[njlock]

latest update, system is still very unstable, everytime I try to do tweaks, I get blue screen. still being blocked to microsoft sites,

please check my otl & extra logs at end, thx again

Update to below, I had time to mess with this old dog, and found I had a jumper setting in wrong position, it was on master, not cable select. SO now I can start it, and it runs decently. So I'm trying to tweak it with tuneup utilities 2011, getting a lot of errors, wants a hard disc repair/scan disk Doctor? starts that, bang blue screen! but it will restart now, but again with the can't find primary drive, press f1 to continue, fairly normal startup after that. But- getting the red x for security center message, automatic windows update is not selected, so I try to select it, says not able to, etc, can't select auto updates, so I try to select windows updates from the all programs menu, opens a browser, and fails to connect? so I'm thinking, maybe I'm not connected, but open another window, and connect to another site no problem. (even from microsoft.com, blocks me when I try to get to update page/site) OK so something seems to be blocking me from trying to update? So now I'm running a full mawarebytes scan, just looked over (I'm on my computer) and it seems to have locked up 39 seconds into scan? I'm gonna leave it alone for awhile, and see if it can complete, then I'll try get an otl scan on here

I'll just keep editing this so you guys don't think someone's already helping me. Maybe we can salvage this old dog?
thx

My neice (17, high funtioning autistic) came down to visit her sister & me for a week, she apparently downloaded a game and a nasty on my neices (my other neice, an employee at my business)computer. Thank god I had left instructions for her not to touch my computer. Any way actually was getting the blue screen over & over, nothing would work, safe mode, last good config, etc. So I disconnected my slave (secondary) hard drive, got it to start, that's when I started to get all the pop-ups.
I used RogueKiller to get rid of xp total security, then ran Malwarebytes' Anti-Malware, which showed about 4 more infections, it actually restarted after that, but ran super slow as to be unusable, I was getting a startup message about can't locate primary drive, press f1 to continue, f2 for setup. f1 would let me startup, but again, super slow basically unusable, I tried to adjust setup settings (f2) thinking maybe it does'nt recognize the hard drive as primary, worth a try? some where along this line, It went back to blue screen, and nothing I do makes a difference? I changed hard drives jumpers to cable select, no difference. My original thought, even from the first blue screen, was the hard drive or even the mother board(?) was shot, this is a 5 year old dell dimension 4600 xp,

I don't know if its worth even trying to get this old dog running, I only need very basic usage for this PC, so any basic new low end PC would be an improvement, and have actually ordered a cheap pc setup as replacement.
I don't wanna waste a lot of resources here, so I guess I'm just curious if this xp total bs crap, could be the cause of this blue screen? ( or just a coincidence with system/hard-drive dying?) And if there's any easy fix?

Thanks

OTL logfile created on: 8/6/2011 12:35:58 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\DAVE\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 70.55% Memory free
3.35 Gb Paging File | 2.83 Gb Available in Paging File | 84.45% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.49 Gb Total Space | 42.50 Gb Free Space | 59.45% Space Free | Partition Type: NTFS

Computer Name: DAVID-BLACK4600 | User Name: DAVE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/06 12:34:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DAVE\Desktop\OTL.exe
PRC - [2011/07/20 04:40:40 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011/07/20 04:38:40 | 001,526,592 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011/07/08 07:55:36 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/08 07:55:36 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/08/06 12:34:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DAVE\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/07/20 04:38:40 | 001,526,592 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/07/20 04:35:34 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/07/08 07:55:36 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2004/08/17 20:00:00 | 000,073,728 | -H-- | M] () [Auto | Running] -- C:\WINDOWS\system32\6to4ex.dll -- (6to4)


========== Driver Services (SafeList) ==========

DRV - [2011/08/06 12:27:01 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05350E50-1F42-40F4-A0F0-D18BC43B4814}\MpKsl0848ca1d.sys -- (MpKsl0848ca1d)
DRV - [2011/08/06 11:50:47 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05350E50-1F42-40F4-A0F0-D18BC43B4814}\MpKsl9091523e.sys -- (MpKsl9091523e)
DRV - [2011/08/06 10:41:57 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05350E50-1F42-40F4-A0F0-D18BC43B4814}\MpKsl4e60bcc0.sys -- (MpKsl4e60bcc0)
DRV - [2011/08/06 10:07:15 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05350E50-1F42-40F4-A0F0-D18BC43B4814}\MpKsl0a2e52da.sys -- (MpKsl0a2e52da)
DRV - [2011/07/08 07:55:36 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/02/10 11:22:58 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2004/03/05 23:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 23:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 23:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 23:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



