:21 | 000,008,949 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\cc17aff5
[2012/01/15 11:16:21 | 000,008,886 | ---- | M] () -- C:\Documents and Settings\Sherman\Local Settings\Application Data\1fb013d
[2012/01/13 07:58:42 | 000,445,798 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/13 07:58:42 | 000,073,004 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/08 11:57:13 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/01/08 11:44:01 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\Sherman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/08 11:41:03 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2012/01/08 11:26:59 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2012/01/01 22:53:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/01/01 16:04:48 | 000,007,204 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/12/30 09:39:58 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Sherman\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/12/30 07:51:24 | 000,088,168 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/12/30 07:38:43 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/12/30 07:29:51 | 000,001,152 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2011/12/24 11:05:34 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/12/24 09:05:16 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Sherman\Desktop\Microsoft Office Word 2003.lnk
[1 C:\Documents and Settings\Sherman\*.tmp files -> C:\Documents and Settings\Sherman\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/21 10:09:19 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/21 10:09:19 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/01/20 20:57:52 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Sherman\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/01/20 20:57:52 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/15 13:59:30 | 000,001,690 | ---- | C] () -- C:\Documents and Settings\Sherman\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/15 00:10:09 | 000,008,987 | ---- | C] () -- C:\Documents and Settings\Sherman\Application Data\1273fa69
[2012/01/15 00:10:09 | 000,008,886 | ---- | C] () -- C:\Documents and Settings\Sherman\Local Settings\Application Data\1fb013d
[2012/01/15 00:00:36 | 000,008,977 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\3ec07787
[2012/01/15 00:00:36 | 000,008,958 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\606cc6db
[2012/01/14 23:55:58 | 000,008,949 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\cc17aff5
[2011/12/30 07:38:43 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/12/30 07:30:17 | 000,002,205 | ---- | C] () -- C:\Documents and Settings\Sherman\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/12/30 07:30:17 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/12/30 07:30:17 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2011/08/22 05:32:03 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/08/22 05:32:03 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/07/06 22:28:47 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\Sherman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/06 14:25:24 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Sherman\Local Settings\Application Data\fusioncache.dat
[2011/04/09 10:32:21 | 000,029,520 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/04/09 10:32:21 | 000,013,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2010/08/23 21:59:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/22 05:13:46 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/08/21 11:43:53 | 000,368,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\tdrpman.sys_backup
[2010/08/15 23:49:48 | 000,612,352 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/16 13:40:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2010/05/16 10:15:04 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Sampler Files
[2010/05/16 10:15:04 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Sherman\Application Data\Rock Kit
[2010/05/16 10:15:04 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdx.DAT
[2010/05/16 10:13:15 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Scripts Menu
[2010/05/16 10:13:15 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Sherman\Application Data\Sampler Instruments
[2010/05/16 10:13:14 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLeq.DAT
[2010/05/16 10:03:50 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Sampler Instruments
[2010/05/16 10:03:50 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Sherman\Application Data\Rule Actions
[2010/05/16 10:03:50 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010/05/16 10:02:12 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Sampler
[2010/05/16 10:02:12 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Sherman\Application Data\Rock
[2010/05/16 10:02:12 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/05/14 13:56:06 | 010,830,680 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/05/14 13:56:06 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/05/14 13:55:58 | 000,290,648 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/05/14 13:47:00 | 000,090,071 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/05/07 18:46:36 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2010/01/18 09:13:44 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/06/19 00:59:57 | 000,088,168 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/02/27 20:20:39 | 000,000,015 | ---- | C] () -- C:\WINDOWS\System32\Ve_pm.dll
[2009/02/27 20:20:39 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\Voicech.dll
[2009/01/24 08:31:00 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/12/27 22:03:29 | 000,000,098 | ---- | C] () -- C:\WINDOWS\pixcache.ini
[2008/08/14 18:02:04 | 000,748,167 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll
[2008/08/14 18:02:02 | 000,000,167 | ---- | C] () -- C:\WINDOWS\teensmrt.ini
[2008/01/05 17:05:42 | 000,001,778 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/11/12 17:13:20 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2007/11/04 14:35:43 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\059D3663D1.sys
[2007/10/06 13:37:41 | 000,000,425 | ---- | C] () -- C:\WINDOWS\dmwd.ini
[2007/09/16 10:48:36 | 000,007,204 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/09/16 10:48:36 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\898D76B5CB.sys
[2007/06/05 12:20:32 | 000,177,704 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2006/11/27 21:59:14 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2006/10/21 16:24:33 | 000,117,120 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2006/10/21 16:24:25 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/10/18 20:11:46 | 000,000,315 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2006/05/05 15:19:28 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2006/04/20 22:27:05 | 000,036,734 | ---- | C] () -- C:\WINDOWS\System32\OggDSuninst.exe
[2006/04/16 21:32:22 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\akrip32.dll
[2006/04/06 10:11:20 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/03/31 23:42:45 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/03/11 10:29:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\prestopm.INI
[2006/03/09 23:49:33 | 000,107,134 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2006/03/09 23:49:25 | 000,002,956 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/02/05 22:22:48 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2006/02/05 20:09:24 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2005/12/10 21:03:53 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/11/23 20:55:55 | 000,000,604 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2005/11/23 20:54:05 | 000,000,189 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2005/11/23 20:53:56 | 000,047,616 | R--- | C] () -- C:\WINDOWS\ucmsp_32.dll
[2005/11/23 20:53:46 | 000,006,932 | ---- | C] () -- C:\WINDOWS\System32\glscan.sys
[2005/11/23 20:50:09 | 000,000,019 | ---- | C] () -- C:\WINDOWS\OPLEINST.INI
[2005/11/23 20:42:09 | 000,000,016 | ---- | C] () -- C:\WINDOWS\Temp.ini
[2005/11/23 20:38:11 | 000,000,026 | ---- | C] () -- C:\WINDOWS\Debug.ini
[2005/11/05 10:02:02 | 000,000,285 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2005/09/05 13:55:57 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/08/21 13:42:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/08/05 13:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 11:59:55 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe
[2005/07/30 11:21:23 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2005/07/27 09:25:25 | 000,036,660 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/07/26 00:32:58 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2005/07/25 20:05:05 | 000,000,715 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2005/07/25 20:02:34 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/07/17 06:15:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/07/17 06:08:36 | 000,001,944 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/07/17 06:03:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/07/17 06:01:07 | 001,247,400 | ---- | C] () -- C:\WINDOWS\System32\CTAA1.DAT
[2005/07/17 06:01:06 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2005/07/17 06:01:06 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/07/17 06:00:53 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000005-00000000-00000003-00001102-00000004-20061102}.dat
[2005/07/17 06:00:53 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000003-00001102-00000004-20061102}.dat
[2005/07/17 06:00:48 | 000,014,424 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2005/07/17 06:00:48 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/07/17 06:00:47 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2005/07/17 06:00:47 | 000,127,226 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2005/07/17 06:00:47 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2005/07/17 06:00:47 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2005/07/17 06:00:47 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005/07/17 06:00:27 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/07/17 05:40:04 | 000,264,466 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2005/07/17 05:40:04 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2005/07/17 05:40:00 | 000,000,017 | ---- | C] () -- C:\WINDOWS\System32\drivers\DVEMODEM.DAT
[2005/07/17 05:39:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/07/17 05:39:24 | 000,000,377 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/02/03 19:59:48 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\metaflac.exe
[2005/02/03 19:59:44 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\flac.exe
[2004/08/19 13:20:39 | 000,000,884 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/19 13:12:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/19 13:03:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/19 13:01:43 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/19 12:57:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/19 12:57:07 | 003,720,408 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/19 12:49:51 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/19 12:49:47 | 000,445,798 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/19 12:49:47 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/19 12:49:47 | 000,073,004 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/19 12:49:47 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/19 12:49:47 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/19 12:49:44 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/19 12:49:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/19 12:49:38 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/19 12:49:38 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/19 12:49:30 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/19 12:49:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/04/18 15:43:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/04/18 15:43:44 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2002/10/06 10:42:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 15:04:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/04 15:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 15:04:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2001/07/07 02:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2011/12/11 20:19:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010/07/24 13:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/03/20 21:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\com.comcast.access
[2008/01/27 17:16:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/05/16 10:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2006/07/04 10:12:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2011/03/12 14:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeApp
[2009/08/02 23:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2008/12/28 13:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Genie-Soft
[2011/04/09 10:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2008/04/14 19:45:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JCreator
[2008/05/24 00:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
[2008/06/23 20:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NetgearLANUpdate
[2010/05/16 10:02:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2005/07/26 00:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2010/05/16 10:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\People
[2010/05/16 10:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Piano Med
[2010/05/16 10:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Plug-Ins
[2011/08/25 22:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/05/16 10:13:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sci-Fi
[2010/08/21 11:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010/08/21 22:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2008/05/24 00:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tanagra
[2007/12/22 22:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/05/16 10:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2007/01/27 20:59:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/05/17 09:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/07/06 16:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wondershare
[2009/03/19 23:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/04 07:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/12 16:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/09 23:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/12/28 13:36:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellisa\Application Data\Genie-soft
[2008/04/14 19:48:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellisa\Application Data\JCreator
[2008/05/31 14:36:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellisa\Application Data\Memeo
[2005/08/13 10:50:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellisa\Application Data\Otto
[2011/02/21 14:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellisa\Application Data\PriceGong
[2007/07/11 20:00:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellisa\Application Data\Snapfish
[2007/01/29 19:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellisa\Application Data\Viewpoint
[2007/03/01 16:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Viewpoint
[2008/12/28 13:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mee-Kyung\Application Data\Genie-soft
[2008/05/25 18:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mee-Kyung\Application Data\Memeo
[2011/03/13 16:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mee-Kyung\Application Data\TigerPlayer
[2012/01/03 17:01:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mee-Kyung\Application Data\Unity
[2007/01/28 21:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mee-Kyung\Application Data\Viewpoint
[2010/06/23 20:35:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mee-Kyung\Application Data\ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1
[2009/01/17 10:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\Genie-soft
[2008/05/31 10:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\Memeo
[2012/01/22 14:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\BitComet
[2007/10/04 13:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\Canon
[2010/03/20 21:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1
[2011/01/23 16:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\CometPlayer
[2006/12/19 07:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\G-Force
[2009/08/02 23:53:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\GARMIN
[2008/12/28 13:35:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\Genie-soft
[2010/03/13 09:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\GlarySoft
[2011/06/17 22:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\HDRsoft
[2011/03/12 15:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\IObit
[2008/04/14 19:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\JCreator
[2005/07/25 21:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\Leadertech
[2008/07/27 12:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\LimeWire
[2008/05/24 00:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\Memeo
[2008/02/29 22:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\NCH Swift Sound
[2010/05/16 10:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\Nikon
[2005/07/26 00:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\Otto
[2010/08/15 11:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\Publish Providers
[2005/12/10 21:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\Simple Star
[2008/10/06 22:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\SmartDraw
[2008/04/05 12:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\Snapfish
[2010/08/20 06:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\Sony
[2006/12/16 09:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\SoundSpectrum
[2011/05/10 22:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\TeamViewer
[2008/12/22 19:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\Thinstall
[2010/05/21 08:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\Thunderbird
[2011/01/23 16:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\tigerplayer
[2007/01/27 20:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\Viewpoint
[2010/12/12 11:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\WeatherBug
[2012/01/01 22:53:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012/01/22 15:47:43 | 000,000,330 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2012/01/22 15:47:43 | 000,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag_Startup.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2005/12/05 19:22:49 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe

< MD5 for: EXPLORER.EXE >
[2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 03:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 02:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/10 02:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/10 02:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe
[2004/08/10 02:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/10 02:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/10 02:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/10 02:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/10 02:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< End of report >

Attached Files

OTL.Txt 141.96KB 76 downloads

#4
gitarman

Posted 22 January 2012 - 07:04 PM

Member

Topic Starter
Member
10 posts

Hi,

Ran aswMBR. Attached is the log.

Thanks,
gitarman

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-22 16:35:06
-----------------------------
16:35:06.609 OS Version: Windows 5.1.2600 Service Pack 3
16:35:06.609 Number of processors: 2 586 0x404
16:35:06.609 ComputerName: UBANGIE UserName:
16:35:07.687 Initialize success
16:36:44.546 AVAST engine defs: 12012201
16:37:02.046 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:37:02.046 Disk 0 Vendor: Intel___ 1.0. Size: 305171MB BusType: 3
16:37:02.062 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-0
16:37:02.062 Disk 1 Vendor: ST310005 CC3E Size: 953869MB BusType: 3
16:37:02.078 Disk 0 MBR read successfully
16:37:02.078 Disk 0 MBR scan
16:37:02.109 Disk 0 MBR:Pihar-C [Rtk]
16:37:02.109 Disk 0 TDL4@MBR code has been found
16:37:02.125 Disk 0 Windows XP default MBR code found via API
16:37:02.125 Disk 0 MBR hidden
16:37:02.140 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 39 MB offset 63
16:37:02.156 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 305125 MB offset 80325
16:37:02.171 Disk 0 MBR [TDL4] **ROOTKIT**
16:37:02.187 Disk 0 trace - called modules:
16:37:02.203 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xabbf5ff0]<<
16:37:02.203 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a743ab8]
16:37:02.218 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x88ac5190]
16:37:02.234 \Driver\00001563[0x88aec760] -> IRP_MJ_CREATE -> 0xabbf5ff0
16:37:03.171 AVAST engine scan C:\WINDOWS
16:37:13.562 AVAST engine scan C:\WINDOWS\system32
16:39:12.875 AVAST engine scan C:\WINDOWS\system32\drivers
16:39:23.718 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Smadow [Rtk]
16:39:31.796 AVAST engine scan C:\Documents and Settings\Sherman
16:54:33.734 AVAST engine scan C:\Documents and Settings\All Users
16:57:30.250 Scan finished successfully
17:02:09.562 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Sherman\My Documents\OTL\MBR.dat"
17:02:09.578 The log file has been saved successfully to "C:\Documents and Settings\Sherman\My Documents\OTL\aswMBR.txt"

Attached Files

aswMBR.txt 2.18KB 78 downloads

#5
Essexboy

Posted 23 January 2012 - 12:30 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi you have a double infection, both TDL4 and zero access. We will try to get both in one go

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 69 D4 64 00 5E D7 84 45 86 FE D4 B9 27 A4 2D EA [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 69 D4 64 00 5E D7 84 45 86 FE D4 B9 27 A4 2D EA [binary data]
IE - HKU\S-1-5-21-2195040411-3469293690-431585837-1006\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 69 D4 64 00 5E D7 84 45 86 FE D4 B9 27 A4 2D EA [binary data]
O3 - HKU\S-1-5-21-2195040411-3469293690-431585837-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2195040411-3469293690-431585837-1006\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKU\S-1-5-21-2195040411-3469293690-431585837-1006\..\Toolbar\WebBrowser: (no name) - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - No CLSID value found.
O3 - HKU\S-1-5-21-2195040411-3469293690-431585837-1006\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O37 - HKU\.DEFAULT\...exe [@ = mdaw] -- "C:\Documents and Settings\LocalService\Local Settings\Application Data\qkm.exe" -a "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = mdaw] -- "C:\Documents and Settings\LocalService\Local Settings\Application Data\qkm.exe" -a "%1" %*
[2012/01/15 11:16:21 | 000,008,987 | ---- | M] () -- C:\Documents and Settings\Sherman\Application Data\1273fa69
[2012/01/15 11:16:21 | 000,008,949 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\cc17aff5
[2012/01/15 11:16:21 | 000,008,886 | ---- | M] () -- C:\Documents and Settings\Sherman\Local Settings\Application Data\1fb013d
[2012/01/15 00:10:09 | 000,008,987 | ---- | C] () -- C:\Documents and Settings\Sherman\Application Data\1273fa69
[2012/01/15 00:10:09 | 000,008,886 | ---- | C] () -- C:\Documents and Settings\Sherman\Local Settings\Application Data\1fb013d
[2012/01/15 00:00:36 | 000,008,977 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\3ec07787
[2012/01/15 00:00:36 | 000,008,958 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\606cc6db
[2012/01/14 23:55:58 | 000,008,949 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\cc17aff5
[2011/02/21 14:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellisa\Application Data\PriceGong

:Reg
[HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[HKU\S-1-5-21-2195040411-3469293690-431585837-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
Allow the installation of the recovery console
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

FINALLY

Re-Run aswMBR

Click Scan

On completion of the scanClick the Fix Button

Posted Image

Save the log as before and post in your next reply

#6
gitarman

Posted 23 January 2012 - 02:53 PM

Member

Topic Starter
Member
10 posts

Hi,

Many thanks for promptly addressing my issues! I will give this a try tonight when I get home and will post the results.

Thanks again!

#7
Essexboy

Posted 23 January 2012 - 02:59 PM

GeekU Moderator

Retired Staff
69,964 posts

If you could run them one after the other (allowing for reboots) then fingers crossed it will be just a tidying up to do

#8
gitarman

Posted 24 January 2012 - 12:53 AM

Member

Topic Starter
Member
10 posts

Hi,

I ran OTL - clicked Run Fix then Quick Scan (log is attached).

I then ran ComboFix (log is also attached). The computer is running much better now (booting it up is noticeably quicker and so far, I don't see Norton pop up telling me "System Infected: Tidserv Activity 2").

Finally, I ran aswMBR -- clicked Scan then Fix (log is attached).

Please let me know if you have additional steps for me to perform.

Thanks!

OTL logfile created on: 1/23/2012 7:45:08 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Sherman\My Documents\OTL
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 68.22% Memory free
4.84 Gb Paging File | 4.42 Gb Available in Paging File | 91.27% Paging File free
Paging file location(s): C:\pagefile.sys 3069 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 297.97 Gb Total Space | 224.79 Gb Free Space | 75.44% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 602.13 Gb Free Space | 64.64% Space Free | Partition Type: NTFS

Computer Name: UBANGIE | User Name: Gitarman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/22 13:43:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sherman\My Documents\OTL\OTL.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/11 15:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/04/16 16:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe
PRC - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/06/24 18:56:38 | 000,431,384 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/18 17:02:08 | 000,069,632 | ---- | M] (Nikon Corporation) -- C:\Program Files\Nikon\WT-4 Setup Utility\NkPtpEnum.exe
PRC - [2007/11/12 17:19:44 | 000,467,028 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2006/03/03 20:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/04/25 05:50:08 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2005/04/25 05:49:52 | 000,086,142 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

========== Modules (No Company Name) ==========

MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/04 16:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/02/05 10:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/06/20 08:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 08:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/13 16:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 16:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe

========== Win32 Services (SafeList) ==========

SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/11 15:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/16 16:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/06/24 18:56:38 | 000,431,384 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2008/01/18 17:02:08 | 000,069,632 | ---- | M] (Nikon Corporation) [Auto | Running] -- C:\Program Files\Nikon\WT-4 Setup Utility\NkPtpEnum.exe -- (NkPtpEnumWT3)
SRV - [2007/11/12 17:19:44 | 000,467,028 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/03/03 20:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/04/25 05:49:52 | 000,086,142 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel®

========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/30 18:25:03 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111223.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/09 19:43:16 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/11/09 19:43:15 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/09/14 22:59:15 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120120.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/09/14 22:59:15 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120120.004\NAVENG.SYS -- (NAVENG)
DRV - [2011/09/14 04:12:08 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120119.006\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/07/22 08:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 13:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/25 23:09:00 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/30 19:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 19:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 16:39:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/14 18:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/02/23 16:04:32 | 000,013,496 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2011/01/26 22:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2010/11/15 17:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010/08/21 11:44:02 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/08/21 11:44:02 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010/08/21 11:43:57 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/08/21 11:43:53 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2010/05/14 14:04:02 | 006,842,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Pro Webcam C910(UVC)
DRV - [2010/05/14 14:02:48 | 000,066,528 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvselsus.sys -- (lvselsus)
DRV - [2010/05/14 14:02:26 | 000,276,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/05/14 13:58:58 | 000,020,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvbusflt.sys -- (CompFilter)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/04/13 10:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/02/09 14:31:53 | 000,026,112 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2008/01/18 17:02:14 | 000,017,824 | ---- | M] (Nikon Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NkVBus.sys -- (VBus)
DRV - [2008/01/17 16:34:34 | 000,418,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WNDA31.sys -- (WNDA3100)
DRV - [2007/11/22 10:21:32 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/09/28 13:09:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2006/11/02 00:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/02/05 16:06:27 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2005/03/25 13:42:56 | 000,132,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/08/12 17:40:50 | 000,904,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2004/08/06 19:29:14 | 000,006,656 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfModNT)
DRV - [2004/08/06 12:43:26 | 000,366,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2004/07/13 12:15:48 | 000,148,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2004/07/13 12:13:14 | 000,145,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2004/07/13 12:12:36 | 000,130,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/07/13 12:11:58 | 000,006,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2004/07/13 12:11:28 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2004/07/13 12:09:32 | 000,645,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2004/07/05 08:12:00 | 000,014,336 | R--- | M] (Cisco-Linksys, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BEFCMU10V4XP.sys -- (BEFCMU10V4XP)
DRV - [2004/06/16 00:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 01:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 01:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 01:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/12/04 10:33:20 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2k)
DRV - [2003/11/12 23:11:54 | 000,333,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/08/18 14:33:48 | 000,014,564 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PCLEPCI.sys -- (PCLEPCI)
DRV - [2003/07/24 11:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2002/11/08 16:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2002/07/17 07:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)
DRV - [2002/06/13 14:08:46 | 000,014,604 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001/11/05 08:23:52 | 000,299,923 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonyhcs.sys -- (sonyhcs)
DRV - [2001/11/05 08:23:14 | 000,006,097 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sonyhcb.sys -- (sonyhcb)
DRV - [2001/10/02 07:37:40 | 000,017,432 | ---- | M] (lecs Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\IcRecUsb.sys -- (IcRecUsb)
DRV - [2001/08/17 14:05:44 | 000,141,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Icam3.sys -- (ICAM3NT5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsof...arch/search.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsof...obby/search.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsof...arch/search.asp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsof...obby/search.asp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/m/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://google.com"
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..keyword.URL: "http://vshare.toolba...spx?srch=ku&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Sherman\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Sherman\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Sherman\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Sherman\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/10/09 09:59:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_4_3 [2012/01/23 19:40:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/02 08:02:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/21 10:09:19 | 000,000,000 | ---D | M]

[2010/05/21 08:16:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sherman\Application Data\Mozilla\Extensions
[2010/05/21 08:16:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sherman\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/07/29 09:48:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sherman\Application Data\Mozilla\Firefox\Profiles\ln0itgw4.default\extensions
[2010/09/10 20:30:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sherman\Application Data\Mozilla\Firefox\Profiles\ln0itgw4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/07 09:50:36 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Sherman\Application Data\Mozilla\Firefox\Profiles\ln0itgw4.default\extensions\{3e5cb8ed-d477-468f-bc46-8b0a710ba2b5}
[2011/03/27 10:25:27 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Sherman\Application Data\Mozilla\Firefox\Profiles\ln0itgw4.default\extensions\[email protected]
[2010/10/17 10:31:47 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\Sherman\Application Data\Mozilla\Firefox\Profiles\ln0itgw4.default\searchplugins\web-search.xml
[2008/09/01 07:33:47 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\Sherman\Application Data\Mozilla\Firefox\Profiles\ln0itgw4.default\searchplugins\winamp-search.xml
[2011/05/19 22:08:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/21 18:25:13 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/04/24 15:08:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/25 10:10:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2012/01/02 08:02:54 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/01/22 22:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/02 08:02:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/02 08:02:49 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/23 19:25:03 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MSO07\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Voice Editing Launcher - C:\Program Files\Panasonic\Voice Editing\VEd1_IEMenu.html ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - mswsock.dll File not found
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} http://fpdownload2.m...ash/swflash.cab (Reg Error: Value error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,26/mcgdmgr.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{727D0E8D-82A2-4882-8E33-70AE93682D8B}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Sherman\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sherman\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (relog_ap) -C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/19 13:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/23 19:24:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/22 15:25:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sherman\My Documents\OTL
[2012/01/20 20:57:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/20 20:57:50 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/20 20:57:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/15 19:48:14 | 001,972,528 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Sherman\My Documents\tdsskiller.exe
[2012/01/15 11:35:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sherman\Application Data\SUPERAntiSpyware.com
[2012/01/15 11:35:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/01/15 11:34:57 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/01/15 11:34:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/01/15 10:58:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sherman\My Documents\PC Stuff
[2012/01/02 09:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sherman\Local Settings\Application Data\PackageAware
[2011/12/30 07:38:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/12/30 07:37:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/30 07:31:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/12/30 07:31:45 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/12/30 07:30:10 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2008/08/14 18:02:05 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
[2006/02/05 15:50:41 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2005/07/17 06:00:47 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE
[2005/07/17 06:00:46 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[1 C:\Documents and Settings\Sherman\*.tmp files -> C:\Documents and Settings\Sherman\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/23 19:41:05 | 000,007,330 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/01/23 19:40:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/23 19:40:07 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/23 19:40:06 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2012/01/23 19:40:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2012/01/23 19:39:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/23 19:38:42 | 000,033,120 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000003-00001102-00000004-20061102}.rfx
[2012/01/23 19:38:42 | 000,033,120 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000003-00001102-00000004-20061102}.rfx
[2012/01/23 19:38:42 | 000,032,088 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-00000003-00001102-00000004-20061102}.rfx
[2012/01/23 19:38:42 | 000,032,088 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-00000003-00001102-00000004-20061102}.rfx
[2012/01/23 19:38:42 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2012/01/23 19:38:42 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2012/01/23 19:38:42 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000005-00000000-00000003-00001102-00000004-20061102}.dat
[2012/01/23 19:38:42 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000003-00001102-00000004-20061102}.dat
[2012/01/23 19:33:06 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/23 19:25:03 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/01/23 19:21:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2195040411-3469293690-431585837-1006UA.job
[2012/01/22 20:10:09 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/22 17:36:10 | 000,000,108 | ---- | M] () -- C:\Documents and Settings\Sherman\default.pls
[2012/01/22 17:36:03 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/01/22 17:32:17 | 000,000,209 | -HS- | M] () -- C:\boot.ini
[2012/01/22 15:47:39 | 003,720,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/21 10:09:19 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/01/20 22:21:42 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2195040411-3469293690-431585837-1006Core.job
[2012/01/20 20:57:52 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Sherman\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/01/20 20:57:52 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/17 02:33:06 | 004,932,601 | ---- | M] () -- C:\WINDOWS\{00000005-00000000-00000003-00001102-00000004-20061102}.CDF
[2012/01/17 02:00:01 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-UBANGIE-Sherman.job
[2012/01/15 19:48:23 | 001,972,528 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Sherman\My Documents\tdsskiller.exe
[2012/01/15 19:29:30 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2012/01/15 13:59:30 | 000,001,690 | ---- | M] () -- C:\Documents and Settings\Sherman\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/13 07:58:42 | 000,445,798 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/13 07:58:42 | 000,073,004 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/08 11:44:01 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\Sherman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/08 11:41:03 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2012/01/08 11:26:59 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2012/01/01 22:53:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/01/01 16:04:48 | 000,007,204 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/12/30 09:39:58 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Sherman\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/12/30 07:51:24 | 000,088,168 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/12/30 07:38:43 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/12/30 07:29:51 | 000,001,152 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[1 C:\Documents and Settings\Sherman\*.tmp files -> C:\Documents and Settings\Sherman\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/21 10:09:19 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/21 10:09:19 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/01/20 20:57:52 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Sherman\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/01/20 20:57:52 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/15 13:59:30 | 000,001,690 | ---- | C] () -- C:\Documents and Settings\Sherman\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/30 07:38:43 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/12/30 07:30:17 | 000,002,205 | ---- | C] () -- C:\Documents and Settings\Sherman\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/12/30 07:30:17 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/12/30 07:30:17 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2011/08/22 05:32:03 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/08/22 05:32:03 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/07/06 22:28:47 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\Sherman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/06 14:25:24 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Sherman\Local Settings\Application Data\fusioncache.dat
[2011/04/09 10:32:21 | 000,029,520 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/04/09 10:32:21 | 000,013,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2010/08/23 21:59:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/22 05:13:46 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/08/21 11:43:53 | 000,368,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\tdrpman.sys_backup
[2010/08/15 23:49:48 | 000,612,352 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/16 13:40:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2010/05/16 10:15:04 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Sampler Files
[2010/05/16 10:15:04 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Sherman\Application Data\Rock Kit
[2010/05/16 10:15:04 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdx.DAT
[2010/05/16 10:13:15 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Scripts Menu
[2010/05/16 10:13:15 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Sherman\Application Data\Sampler Instruments
[2010/05/16 10:13:14 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLeq.DAT
[2010/05/16 10:03:50 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Sampler Instruments
[2010/05/16 10:03:50 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Sherman\Application Data\Rule Actions
[2010/05/16 10:03:50 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010/05/16 10:02:12 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Sampler
[2010/05/16 10:02:12 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Sherman\Application Data\Rock
[2010/05/16 10:02:12 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/05/14 13:56:06 | 010,830,680 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/05/14 13:56:06 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/05/14 13:55:58 | 000,290,648 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/05/14 13:47:00 | 000,090,071 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/05/07 18:46:36 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2010/01/18 09:13:44 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/06/19 00:59:57 | 000,088,168 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/02/27 20:20:39 | 000,000,015 | ---- | C] () -- C:\WINDOWS\System32\Ve_pm.dll
[2009/02/27 20:20:39 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\Voicech.dll
[2009/01/24 08:31:00 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/12/27 22:03:29 | 000,000,098 | ---- | C] () -- C:\WINDOWS\pixcache.ini
[2008/08/14 18:02:04 | 000,748,167 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll
[2008/08/14 18:02:02 | 000,000,167 | ---- | C] () -- C:\WINDOWS\teensmrt.ini
[2008/01/05 17:05:42 | 000,001,778 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/11/12 17:13:20 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2007/11/04 14:35:43 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\059D3663D1.sys
[2007/10/06 13:37:41 | 000,000,425 | ---- | C] () -- C:\WINDOWS\dmwd.ini
[2007/09/16 10:48:36 | 000,007,204 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/09/16 10:48:36 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\898D76B5CB.sys
[2007/06/05 12:20:32 | 000,177,704 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2006/11/27 21:59:14 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2006/10/21 16:24:33 | 000,117,120 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2006/10/21 16:24:25 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/10/18 20:11:46 | 000,000,315 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2006/05/05 15:19:28 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2006/04/20 22:27:05 | 000,036,734 | ---- | C] () -- C:\WINDOWS\System32\OggDSuninst.exe
[2006/04/16 21:32:22 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\akrip32.dll
[2006/04/06 10:11:20 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/03/31 23:42:45 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/03/11 10:29:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\prestopm.INI
[2006/03/09 23:49:33 | 000,107,134 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2006/03/09 23:49:25 | 000,002,956 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/02/05 22:22:48 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2006/02/05 20:09:24 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2005/12/10 21:03:53 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/11/23 20:55:55 | 000,000,604 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2005/11/23 20:54:05 | 000,000,189 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2005/11/23 20:53:56 | 000,047,616 | R--- | C] () -- C:\WINDOWS\ucmsp_32.dll
[2005/11/23 20:53:46 | 000,006,932 | ---- | C] () -- C:\WINDOWS\System32\glscan.sys
[2005/11/23 20:50:09 | 000,000,019 | ---- | C] () -- C:\WINDOWS\OPLEINST.INI
[2005/11/23 20:42:09 | 000,000,016 | ---- | C] () -- C:\WINDOWS\Temp.ini
[2005/11/23 20:38:11 | 000,000,026 | ---- | C] () -- C:\WINDOWS\Debug.ini
[2005/11/05 10:02:02 | 000,000,285 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2005/09/05 13:55:57 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/08/21 13:42:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/08/05 13:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 11:59:55 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe
[2005/07/30 11:21:23 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2005/07/27 09:25:25 | 000,036,660 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/07/26 00:32:58 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2005/07/25 20:05:05 | 000,000,715 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2005/07/25 20:02:34 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/07/17 06:15:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/07/17 06:08:36 | 000,001,944 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/07/17 06:03:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/07/17 06:01:07 | 001,247,400 | ---- | C] () -- C:\WINDOWS\System32\CTAA1.DAT
[2005/07/17 06:01:06 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2005/07/17 06:01:06 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/07/17 06:00:53 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000005-00000000-00000003-00001102-00000004-20061102}.dat
[2005/07/17 06:00:53 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000003-00001102-00000004-20061102}.dat
[2005/07/17 06:00:48 | 000,014,424 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2005/07/17 06:00:48 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/07/17 06:00:47 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2005/07/17 06:00:47 | 000,127,226 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2005/07/17 06:00:47 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2005/07/17 06:00:47 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2005/07/17 06:00:47 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005/07/17 06:00:27 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/07/17 05:40:04 | 000,264,466 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2005/07/17 05:40:04 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2005/07/17 05:40:00 | 000,000,017 | ---- | C] () -- C:\WINDOWS\System32\drivers\DVEMODEM.DAT
[2005/07/17 05:39:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/07/17 05:39:24 | 000,000,377 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/02/03 19:59:48 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\metaflac.exe
[2005/02/03 19:59:44 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\flac.exe
[2004/08/19 13:20:39 | 000,000,884 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/19 13:12:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/19 13:03:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/19 13:01:43 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/19 12:57:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/19 12:57:07 | 003,720,408 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/19 12:49:51 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/19 12:49:47 | 000,445,798 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/19 12:49:47 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/19 12:49:47 | 000,073,004 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/19 12:49:47 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/19 12:49:47 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/19 12:49:44 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/19 12:49:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/19 12:49:38 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/19 12:49:38 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/19 12:49:30 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/19 12:49:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/04/18 15:43:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/04/18 15:43:44 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2002/10/06 10:42:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 15:04:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/04 15:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 15:04:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2001/07/07 02:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2011/12/11 20:19:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010/07/24 13:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/03/20 21:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\com.comcast.access
[2008/01/27 17:16:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/05/16 10:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2006/07/04 10:12:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2011/03/12 14:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeApp
[2009/08/02 23:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2008/12/28 13:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Genie-Soft
[2011/04/09 10:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2008/04/14 19:45:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JCreator
[2008/05/24 00:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
[2008/06/23 20:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NetgearLANUpdate
[2010/05/16 10:02:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2005/07/26 00:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2010/05/16 10:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\People
[2010/05/16 10:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Piano Med
[2010/05/16 10:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Plug-Ins
[2011/08/25 22:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/05/16 10:13:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sci-Fi
[2010/08/21 11:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010/08/21 22:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2008/05/24 00:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tanagra
[2007/12/22 22:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/05/16 10:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2007/01/27 20:59:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/05/17 09:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/07/06 16:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wondershare
[2009/03/19 23:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/04 07:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/12 16:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/09 23:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012/01/22 14:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\BitComet
[2007/10/04 13:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\Canon
[2010/03/20 21:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1
[2011/01/23 16:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\CometPlayer
[2006/12/19 07:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\G-Force
[2009/08/02 23:53:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\GARMIN
[2008/12/28 13:35:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\Genie-soft
[2010/03/13 09:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\GlarySoft
[2011/06/17 22:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\HDRsoft
[2011/03/12 15:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\IObit
[2008/04/14 19:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\JCreator
[2005/07/25 21:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\Leadertech
[2008/07/27 12:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\LimeWire
[2008/05/24 00:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\Memeo
[2008/02/29 22:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\NCH Swift Sound
[2010/05/16 10:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\Nikon
[2005/07/26 00:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\Otto
[2010/08/15 11:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\Publish Providers
[2005/12/10 21:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\Simple Star
[2008/10/06 22:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\SmartDraw
[2008/04/05 12:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\Snapfish
[2010/08/20 06:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\Sony
[2006/12/16 09:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\SoundSpectrum
[2011/05/10 22:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\TeamViewer
[2008/12/22 19:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\Thinstall
[2010/05/21 08:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\Thunderbird
[2011/01/23 16:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\tigerplayer
[2007/01/27 20:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\Viewpoint
[2010/12/12 11:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\WeatherBug
[2012/01/01 22:53:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012/01/23 19:40:06 | 000,000,330 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2012/01/23 19:40:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag_Startup.job

========== Purity Check ==========

< End of report >

Attached Files

OTL.Txt 117.33KB 61 downloads
ComboFix.txt 26.23KB 82 downloads
aswMBR.txt 4.86KB 75 downloads

#9
Essexboy

Posted 24 January 2012 - 02:11 PM

GeekU Moderator

Retired Staff
69,964 posts

ComboFix 12-01-23.02 - Gitarman 01/23/2012 20:44:51.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1568 [GMT -8:00]
Running from: c:\documents and settings\Sherman\Desktop\ComboFix.exe
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Mee-Kyung\Application Data\Mozilla\Firefox\Profiles\r3j8yc2l.default\extensions\{3e5cb8ed-d477-468f-bc46-8b0a710ba2b5}
c:\documents and settings\Mee-Kyung\Application Data\Mozilla\Firefox\Profiles\r3j8yc2l.default\extensions\{3e5cb8ed-d477-468f-bc46-8b0a710ba2b5}\chrome.manifest
c:\documents and settings\Mee-Kyung\Application Data\Mozilla\Firefox\Profiles\r3j8yc2l.default\extensions\{3e5cb8ed-d477-468f-bc46-8b0a710ba2b5}\chrome\xulcache.jar
c:\documents and settings\Mee-Kyung\Application Data\Mozilla\Firefox\Profiles\r3j8yc2l.default\extensions\{3e5cb8ed-d477-468f-bc46-8b0a710ba2b5}\defaults\preferences\xulcache.js
c:\documents and settings\Mee-Kyung\Application Data\Mozilla\Firefox\Profiles\r3j8yc2l.default\extensions\{3e5cb8ed-d477-468f-bc46-8b0a710ba2b5}\install.rdf
c:\documents and settings\Rich\Application Data\Mozilla\Firefox\Profiles\at45k5fa.default\extensions\{3e5cb8ed-d477-468f-bc46-8b0a710ba2b5}
c:\documents and settings\Rich\Application Data\Mozilla\Firefox\Profiles\at45k5fa.default\extensions\{3e5cb8ed-d477-468f-bc46-8b0a710ba2b5}\chrome.manifest
c:\documents and settings\Rich\Application Data\Mozilla\Firefox\Profiles\at45k5fa.default\extensions\{3e5cb8ed-d477-468f-bc46-8b0a710ba2b5}\chrome\xulcache.jar
c:\documents and settings\Rich\Application Data\Mozilla\Firefox\Profiles\at45k5fa.default\extensions\{3e5cb8ed-d477-468f-bc46-8b0a710ba2b5}\defaults\preferences\xulcache.js
c:\documents and settings\Rich\Application Data\Mozilla\Firefox\Profiles\at45k5fa.default\extensions\{3e5cb8ed-d477-468f-bc46-8b0a710ba2b5}\install.rdf
c:\documents and settings\Sherman\Application Data\Mozilla\Firefox\Profiles\ln0itgw4.default\extensions\{3e5cb8ed-d477-468f-bc46-8b0a710ba2b5}
c:\documents and settings\Sherman\Application Data\Mozilla\Firefox\Profiles\ln0itgw4.default\extensions\{3e5cb8ed-d477-468f-bc46-8b0a710ba2b5}\chrome.manifest
c:\documents and settings\Sherman\Application Data\Mozilla\Firefox\Profiles\ln0itgw4.default\extensions\{3e5cb8ed-d477-468f-bc46-8b0a710ba2b5}\chrome\xulcache.jar
c:\documents and settings\Sherman\Application Data\Mozilla\Firefox\Profiles\ln0itgw4.default\extensions\{3e5cb8ed-d477-468f-bc46-8b0a710ba2b5}\defaults\preferences\xulcache.js
c:\documents and settings\Sherman\Application Data\Mozilla\Firefox\Profiles\ln0itgw4.default\extensions\{3e5cb8ed-d477-468f-bc46-8b0a710ba2b5}\install.rdf
c:\documents and settings\Sherman\gachmdvdvu.tmp
c:\documents and settings\Sherman\GoToAssistDownloadHelper.exe
c:\documents and settings\Sherman\System
c:\documents and settings\Sherman\System\win_qs8.jqx
c:\documents and settings\Sherman\WINDOWS
c:\windows\$NtUninstallKB30644$\2374614919
c:\windows\$NtUninstallKB30644$\3804665202\@
c:\windows\$NtUninstallKB30644$\3804665202\bckfg.tmp
c:\windows\$NtUninstallKB30644$\3804665202\cfg.ini
c:\windows\$NtUninstallKB30644$\3804665202\Desktop.ini
c:\windows\$NtUninstallKB30644$\3804665202\keywords
c:\windows\$NtUninstallKB30644$\3804665202\kwrd.dll
c:\windows\$NtUninstallKB30644$\3804665202\L\myamqqou
c:\windows\$NtUninstallKB30644$\3804665202\lsflt7.ver
c:\windows\$NtUninstallKB30644$\3804665202\U\00000001.@
c:\windows\$NtUninstallKB30644$\3804665202\U\00000002.@
c:\windows\$NtUninstallKB30644$\3804665202\U\00000004.@
c:\windows\$NtUninstallKB30644$\3804665202\U\80000000.@
c:\windows\$NtUninstallKB30644$\3804665202\U\80000004.@
c:\windows\$NtUninstallKB30644$\3804665202\U\80000032.@
c:\windows\system\Color
c:\windows\system32\logs
c:\windows\$NtUninstallKB30644$ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-12-24 to 2012-01-24 )))))))))))))))))))))))))))))))
.
.
2012-01-24 03:24 . 2012-01-24 03:24 -------- d-----w- C:\_OTL
2012-01-21 04:57 . 2012-01-21 04:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-21 04:57 . 2011-12-10 23:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-15 19:35 . 2012-01-15 19:35 -------- d-----w- c:\documents and settings\Sherman\Application Data\SUPERAntiSpyware.com
2012-01-15 19:34 . 2012-01-15 19:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-15 19:34 . 2012-01-15 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-01-04 01:01 . 2012-01-04 01:01 -------- d-----w- c:\documents and settings\Mee-Kyung\Application Data\Unity
2012-01-04 00:55 . 2012-01-04 00:55 -------- d-----w- c:\documents and settings\Mee-Kyung\Local Settings\Application Data\Unity
2012-01-03 16:22 . 2012-01-03 16:22 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 16:22 . 2012-01-03 16:22 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2012-01-02 17:19 . 2012-01-02 17:19 -------- d-----w- c:\documents and settings\Sherman\Local Settings\Application Data\PackageAware
2012-01-02 16:02 . 2012-01-02 16:02 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-02 16:02 . 2012-01-02 16:02 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-02 16:02 . 2012-01-02 16:02 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-02 16:02 . 2012-01-02 16:02 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2011-12-30 15:37 . 2011-12-30 15:38 -------- d-----w- c:\program files\iTunes
2011-12-30 15:30 . 2011-12-30 15:30 -------- d-----w- c:\program files\Safari
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 13:25 . 2004-08-19 20:49 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2004-08-19 20:49 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-19 20:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-19 20:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-19 20:49 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-19 20:49 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-19 20:49 33280 ----a-w- c:\windows\system32\csrsrv.dll
2006-02-05 23:50 . 2006-02-05 23:50 774144 ----a-w- c:\program files\RngInterstitial.dll
2012-01-02 16:02 . 2011-10-05 04:56 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-12 4583424]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 139264]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]
.
c:\documents and settings\Mee-Kyung\Start Menu\Programs\Startup\
ViiKiiDesktopPlugin.lnk - c:\program files\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe [N/A]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WNDA3100 Smart Wizard.lnk]
backup=c:\windows\pss\NETGEAR WNDA3100 Smart Wizard.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Sherman^Start Menu^Programs^Startup^Memeo AutoBackup Premium Launcher.lnk]
backup=c:\windows\pss\Memeo AutoBackup Premium Launcher.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 18:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-04 06:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-07-29 08:25 497648 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 21:19 53248 -c----w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-11-13 19:17 133104 -----tw- c:\documents and settings\Sherman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 09:41 49152 -c----w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanUpdate]
2008-01-16 18:03 77824 -c----w- c:\program files\Netgear Update Assistant\LANUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-05-28 15:27 570664 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEPCI]
2004-02-03 22:13 49152 -c--a-w- c:\progra~1\Pinnacle\PPE\PPE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 22:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StxTrayMenu]
2007-01-04 19:56 187496 ----a-w- c:\program files\Seagate\SystemTray\StxMenuMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-17 04:16 68856 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
"MyGarminAgent"=c:\program files\Garmin\MyGarminAgent.exe
"Corel File Shell Monitor"=c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"LWS"=c:\program files\Logitech\LWS\Webcam Software\LWS.exe -hide
"Nikon Transfer Monitor"=c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe
"IntelMeM"=c:\program files\Intel\Modem Event Monitor\IntelMEM.exe
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"UserFaultCheck"=%systemroot%\system32\dumprep 0 -u
"PinnacleDriverCheck"=c:\windows\system32\PSDrvCheck.exe -CheckReg
"UpdReg"=c:\windows\UpdReg.EXE
"AcronisTimounterMonitor"=c:\program files\Seagate\DiscWizard\TimounterMonitor.exe
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe"
"DiscWizardMonitor.exe"=c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe
"ehTray"=c:\windows\ehome\ehtray.exe
"CTHelper"=CTHELPER.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Sherman\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Sherman\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10363:TCP"= 10363:TCP:BitComet 10363 TCP
"10363:UDP"= 10363:UDP:BitComet 10363 UDP
"21400:TCP"= 21400:TCP:BitComet 21400 TCP
"21400:UDP"= 21400:UDP:BitComet 21400 UDP
"24607:TCP"= 24607:TCP:BitComet 24607 TCP
"24607:UDP"= 24607:UDP:BitComet 24607 UDP
"22199:TCP"= 22199:TCP:BitComet 22199 TCP
"22199:UDP"= 22199:UDP:BitComet 22199 UDP
"9792:TCP"= 9792:TCP:BitComet 9792 TCP
"9792:UDP"= 9792:UDP:BitComet 9792 UDP
"26840:TCP"= 26840:TCP:BitComet 26840 TCP
"26840:UDP"= 26840:UDP:BitComet 26840 UDP
"20885:TCP"= 20885:TCP:BitComet 20885 TCP
"20885:UDP"= 20885:UDP:BitComet 20885 UDP
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [4/9/2011 10:32 AM 13496]
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [7/30/2005 11:21 AM 6097]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\symds.sys [5/25/2011 11:08 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\symefa.sys [5/25/2011 11:08 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111223.001\BHDrvx86.sys [11/30/2011 6:25 PM 820344]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 8:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 1:55 PM 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\ironx86.sys [5/25/2011 11:08 PM 136312]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 3:38 PM 116608]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/20/2012 8:57 PM 652872]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe [5/25/2011 11:08 PM 130008]
R2 NkPtpEnumWT3;NkPtpEnumWT3;c:\program files\Nikon\WT-4 Setup Utility\NkPtpEnum.exe [1/18/2008 5:02 PM 69632]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [6/24/2008 6:56 PM 431384]
R3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [5/14/2010 1:58 PM 20704]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/9/2011 7:43 PM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120119.006\IDSXpx86.sys [1/20/2012 12:38 PM 356280]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/20/2012 8:57 PM 20464]
R3 VBus;Virtual Bus;c:\windows\system32\drivers\NkVBus.sys [1/18/2008 5:02 PM 17824]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/1/2010 7:39 PM 135664]
S2 IcRecUsb;IC Recorder Driver;c:\windows\system32\drivers\IcRecUsb.sys [2/27/2009 8:20 PM 17432]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [3/28/2008 4:45 PM 16512]
S3 BEFCMU10V4XP;Linksys BEFCMU10 ver. 4 Cable Modem;c:\windows\system32\drivers\BEFCMU10V4XP.sys [2/4/2006 10:43 PM 14336]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 11:10 AM 17149]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/1/2010 7:39 PM 135664]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [7/30/2005 11:21 AM 299923]
S3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WNDA31.sys [1/17/2008 4:34 PM 418304]
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-17 c:\windows\Tasks\AdobeAAMUpdater-1.0-UBANGIE-Sherman.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-29 08:25]
.
2011-12-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-01-24 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\GU pro\Glary Utilities\initialize.exe [2010-07-24 16:26]
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 03:39]
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 03:39]
.
2012-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2195040411-3469293690-431585837-1006Core.job
- c:\documents and settings\Sherman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-13 19:17]
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2195040411-3469293690-431585837-1006UA.job
- c:\documents and settings\Sherman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-13 19:17]
.
2012-01-24 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-03-12 01:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.atcomet.com/m/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.msn.com
mWindow Title = Microsoft Internet Explorer presented by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MSO07\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Voice Editing Launcher - c:\program files\Panasonic\Voice Editing\VEd1_IEMenu.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Sherman\Application Data\Mozilla\Firefox\Profiles\ln0itgw4.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-Corel File Shell Monitor - c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
MSConfigStartUp-Corel Photo Downloader - c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-23 21:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2195040411-3469293690-431585837-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E81CD6BD-C080-651F-A813-60EED773A79A}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaknbapammmabddndo"=hex:6a,61,6d,6d,6e,63,63,6a,68,62,64,69,70,67,6e,66,6a,6c,
6f,6d,00,01
"haemhafniimlfjln"=hex:6a,61,6c,6d,65,62,62,70,68,6a,67,6d,6e,6b,63,6d,6c,6e,
64,65,00,01
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1116)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(1184)
c:\windows\system32\WININET.dll
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'explorer.exe'(2112)
c:\windows\system32\WININET.dll
c:\windows\system32\logishrd\LVPrcInj01.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\CTsvcCDA.EXE
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PSIService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-01-23 21:15:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-24 05:15
.
Pre-Run: 241,044,631,552 bytes free
Post-Run: 241,139,384,320 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 4CCBC4C3879AE5A26BDDDEC5EE73E4B7

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-22 16:35:06
-----------------------------
16:35:06.609 OS Version: Windows 5.1.2600 Service Pack 3
16:35:06.609 Number of processors: 2 586 0x404
16:35:06.609 ComputerName: UBANGIE UserName:
16:35:07.687 Initialize success
16:36:44.546 AVAST engine defs: 12012201
16:37:02.046 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:37:02.046 Disk 0 Vendor: Intel___ 1.0. Size: 305171MB BusType: 3
16:37:02.062 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-0
16:37:02.062 Disk 1 Vendor: ST310005 CC3E Size: 953869MB BusType: 3
16:37:02.078 Disk 0 MBR read successfully
16:37:02.078 Disk 0 MBR scan
16:37:02.109 Disk 0 MBR:Pihar-C [Rtk]
16:37:02.109 Disk 0 TDL4@MBR code has been found
16:37:02.125 Disk 0 Windows XP default MBR code found via API
16:37:02.125 Disk 0 MBR hidden
16:37:02.140 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 39 MB offset 63
16:37:02.156 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 305125 MB offset 80325
16:37:02.171 Disk 0 MBR [TDL4] **ROOTKIT**
16:37:02.187 Disk 0 trace - called modules:
16:37:02.203 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xabbf5ff0]<<
16:37:02.203 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a743ab8]
16:37:02.218 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x88ac5190]
16:37:02.234 \Driver\00001563[0x88aec760] -> IRP_MJ_CREATE -> 0xabbf5ff0
16:37:03.171 AVAST engine scan C:\WINDOWS
16:37:13.562 AVAST engine scan C:\WINDOWS\system32
16:39:12.875 AVAST engine scan C:\WINDOWS\system32\drivers
16:39:23.718 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Smadow [Rtk]
16:39:31.796 AVAST engine scan C:\Documents and Settings\Sherman
16:54:33.734 AVAST engine scan C:\Documents and Settings\All Users
16:57:30.250 Scan finished successfully
17:02:09.562 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Sherman\My Documents\OTL\MBR.dat"
17:02:09.578 The log file has been saved successfully to "C:\Documents and Settings\Sherman\My Documents\OTL\aswMBR.txt"

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-23 21:18:23
-----------------------------
21:18:23.796 OS Version: Windows 5.1.2600 Service Pack 3
21:18:23.796 Number of processors: 2 586 0x404
21:18:23.796 ComputerName: UBANGIE UserName:
21:18:25.171 Initialize success
21:37:34.828 AVAST engine defs: 12012301
21:52:22.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:52:22.890 Disk 0 Vendor: Intel___ 1.0. Size: 305171MB BusType: 3
21:52:22.906 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-0
21:52:22.906 Disk 1 Vendor: ST310005 CC3E Size: 953869MB BusType: 3
21:52:22.906 Disk 0 MBR read successfully
21:52:22.921 Disk 0 MBR scan
21:52:23.000 Disk 0 MBR:Pihar-C [Rtk]
21:52:23.015 Disk 0 TDL4@MBR code has been found
21:52:23.015 Disk 0 Windows XP default MBR code found via API
21:52:23.031 Disk 0 MBR hidden
21:52:23.031 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 39 MB offset 63
21:52:23.062 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 305125 MB offset 80325
21:52:23.078 Disk 0 MBR [TDL4] **ROOTKIT**
21:52:23.078 Disk 0 trace - called modules:
21:52:23.093 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x894be49f]<<
21:52:23.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a745ab8]
21:52:23.125 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x8959af18]
21:52:23.125 \Driver\iastor[0x8960c030] -> IRP_MJ_CREATE -> 0x894be49f
21:52:24.984 AVAST engine scan C:\WINDOWS
21:52:34.484 AVAST engine scan C:\WINDOWS\system32
21:54:31.781 AVAST engine scan C:\WINDOWS\system32\drivers
21:54:38.953 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Smadow [Rtk]
21:54:46.875 AVAST engine scan C:\Documents and Settings\Sherman
22:06:43.828 AVAST engine scan C:\Documents and Settings\All Users
22:10:15.359 Scan finished successfully
22:36:00.093 Disk 0 MBR read successfully
22:36:00.109 Disk 0 MBR:Pihar-C [Rtk]
22:36:00.109 Disk 0 TDL4@MBR code has been found
22:36:00.125 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 39 MB offset 63
22:36:00.156 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 305125 MB offset 80325
22:36:00.171 Disk 0 fixing MBR ...
22:36:00.187 Disk 0 MBR restored successfully
22:36:00.203 Verifying disinfection
22:36:10.250 Infection fixed successfully - please reboot ASAP
22:36:33.218 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Sherman\My Documents\OTL\MBR.dat"
22:36:33.281 The log file has been saved successfully to "C:\Documents and Settings\Sherman\My Documents\OTL\aswMBR.txt"

#10
Essexboy

Posted 24 January 2012 - 02:15 PM

GeekU Moderator

Retired Staff
69,964 posts

One stubborn one to remove - Could you let me know of any outstanding problems once these runs are complete

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\windows\$NtUninstallKB30644$

Save this as CFScript.txt, in the same location as ComboFix.exe
Posted Image

Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

THEN

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

#11
gitarman

Posted 24 January 2012 - 11:20 PM

Member

Topic Starter
Member
10 posts

Hi,

Here's the log after running ComboFix:

ComboFix 12-01-23.02 - Gitarman 01/24/2012 20:23:02.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1597 [GMT -8:00]
Running from: c:\documents and settings\Sherman\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Sherman\Desktop\CFScript.txt
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB30644$
.
.
((((((((((((((((((((((((( Files Created from 2011-12-25 to 2012-01-25 )))))))))))))))))))))))))))))))
.
.
2012-01-25 04:24 . 2012-01-25 04:24 -------- d-----w- c:\windows\LastGood
2012-01-25 03:19 . 2011-03-31 03:04 44024 ----a-r- c:\windows\system32\drivers\SymIM.sys
2012-01-24 03:24 . 2012-01-24 03:24 -------- d-----w- C:\_OTL
2012-01-21 04:57 . 2012-01-21 04:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-21 04:57 . 2011-12-10 23:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-15 19:35 . 2012-01-15 19:35 -------- d-----w- c:\documents and settings\Sherman\Application Data\SUPERAntiSpyware.com
2012-01-15 19:34 . 2012-01-15 19:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-15 19:34 . 2012-01-15 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-01-04 01:01 . 2012-01-04 01:01 -------- d-----w- c:\documents and settings\Mee-Kyung\Application Data\Unity
2012-01-04 00:55 . 2012-01-04 00:55 -------- d-----w- c:\documents and settings\Mee-Kyung\Local Settings\Application Data\Unity
2012-01-03 16:22 . 2012-01-03 16:22 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 16:22 . 2012-01-03 16:22 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2012-01-02 17:19 . 2012-01-02 17:19 -------- d-----w- c:\documents and settings\Sherman\Local Settings\Application Data\PackageAware
2012-01-02 16:02 . 2012-01-02 16:02 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-02 16:02 . 2012-01-02 16:02 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-02 16:02 . 2012-01-02 16:02 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-02 16:02 . 2012-01-02 16:02 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2011-12-30 15:37 . 2011-12-30 15:38 -------- d-----w- c:\program files\iTunes
2011-12-30 15:30 . 2011-12-30 15:30 -------- d-----w- c:\program files\Safari
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2004-08-19 20:49 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-19 20:49 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-08-19 20:49 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-04 19:20 . 2004-08-19 20:49 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-19 20:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-19 20:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-19 20:49 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2004-08-19 20:49 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2004-08-19 20:49 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-08-19 20:49 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-19 20:49 33280 ----a-w- c:\windows\system32\csrsrv.dll
2006-02-05 23:50 . 2006-02-05 23:50 774144 ----a-w- c:\program files\RngInterstitial.dll
2012-01-02 16:02 . 2011-10-05 04:56 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-24_05.06.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-25 04:26 . 2012-01-25 04:26 16384 c:\windows\Temp\Perflib_Perfdata_8c8.dat
+ 2012-01-25 04:22 . 2012-01-25 04:22 16384 c:\windows\Temp\Perflib_Perfdata_230.dat
+ 2010-08-15 02:43 . 2010-07-05 13:15 17272 c:\windows\system32\spmsg.dll
- 2010-08-15 02:43 . 2010-12-21 19:36 17272 c:\windows\system32\spmsg.dll
+ 2004-08-19 20:49 . 2011-10-14 14:47 23040 c:\windows\system32\mciseq.dll
- 2004-08-19 20:49 . 2008-04-14 00:11 23040 c:\windows\system32\mciseq.dll
+ 2004-08-19 20:49 . 2011-11-18 12:35 60416 c:\windows\system32\dllcache\packager.exe
+ 2004-08-19 20:49 . 2011-10-14 14:47 23040 c:\windows\system32\dllcache\mciseq.dll
- 2004-08-19 20:49 . 2008-04-14 00:11 23040 c:\windows\system32\dllcache\mciseq.dll
- 2012-01-11 19:47 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\aed4d56139363b579c1082a39bd5dcdd\update\spcustom.dll
- 2012-01-11 19:47 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\aed4d56139363b579c1082a39bd5dcdd\spmsg.dll
- 2012-01-11 19:49 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501\update\spcustom.dll
- 2012-01-11 19:49 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501\spmsg.dll
- 2012-01-11 19:49 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\update\spcustom.dll
- 2012-01-11 19:49 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\spmsg.dll
- 2012-01-11 19:49 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\0a47b0a335f7de65c0ff4dcc7f2debf1\update\spcustom.dll
- 2012-01-11 19:49 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\0a47b0a335f7de65c0ff4dcc7f2debf1\spmsg.dll
- 2004-08-19 20:49 . 2008-04-14 00:12 176128 c:\windows\system32\winmm.dll
+ 2004-08-19 20:49 . 2011-10-14 14:47 176128 c:\windows\system32\winmm.dll
+ 2010-06-18 17:45 . 2011-11-25 21:57 293376 c:\windows\system32\dllcache\winsrv.dll
- 2010-06-18 17:45 . 2011-06-20 17:44 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2011-10-14 14:47 . 2011-10-14 14:47 176128 c:\windows\system32\dllcache\winmm.dll
+ 2011-11-03 15:28 . 2011-11-03 15:28 386048 c:\windows\system32\dllcache\qdvd.dll
- 2012-01-11 19:47 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\aed4d56139363b579c1082a39bd5dcdd\update\updspapi.dll
- 2012-01-11 19:47 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\aed4d56139363b579c1082a39bd5dcdd\update\update.exe
- 2012-01-11 19:47 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\aed4d56139363b579c1082a39bd5dcdd\spuninst.exe
- 2012-01-11 19:49 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501\update\updspapi.dll
- 2012-01-11 19:49 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501\update\update.exe
- 2012-01-11 19:49 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501\spuninst.exe
- 2012-01-11 19:49 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\update\updspapi.dll
- 2012-01-11 19:49 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\update\update.exe
- 2012-01-11 19:49 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\spuninst.exe
- 2012-01-11 19:49 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\0a47b0a335f7de65c0ff4dcc7f2debf1\update\updspapi.dll
- 2012-01-11 19:49 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\0a47b0a335f7de65c0ff4dcc7f2debf1\update\update.exe
- 2012-01-11 19:49 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\0a47b0a335f7de65c0ff4dcc7f2debf1\spuninst.exe
+ 2005-08-05 20:06 . 2011-11-02 17:25 107008 c:\windows\ehome\mstvcapn.dll
+ 2008-05-07 05:12 . 2011-11-03 15:28 1292288 c:\windows\system32\dllcache\quartz.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-12 4583424]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 139264]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]
.
c:\documents and settings\Mee-Kyung\Start Menu\Programs\Startup\
ViiKiiDesktopPlugin.lnk - c:\program files\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe [N/A]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WNDA3100 Smart Wizard.lnk]
backup=c:\windows\pss\NETGEAR WNDA3100 Smart Wizard.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Sherman^Start Menu^Programs^Startup^Memeo AutoBackup Premium Launcher.lnk]
backup=c:\windows\pss\Memeo AutoBackup Premium Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 18:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-04 06:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-07-29 08:25 497648 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 21:19 53248 -c----w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-11-13 19:17 133104 -----tw- c:\documents and settings\Sherman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 09:41 49152 -c----w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanUpdate]
2008-01-16 18:03 77824 -c----w- c:\program files\Netgear Update Assistant\LANUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-05-28 15:27 570664 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEPCI]
2004-02-03 22:13 49152 -c--a-w- c:\progra~1\Pinnacle\PPE\PPE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 22:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StxTrayMenu]
2007-01-04 19:56 187496 ----a-w- c:\program files\Seagate\SystemTray\StxMenuMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-17 04:16 68856 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
"MyGarminAgent"=c:\program files\Garmin\MyGarminAgent.exe
"Corel File Shell Monitor"=c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"LWS"=c:\program files\Logitech\LWS\Webcam Software\LWS.exe -hide
"Nikon Transfer Monitor"=c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe
"IntelMeM"=c:\program files\Intel\Modem Event Monitor\IntelMEM.exe
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"UserFaultCheck"=%systemroot%\system32\dumprep 0 -u
"PinnacleDriverCheck"=c:\windows\system32\PSDrvCheck.exe -CheckReg
"UpdReg"=c:\windows\UpdReg.EXE
"AcronisTimounterMonitor"=c:\program files\Seagate\DiscWizard\TimounterMonitor.exe
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe"
"DiscWizardMonitor.exe"=c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe
"ehTray"=c:\windows\ehome\ehtray.exe
"CTHelper"=CTHELPER.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Sherman\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Sherman\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10363:TCP"= 10363:TCP:BitComet 10363 TCP
"10363:UDP"= 10363:UDP:BitComet 10363 UDP
"21400:TCP"= 21400:TCP:BitComet 21400 TCP
"21400:UDP"= 21400:UDP:BitComet 21400 UDP
"24607:TCP"= 24607:TCP:BitComet 24607 TCP
"24607:UDP"= 24607:UDP:BitComet 24607 UDP
"22199:TCP"= 22199:TCP:BitComet 22199 TCP
"22199:UDP"= 22199:UDP:BitComet 22199 UDP
"9792:TCP"= 9792:TCP:BitComet 9792 TCP
"9792:UDP"= 9792:UDP:BitComet 9792 UDP
"26840:TCP"= 26840:TCP:BitComet 26840 TCP
"26840:UDP"= 26840:UDP:BitComet 26840 UDP
"20885:TCP"= 20885:TCP:BitComet 20885 TCP
"20885:UDP"= 20885:UDP:BitComet 20885 UDP
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [4/9/2011 10:32 AM 13496]
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [7/30/2005 11:21 AM 6097]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\symds.sys [5/25/2011 11:08 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\symefa.sys [5/25/2011 11:08 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120121.002\BHDrvx86.sys [1/23/2012 10:40 PM 820344]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 8:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 1:55 PM 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\ironx86.sys [5/25/2011 11:08 PM 136312]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 3:38 PM 116608]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/20/2012 8:57 PM 652872]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe [5/25/2011 11:08 PM 130008]
R2 NkPtpEnumWT3;NkPtpEnumWT3;c:\program files\Nikon\WT-4 Setup Utility\NkPtpEnum.exe [1/18/2008 5:02 PM 69632]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [6/24/2008 6:56 PM 431384]
R3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [5/14/2010 1:58 PM 20704]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/9/2011 7:43 PM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120124.002\IDSXpx86.sys [8/10/2011 10:56 AM 356280]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/20/2012 8:57 PM 20464]
R3 VBus;Virtual Bus;c:\windows\system32\drivers\NkVBus.sys [1/18/2008 5:02 PM 17824]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/1/2010 7:39 PM 135664]
S2 IcRecUsb;IC Recorder Driver;c:\windows\system32\drivers\IcRecUsb.sys [2/27/2009 8:20 PM 17432]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [3/28/2008 4:45 PM 16512]
S3 BEFCMU10V4XP;Linksys BEFCMU10 ver. 4 Cable Modem;c:\windows\system32\drivers\BEFCMU10V4XP.sys [2/4/2006 10:43 PM 14336]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 11:10 AM 17149]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/1/2010 7:39 PM 135664]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [7/30/2005 11:21 AM 299923]
S3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WNDA31.sys [1/17/2008 4:34 PM 418304]
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-17 c:\windows\Tasks\AdobeAAMUpdater-1.0-UBANGIE-Sherman.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-07-29 08:25]
.
2011-12-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-01-25 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\GU pro\Glary Utilities\initialize.exe [2010-07-24 16:26]
.
2012-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 03:39]
.
2012-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 03:39]
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2195040411-3469293690-431585837-1006Core.job
- c:\documents and settings\Sherman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-13 19:17]
.
2012-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2195040411-3469293690-431585837-1006UA.job
- c:\documents and settings\Sherman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-13 19:17]
.
2012-01-25 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-03-12 01:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.atcomet.com/m/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.msn.com
mWindow Title = Microsoft Internet Explorer presented by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MSO07\Office12\EXCEL.EXE/3000
IE: Voice Editing Launcher - c:\program files\Panasonic\Voice Editing\VEd1_IEMenu.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Sherman\Application Data\Mozilla\Firefox\Profiles\ln0itgw4.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-Run-dplaysvr - c:\documents and settings\Sherman\Application Data\dplaysvr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-24 20:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2195040411-3469293690-431585837-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E81CD6BD-C080-651F-A813-60EED773A79A}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaknbapammmabddndo"=hex:6a,61,6d,6d,6e,63,63,6a,68,62,64,69,70,67,6e,66,6a,6c,
6f,6d,00,01
"haemhafniimlfjln"=hex:6a,61,6c,6d,65,62,62,70,68,6a,67,6d,6e,6b,63,6d,6c,6e,
64,65,00,01
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1372)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(1436)
c:\windows\system32\relog_ap.dll
.
Completion time: 2012-01-24 20:35:04
ComboFix-quarantined-files.txt 2012-01-25 04:35
ComboFix2.txt 2012-01-24 05:15
.
Pre-Run: 247,706,476,544 bytes free
Post-Run: 247,959,420,928 bytes free
.
- - End Of File - - C0FB25906809DCE022E12D8422DEFB15

I ran MBAM and it found no malicious items. Here's the log that opened automatically in Notepad immediately after MBAM completed the Quick Scan:

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.25.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Gitarman :: UBANGIE [administrator]

1/24/2012 8:43:23 PM
mbam-log-2012-01-24 (20-43-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 249686
Time elapsed: 4 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Here's the log created by MBAM which I viewed by clicking the Logs tab in MBAM:

2012/01/24 14:50:57 -0800 UBANGIE Mee-Kyung MESSAGE Executing scheduled update: Daily
2012/01/24 14:51:13 -0800 UBANGIE Mee-Kyung MESSAGE Scheduled update executed successfully: database updated from version v2012.01.24.02 to version v2012.01.24.05
2012/01/24 14:51:24 -0800 UBANGIE Mee-Kyung MESSAGE Starting protection
2012/01/24 14:51:34 -0800 UBANGIE Mee-Kyung MESSAGE Protection started successfully
2012/01/24 14:51:37 -0800 UBANGIE Mee-Kyung MESSAGE Starting IP protection
2012/01/24 14:51:38 -0800 UBANGIE Mee-Kyung MESSAGE IP Protection started successfully
2012/01/24 14:51:38 -0800 UBANGIE Mee-Kyung MESSAGE Starting database refresh
2012/01/24 14:51:38 -0800 UBANGIE Mee-Kyung MESSAGE Stopping IP protection
2012/01/24 14:51:38 -0800 UBANGIE Mee-Kyung MESSAGE IP Protection stopped
2012/01/24 14:51:46 -0800 UBANGIE Mee-Kyung MESSAGE Database refreshed successfully
2012/01/24 14:51:46 -0800 UBANGIE Mee-Kyung MESSAGE Starting IP protection
2012/01/24 14:51:48 -0800 UBANGIE Mee-Kyung MESSAGE IP Protection started successfully
2012/01/24 14:52:14 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 14:52:15 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 14:52:18 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 14:52:18 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 14:52:24 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 14:52:54 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 14:52:54 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 14:52:57 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 14:52:57 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 14:53:03 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 14:53:03 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 14:53:27 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 14:53:27 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 14:53:29 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 14:53:29 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 14:53:30 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 14:53:30 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 14:53:32 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 14:53:32 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 14:53:36 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 14:53:36 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 14:53:38 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 14:53:38 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 14:54:22 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 14:54:26 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 14:54:32 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 14:56:54 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 14:56:57 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 14:57:21 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 14:57:21 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 14:57:24 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 14:57:24 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 14:57:30 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 14:57:30 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 18:45:19 -0800 UBANGIE Mee-Kyung MESSAGE Starting protection
2012/01/24 18:45:31 -0800 UBANGIE Mee-Kyung MESSAGE Protection started successfully
2012/01/24 18:45:34 -0800 UBANGIE Mee-Kyung MESSAGE Starting IP protection
2012/01/24 18:45:35 -0800 UBANGIE Mee-Kyung MESSAGE IP Protection started successfully
2012/01/24 18:45:51 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 18:45:51 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 18:45:54 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 18:45:54 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 18:46:00 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 18:46:00 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 18:47:21 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 18:47:21 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 18:47:24 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 18:47:24 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 18:48:33 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 18:48:34 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 18:48:36 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 18:48:36 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 18:48:42 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 18:48:42 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 18:48:57 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 18:48:58 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 18:49:00 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 18:49:01 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 18:49:06 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 18:49:07 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 18:54:31 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 18:54:31 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 18:54:34 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 18:54:34 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 18:54:40 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 18:54:40 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 19:03:44 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 19:03:44 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 19:03:47 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 19:03:47 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 19:03:53 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 19:03:53 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 19:04:27 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 19:04:27 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 19:04:29 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 19:04:30 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 19:04:35 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 19:04:36 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 19:06:25 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 19:06:25 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 19:06:28 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 19:06:28 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 19:06:34 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 19:06:34 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 19:06:46 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 19:06:49 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 19:06:55 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 19:12:43 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 19:12:43 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 19:12:46 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 19:12:46 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 19:12:52 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 19:12:52 -0800 UBANGIE Mee-Kyung IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 19:14:04 -0800 UBANGIE Gitarman IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 19:14:05 -0800 UBANGIE Gitarman IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 19:14:07 -0800 UBANGIE Gitarman IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 19:14:08 -0800 UBANGIE Gitarman IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 19:14:13 -0800 UBANGIE Gitarman IP-BLOCK 94.63.240.121 (Type: outgoing)
2012/01/24 19:14:14 -0800 UBANGIE Gitarman IP-BLOCK 94.63.240.121 (Type: outgoing)

System seems to be running smoothly, so far. After I turned back on my Norton Security Suite, I'm no longer getting the popup with "System Infected: Tidserv Activity 2". Does that mean all is fine now? Please let me know if I need to do anything else or if we're now done.

Thanks a million!

#12
gitarman

Posted 24 January 2012 - 11:43 PM

Member

Topic Starter
Member
10 posts

I forgot to mention that I seem to be having problems going to Google on both Firefox and IE (started noticing this earlier today). This must have started after I ran the ComboFix last night. I can go to any other websites though. Have any idea what's causing this?

Thanks.

#13
Essexboy

Posted 25 January 2012 - 01:34 PM

GeekU Moderator

Retired Staff
69,964 posts

What sort of problems - are they redirects or just unable to get there ?

Run OTL.
Select All Users
Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
/md5stop
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
C:\Windows\assembly\tmp\U\*.* /s
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs

#14
gitarman

Posted 25 January 2012 - 08:39 PM

Member

Topic Starter
Member
10 posts

Hi,

It tries to connect but times out and displays:

The connection has timed out

The server at www.google.com is taking too long to respond.

The site could be temporarily unavailable or too busy. Try again in a few
moments.
If you are unable to load any pages, check your computer's network
connection.
If your computer or network is protected by a firewall or proxy, make sure
that Firefox is permitted to access the Web.

I ran OTL and here's the OTL.txt log:
OTL logfile created on: 1/25/2012 6:27:42 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Sherman\My Documents\OTL
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.47% Memory free
4.84 Gb Paging File | 4.30 Gb Available in Paging File | 88.88% Paging File free
Paging file location(s): C:\pagefile.sys 3069 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 297.97 Gb Total Space | 230.87 Gb Free Space | 77.48% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 602.14 Gb Free Space | 64.64% Space Free | Partition Type: NTFS

Computer Name: UBANGIE | User Name: Gitarman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/22 13:43:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sherman\My Documents\OTL\OTL.exe
PRC - [2012/01/02 08:02:53 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/11 15:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/04/16 16:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe
PRC - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/06/24 18:56:38 | 000,431,384 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/18 17:02:08 | 000,069,632 | ---- | M] (Nikon Corporation) -- C:\Program Files\Nikon\WT-4 Setup Utility\NkPtpEnum.exe
PRC - [2007/11/12 17:19:44 | 000,467,028 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2006/03/03 20:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/04/25 05:50:08 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2005/04/25 05:49:52 | 000,086,142 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/02 08:02:52 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/03 07:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/08/20 07:29:20 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/04 16:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/13 16:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 16:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe

========== Win32 Services (SafeList) ==========

SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/11 15:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/16 16:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/06/24 18:56:38 | 000,431,384 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2008/01/18 17:02:08 | 000,069,632 | ---- | M] (Nikon Corporation) [Auto | Running] -- C:\Program Files\Nikon\WT-4 Setup Utility\NkPtpEnum.exe -- (NkPtpEnumWT3)
SRV - [2007/11/12 17:19:44 | 000,467,028 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/03/03 20:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/04/25 05:49:52 | 000,086,142 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel®

========== Driver Services (SafeList) ==========

DRV - [2012/01/23 23:57:40 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120124.008\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/01/23 23:57:40 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120124.008\NAVENG.SYS -- (NAVENG)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/30 18:25:03 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120121.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/09 19:43:16 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/11/09 19:43:15 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/08/10 10:56:25 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120124.002\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/07/22 08:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 13:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/25 23:09:00 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/30 19:04:12 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2011/03/30 19:04:12 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2011/03/30 19:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 19:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 16:39:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0501000.01D\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/03/14 18:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/02/23 16:04:32 | 000,013,496 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2011/01/26 22:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2010/11/15 17:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010/08/21 11:44:02 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/08/21 11:44:02 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010/08/21 11:43:57 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/08/21 11:43:53 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2010/05/14 14:04:02 | 006,842,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Pro Webcam C910(UVC)
DRV - [2010/05/14 14:02:48 | 000,066,528 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvselsus.sys -- (lvselsus)
DRV - [2010/05/14 14:02:26 | 000,276,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/05/14 13:58:58 | 000,020,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvbusflt.sys -- (CompFilter)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/04/13 10:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/02/09 14:31:53 | 000,026,112 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2008/01/18 17:02:14 | 000,017,824 | ---- | M] (Nikon Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NkVBus.sys -- (VBus)
DRV - [2008/01/17 16:34:34 | 000,418,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WNDA31.sys -- (WNDA3100)
DRV - [2007/11/22 10:21:32 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/09/28 13:09:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2006/11/02 00:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/02/05 16:06:27 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2005/03/25 13:42:56 | 000,132,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/08/12 17:40:50 | 000,904,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2004/08/06 19:29:14 | 000,006,656 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfModNT)
DRV - [2004/08/06 12:43:26 | 000,366,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2004/07/13 12:15:48 | 000,148,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2004/07/13 12:13:14 | 000,145,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2004/07/13 12:12:36 | 000,130,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/07/13 12:11:58 | 000,006,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2004/07/13 12:11:28 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2004/07/13 12:09:32 | 000,645,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2004/07/05 08:12:00 | 000,014,336 | R--- | M] (Cisco-Linksys, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BEFCMU10V4XP.sys -- (BEFCMU10V4XP)
DRV - [2004/06/16 00:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 01:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 01:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 01:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/12/04 10:33:20 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2k)
DRV - [2003/11/12 23:11:54 | 000,333,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/08/18 14:33:48 | 000,014,564 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PCLEPCI.sys -- (PCLEPCI)
DRV - [2003/07/24 11:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2002/11/08 16:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2002/07/17 07:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)
DRV - [2002/06/13 14:08:46 | 000,014,604 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001/11/05 08:23:52 | 000,299,923 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonyhcs.sys -- (sonyhcs)
DRV - [2001/11/05 08:23:14 | 000,006,097 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sonyhcb.sys -- (sonyhcb)
DRV - [2001/10/02 07:37:40 | 000,017,432 | ---- | M] (lecs Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\IcRecUsb.sys -- (IcRecUsb)
DRV - [2001/08/17 14:05:44 | 000,141,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Icam3.sys -- (ICAM3NT5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsof...obby/search.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 69 D4 64 00 5E D7 84 45 86 FE D4 B9 27 A4 2D EA [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 69 D4 64 00 5E D7 84 45 86 FE D4 B9 27 A4 2D EA [binary data]

IE - HKU\S-1-5-21-2195040411-3469293690-431585837-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsof...arch/search.asp
IE - HKU\S-1-5-21-2195040411-3469293690-431585837-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2195040411-3469293690-431585837-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2195040411-3469293690-431585837-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/m/
IE - HKU\S-1-5-21-2195040411-3469293690-431585837-1006\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2195040411-3469293690-431585837-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2195040411-3469293690-431585837-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2195040411-3469293690-431585837-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://google.com"
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..keyword.URL: "http://vshare.toolba...spx?srch=ku&q="
FF - prefs.js..network.proxy.type: 4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Sherman\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Sherman\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Sherman\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Sherman\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/01/24 20:09:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_4_3 [2012/01/25 18:26:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/02 08:02:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/21 10:09:19 | 000,000,000 | ---D | M]

[2010/05/21 08:16:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sherman\Application Data\Mozilla\Extensions
[2010/05/21 08:16:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sherman\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/07/29 09:48:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sherman\Application Data\Mozilla\Firefox\Profiles\ln0itgw4.default\extensions
[2010/09/10 20:30:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sherman\Application Data\Mozilla\Firefox\Profiles\ln0itgw4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/27 10:25:27 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Sherman\Application Data\Mozilla\Firefox\Profiles\ln0itgw4.default\extensions\[email protected]
[2010/10/17 10:31:47 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\Sherman\Application Data\Mozilla\Firefox\Profiles\ln0itgw4.default\searchplugins\web-search.xml
[2008/09/01 07:33:47 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\Sherman\Application Data\Mozilla\Firefox\Profiles\ln0itgw4.default\searchplugins\winamp-search.xml
[2011/05/19 22:08:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/21 18:25:13 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/04/24 15:08:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/25 10:10:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2012/01/02 08:02:54 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/01/22 22:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/02 08:02:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/02 08:02:49 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/23 21:50:48 | 000,000,884 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 94.63.240.121 www.google.com
O1 - Hosts: 94.63.240.122 www.bing.com
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Mee-Kyung\Start Menu\Programs\Startup\ViiKiiDesktopPlugin.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2195040411-3469293690-431585837-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2195040411-3469293690-431585837-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2195040411-3469293690-431585837-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-2195040411-3469293690-431585837-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2195040411-3469293690-431585837-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MSO07\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Voice Editing Launcher - C:\Program Files\Panasonic\Voice Editing\VEd1_IEMenu.html ()
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} http://fpdownload2.m...ash/swflash.cab (Reg Error: Value error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,26/mcgdmgr.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{727D0E8D-82A2-4882-8E33-70AE93682D8B}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Sherman\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sherman\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (relog_ap) -C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/19 13:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/24 19:19:43 | 000,044,024 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2012/01/24 00:06:36 | 002,804,808 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Sherman\My Documents\NPE.exe
[2012/01/23 20:29:13 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/23 20:24:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/23 20:24:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/23 20:24:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/23 20:24:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/23 20:24:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/23 20:01:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/23 19:24:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/22 15:25:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sherman\My Documents\OTL
[2012/01/20 20:57:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/20 20:57:50 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/20 20:57:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/15 19:48:14 | 001,972,528 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Sherman\My Documents\tdsskiller.exe
[2012/01/15 11:35:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sherman\Application Data\SUPERAntiSpyware.com
[2012/01/15 11:35:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/01/15 11:34:57 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/01/15 11:34:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/01/15 10:58:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sherman\My Documents\PC Stuff
[2012/01/02 09:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sherman\Local Settings\Application Data\PackageAware
[2011/12/30 07:38:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/12/30 07:37:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/30 07:31:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/12/30 07:31:45 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/12/30 07:30:10 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2008/08/14 18:02:05 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
[2006/02/05 15:50:41 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2005/07/17 06:00:47 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE
[2005/07/17 06:00:46 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2012/01/25 18:33:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/25 18:25:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/25 18:25:32 | 000,007,330 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/01/25 18:25:23 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/25 18:25:23 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2012/01/25 18:25:23 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2012/01/25 18:25:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/25 14:57:38 | 000,033,120 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000003-00001102-00000004-20061102}.rfx
[2012/01/25 14:57:38 | 000,033,120 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000003-00001102-00000004-20061102}.rfx
[2012/01/25 14:57:38 | 000,032,088 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-00000003-00001102-00000004-20061102}.rfx
[2012/01/25 14:57:38 | 000,032,088 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-00000003-00001102-00000004-20061102}.rfx
[2012/01/25 14:57:38 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2012/01/25 14:57:38 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2012/01/25 14:57:38 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000005-00000000-00000003-00001102-00000004-20061102}.dat
[2012/01/25 14:57:38 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000003-00001102-00000004-20061102}.dat
[2012/01/24 23:21:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2195040411-3469293690-431585837-1006UA.job
[2012/01/24 23:17:26 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Sherman\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/01/24 22:45:41 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2012/01/24 00:24:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/24 00:06:37 | 002,804,808 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Sherman\My Documents\NPE.exe
[2012/01/23 22:21:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2195040411-3469293690-431585837-1006Core.job
[2012/01/23 21:50:48 | 000,000,884 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/23 21:09:58 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/23 20:29:21 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2012/01/22 17:36:10 | 000,000,108 | ---- | M] () -- C:\Documents and Settings\Sherman\default.pls
[2012/01/22 17:36:03 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/01/22 17:32:17 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2012/01/22 15:47:39 | 003,720,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/21 10:09:19 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/01/20 20:57:52 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Sherman\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/01/20 20:57:52 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/17 02:33:06 | 004,932,601 | ---- | M] () -- C:\WINDOWS\{00000005-00000000-00000003-00001102-00000004-20061102}.CDF
[2012/01/17 02:00:01 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-UBANGIE-Sherman.job
[2012/01/15 19:48:23 | 001,972,528 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Sherman\My Documents\tdsskiller.exe
[2012/01/15 13:59:30 | 000,001,690 | ---- | M] () -- C:\Documents and Settings\Sherman\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/13 07:58:42 | 000,445,798 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/13 07:58:42 | 000,073,004 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/08 11:44:01 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\Sherman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/08 11:41:03 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2012/01/08 11:26:59 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2012/01/01 16:04:48 | 000,007,204 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/12/30 07:51:24 | 000,088,168 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/12/30 07:38:43 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/12/30 07:29:51 | 000,001,152 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf

========== Files Created - No Company Name ==========

[2012/01/23 20:29:21 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2012/01/23 20:29:16 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/23 20:24:27 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/23 20:24:27 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/23 20:24:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/23 20:24:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/23 20:24:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/21 10:09:19 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/21 10:09:19 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/01/20 20:57:52 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Sherman\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/01/20 20:57:52 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/15 13:59:30 | 000,001,690 | ---- | C] () -- C:\Documents and Settings\Sherman\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/30 07:38:43 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/12/30 07:30:17 | 000,002,205 | ---- | C] () -- C:\Documents and Settings\Sherman\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/12/30 07:30:17 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/12/30 07:30:17 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2011/08/22 05:32:03 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/08/22 05:32:03 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/07/06 22:28:47 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\Sherman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/06 14:25:24 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Sherman\Local Settings\Application Data\fusioncache.dat
[2011/04/09 10:32:21 | 000,029,520 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/04/09 10:32:21 | 000,013,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2010/08/23 21:59:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/22 05:13:46 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/08/21 11:43:53 | 000,368,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\tdrpman.sys_backup
[2010/08/15 23:49:48 | 000,612,352 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/16 13:40:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2010/05/16 10:15:04 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Sampler Files
[2010/05/16 10:15:04 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Sherman\Application Data\Rock Kit
[2010/05/16 10:15:04 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdx.DAT
[2010/05/16 10:13:15 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Scripts Menu
[2010/05/16 10:13:15 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Sherman\Application Data\Sampler Instruments
[2010/05/16 10:13:14 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLeq.DAT
[2010/05/16 10:03:50 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Sampler Instruments
[2010/05/16 10:03:50 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Sherman\Application Data\Rule Actions
[2010/05/16 10:03:50 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010/05/16 10:02:12 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Sampler
[2010/05/16 10:02:12 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Sherman\Application Data\Rock
[2010/05/16 10:02:12 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/05/14 13:56:06 | 010,830,680 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/05/14 13:56:06 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/05/14 13:55:58 | 000,290,648 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/05/14 13:47:00 | 000,090,071 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/05/07 18:46:36 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2010/01/18 09:13:44 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/06/19 00:59:57 | 000,088,168 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/02/27 20:20:39 | 000,000,015 | ---- | C] () -- C:\WINDOWS\System32\Ve_pm.dll
[2009/02/27 20:20:39 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\Voicech.dll
[2009/01/24 08:31:00 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/12/27 22:03:29 | 000,000,098 | ---- | C] () -- C:\WINDOWS\pixcache.ini
[2008/08/14 18:02:04 | 000,748,167 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll
[2008/08/14 18:02:02 | 000,000,167 | ---- | C] () -- C:\WINDOWS\teensmrt.ini
[2008/01/05 17:05:42 | 000,001,778 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/11/12 17:13:20 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2007/11/04 14:35:43 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\059D3663D1.sys
[2007/10/06 13:37:41 | 000,000,425 | ---- | C] () -- C:\WINDOWS\dmwd.ini
[2007/09/16 10:48:36 | 000,007,204 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/09/16 10:48:36 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\898D76B5CB.sys
[2007/06/05 12:20:32 | 000,177,704 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2006/11/27 21:59:14 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2006/10/21 16:24:33 | 000,117,120 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2006/10/21 16:24:25 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/10/18 20:11:46 | 000,000,315 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2006/05/05 15:19:28 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2006/04/20 22:27:05 | 000,036,734 | ---- | C] () -- C:\WINDOWS\System32\OggDSuninst.exe
[2006/04/16 21:32:22 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\akrip32.dll
[2006/04/06 10:11:20 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/03/31 23:42:45 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/03/11 10:29:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\prestopm.INI
[2006/03/09 23:49:33 | 000,107,134 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2006/03/09 23:49:25 | 000,002,956 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/02/05 22:22:48 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2006/02/05 20:09:24 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2005/12/10 21:03:53 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/11/23 20:55:55 | 000,000,604 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2005/11/23 20:54:05 | 000,000,189 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2005/11/23 20:53:56 | 000,047,616 | R--- | C] () -- C:\WINDOWS\ucmsp_32.dll
[2005/11/23 20:53:46 | 000,006,932 | ---- | C] () -- C:\WINDOWS\System32\glscan.sys
[2005/11/23 20:50:09 | 000,000,019 | ---- | C] () -- C:\WINDOWS\OPLEINST.INI
[2005/11/23 20:42:09 | 000,000,016 | ---- | C] () -- C:\WINDOWS\Temp.ini
[2005/11/23 20:38:11 | 000,000,026 | ---- | C] () -- C:\WINDOWS\Debug.ini
[2005/11/05 10:02:02 | 000,000,285 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2005/09/05 13:55:57 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/08/21 13:42:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/08/05 13:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 11:59:55 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe
[2005/07/30 11:21:23 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2005/07/27 09:25:25 | 000,036,660 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/07/26 00:32:58 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2005/07/25 20:05:05 | 000,000,715 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2005/07/25 20:02:34 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/07/17 06:15:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/07/17 06:08:36 | 000,001,944 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/07/17 06:03:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/07/17 06:01:07 | 001,247,400 | ---- | C] () -- C:\WINDOWS\System32\CTAA1.DAT
[2005/07/17 06:01:06 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2005/07/17 06:01:06 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/07/17 06:00:53 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000005-00000000-00000003-00001102-00000004-20061102}.dat
[2005/07/17 06:00:53 | 000,000,384 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000003-00001102-00000004-20061102}.dat
[2005/07/17 06:00:48 | 000,014,424 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2005/07/17 06:00:48 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/07/17 06:00:47 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2005/07/17 06:00:47 | 000,127,226 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2005/07/17 06:00:47 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2005/07/17 06:00:47 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2005/07/17 06:00:47 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005/07/17 06:00:27 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/07/17 05:40:04 | 000,264,466 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2005/07/17 05:40:04 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2005/07/17 05:40:00 | 000,000,017 | ---- | C] () -- C:\WINDOWS\System32\drivers\DVEMODEM.DAT
[2005/07/17 05:39:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/07/17 05:39:24 | 000,000,377 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/02/03 19:59:48 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\metaflac.exe
[2005/02/03 19:59:44 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\flac.exe
[2004/08/19 13:20:39 | 000,000,884 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/19 13:12:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/19 13:03:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/19 13:01:43 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/19 12:57:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/19 12:57:07 | 003,720,408 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/19 12:49:51 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/19 12:49:47 | 000,445,798 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/19 12:49:47 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/19 12:49:47 | 000,073,004 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/19 12:49:47 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/19 12:49:47 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/19 12:49:44 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/19 12:49:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/19 12:49:38 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/19 12:49:38 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/19 12:49:30 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/19 12:49:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/04/18 15:43:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/04/18 15:43:44 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2002/10/06 10:42:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 15:04:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/04 15:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 15:04:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2001/07/07 02:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2011/12/11 20:19:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010/07/24 13:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/03/20 21:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\com.comcast.access
[2008/01/27 17:16:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/05/16 10:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2006/07/04 10:12:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2011/03/12 14:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeApp
[2009/08/02 23:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2008/12/28 13:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Genie-Soft
[2011/04/09 10:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2008/04/14 19:45:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JCreator
[2008/05/24 00:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
[2008/06/23 20:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NetgearLANUpdate
[2010/05/16 10:02:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2005/07/26 00:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2010/05/16 10:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\People
[2010/05/16 10:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Piano Med
[2010/05/16 10:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Plug-Ins
[2011/08/25 22:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/05/16 10:13:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sci-Fi
[2010/08/21 11:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010/08/21 22:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2008/05/24 00:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tanagra
[2007/12/22 22:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/05/16 10:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2007/01/27 20:59:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/05/17 09:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/07/06 16:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wondershare
[2009/03/19 23:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/04 07:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/12 16:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/09 23:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/12/28 13:36:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellisa\Application Data\Genie-soft
[2008/04/14 19:48:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellisa\Application Data\JCreator
[2008/05/31 14:36:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellisa\Application Data\Memeo
[2005/08/13 10:50:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellisa\Application Data\Otto
[2007/07/11 20:00:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellisa\Application Data\Snapfish
[2007/01/29 19:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ellisa\Application Data\Viewpoint
[2007/03/01 16:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Viewpoint
[2008/12/28 13:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mee-Kyung\Application Data\Genie-soft
[2008/05/25 18:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mee-Kyung\Application Data\Memeo
[2011/03/13 16:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mee-Kyung\Application Data\TigerPlayer
[2012/01/03 17:01:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mee-Kyung\Application Data\Unity
[2007/01/28 21:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mee-Kyung\Application Data\Viewpoint
[2010/06/23 20:35:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mee-Kyung\Application Data\ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1
[2009/01/17 10:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\Genie-soft
[2008/05/31 10:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich\Application Data\Memeo
[2012/01/22 14:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\BitComet
[2007/10/04 13:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\Canon
[2010/03/20 21:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1
[2011/01/23 16:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\CometPlayer
[2006/12/19 07:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\G-Force
[2009/08/02 23:53:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\GARMIN
[2008/12/28 13:35:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\Genie-soft
[2010/03/13 09:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\GlarySoft
[2011/06/17 22:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\HDRsoft
[2011/03/12 15:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\IObit
[2008/04/14 19:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\JCreator
[2005/07/25 21:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\Leadertech
[2008/07/27 12:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\LimeWire
[2008/05/24 00:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\Memeo
[2008/02/29 22:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\NCH Swift Sound
[2010/05/16 10:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\Nikon
[2005/07/26 00:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\Otto
[2010/08/15 11:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\Publish Providers
[2005/12/10 21:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\Simple Star
[2008/10/06 22:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\SmartDraw
[2008/04/05 12:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\Snapfish
[2010/08/20 06:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\Sony
[2006/12/16 09:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\SoundSpectrum
[2011/05/10 22:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\TeamViewer
[2008/12/22 19:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\Thinstall
[2010/05/21 08:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\Thunderbird
[2011/01/23 16:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\tigerplayer
[2007/01/27 20:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\Viewpoint
[2010/12/12 11:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sherman\Application Data\WeatherBug
[2012/01/25 18:25:23 | 000,000,330 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2012/01/25 18:25:23 | 000,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag_Startup.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2005/12/05 19:22:49 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/01/02 08:02:49 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/01/02 08:02:49 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/01/02 08:02:49 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/01/02 08:02:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/01/02 08:02:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/01/02 08:02:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/01/02 08:02:49 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/01/02 08:02:49 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/01/02 08:02:49 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/01/02 08:02:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/01/02 08:02:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/01/02 08:02:53 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)

< C:\Windows\assembly\tmp\U\*.* /s >

< End of report >

I didn't see a second log called Extras.Txt though.

Thanks.

#15
Essexboy

Posted 26 January 2012 - 12:40 PM

GeekU Moderator

Retired Staff
69,964 posts

Sorry there will not be an extras this time

Once this run has completed then check google again

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 69 D4 64 00 5E D7 84 45 86 FE D4 B9 27 A4 2D EA [binary data]
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 69 D4 64 00 5E D7 84 45 86 FE D4 B9 27 A4 2D EA [binary data]
IE - HKU\S-1-5-21-2195040411-3469293690-431585837-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/m/
[2010/10/17 10:31:47 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\Sherman\Application Data\Mozilla\Firefox\Profiles\ln0itgw4.default\searchplugins\web-search.xml
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} http://fpdownload2.m...ash/swflash.cab (Reg Error: Value error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,26/mcgdmgr.cab (Reg Error: Value error.)

:Reg
[HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.