Hosts file not found
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll (Google Inc.)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1262909885852 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto....veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/07 19:02:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/06 12:34:42 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DAVE\Desktop\OTL.exe
[2011/08/06 10:55:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/08/04 15:58:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2011/08/04 10:16:15 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2011/08/04 10:13:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/08/04 10:09:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAVE\Application Data\Malwarebytes
[2011/08/04 10:08:37 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/04 10:08:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/04 10:08:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/08/04 10:08:07 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/04 10:08:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/04 10:06:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAVE\Desktop\RK_Quarantine
[2011/08/04 09:44:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/08/04 09:44:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/07/29 14:04:14 | 000,398,760 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\cpnprt2.cid
[2011/07/29 14:04:11 | 000,398,760 | ---- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2011/07/29 14:04:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Coupons
[2011/07/29 14:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2011/07/28 13:55:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAVE\Local Settings\Application Data\PhotoChannel
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[237 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/06 12:42:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4CE79A16-1219-4577-AE0A-F74FF62B600B}.job
[2011/08/06 12:40:03 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/06 12:34:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DAVE\Desktop\OTL.exe
[2011/08/06 12:31:59 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/08/06 12:26:48 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/06 12:26:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/06 11:21:04 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/06 09:44:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/04 16:08:49 | 000,000,225 | ---- | M] () -- C:\WINDOWS\MYOBP.INI
[2011/08/04 16:08:30 | 000,000,119 | ---- | M] () -- C:\WINDOWS\SwDrvs.ini
[2011/08/04 16:08:30 | 000,000,039 | ---- | M] () -- C:\WINDOWS\MYOB.INI
[2011/08/04 10:08:45 | 000,000,834 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/04 09:44:39 | 000,018,916 | -HS- | M] () -- C:\Documents and Settings\DAVE\Local Settings\Application Data\b5qd4s4dm0c6py7b1st7v0i1v82y3085l6f0wt1
[2011/08/04 09:44:39 | 000,018,916 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\b5qd4s4dm0c6py7b1st7v0i1v82y3085l6f0wt1
[2011/08/03 16:16:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\DAVE\Local Settings\Application Data\vddw.exe
[2011/08/03 16:16:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\DAVE\Local Settings\Application Data\uqki.exe
[2011/08/03 16:16:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\DAVE\Local Settings\Application Data\txpi.exe
[2011/08/03 16:16:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\DAVE\Local Settings\Application Data\odlq.exe
[2011/08/03 16:16:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\htqd.exe
[2011/08/03 16:16:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\gqpc.exe
[2011/08/03 16:16:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\galm.exe
[2011/08/03 16:16:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\efkr.exe
[2011/08/02 12:07:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/29 14:04:14 | 000,398,760 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\cpnprt2.cid
[2011/07/29 14:04:11 | 000,398,760 | ---- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2011/07/27 18:01:42 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/07/20 13:57:14 | 000,000,841 | ---- | M] () -- C:\Documents and Settings\DAVE\Desktop\OpenOffice EXCEL.lnk
[2011/07/20 04:41:22 | 000,031,552 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
[2011/07/20 04:35:34 | 000,029,504 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2011/07/13 18:19:54 | 000,118,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 18:01:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/08 07:55:36 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/08 07:55:36 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[237 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/04 10:08:45 | 000,000,834 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/03 16:16:51 | 000,018,916 | -HS- | C] () -- C:\Documents and Settings\DAVE\Local Settings\Application Data\b5qd4s4dm0c6py7b1st7v0i1v82y3085l6f0wt1
[2011/08/03 16:16:51 | 000,018,916 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\b5qd4s4dm0c6py7b1st7v0i1v82y3085l6f0wt1
[2011/08/03 16:16:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\DAVE\Local Settings\Application Data\vddw.exe
[2011/08/03 16:16:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\DAVE\Local Settings\Application Data\uqki.exe
[2011/08/03 16:16:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\DAVE\Local Settings\Application Data\txpi.exe
[2011/08/03 16:16:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\DAVE\Local Settings\Application Data\odlq.exe
[2011/08/03 16:16:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\htqd.exe
[2011/08/03 16:16:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\gqpc.exe
[2011/08/03 16:16:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\galm.exe
[2011/08/03 16:16:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\efkr.exe
[2011/07/27 18:06:35 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/07/20 13:57:14 | 000,000,841 | ---- | C] () -- C:\Documents and Settings\DAVE\Desktop\OpenOffice EXCEL.lnk
[2011/04/16 09:46:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/15 15:26:52 | 000,000,225 | ---- | C] () -- C:\WINDOWS\MYOBP.INI
[2011/04/15 15:26:52 | 000,000,119 | ---- | C] () -- C:\WINDOWS\SwDrvs.ini
[2011/04/15 15:26:52 | 000,000,039 | ---- | C] () -- C:\WINDOWS\MYOB.INI
[2010/01/07 22:59:15 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2010/01/07 21:03:53 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010/01/07 20:44:22 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\DAVE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/07 20:37:44 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/01/07 20:26:22 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2010/01/07 19:07:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/01/07 19:00:09 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/01/07 13:54:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/01/07 13:53:45 | 000,118,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/17 20:00:00 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\6to4ex.dll
[2003/07/16 16:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 16:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 16:41:25 | 000,311,604 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 16:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 16:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 16:41:21 | 000,039,992 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 16:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 16:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 16:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 16:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

========== LOP Check ==========

[2011/03/05 19:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/01/07 20:14:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/03/24 17:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kFlJfNg08511
[2011/04/16 08:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/04/21 11:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WH Software
[2011/04/16 08:31:29 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/05/19 10:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/15 16:45:02 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2011/04/15 16:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVE\Application Data\OpenOffice.org
[2011/04/16 08:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVE\Application Data\TuneUp Software
[2011/08/06 12:31:59 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/08/06 12:42:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{4CE79A16-1219-4577-AE0A-F74FF62B600B}.job

========== Purity Check ==========



< End of report >


OTL Extras logfile created on: 8/6/2011 12:35:58 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\DAVE\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 70.55% Memory free
3.35 Gb Paging File | 2.83 Gb Available in Paging File | 84.45% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.49 Gb Total Space | 42.50 Gb Free Space | 59.45% Space Free | Partition Type: NTFS

Computer Name: DAVID-BLACK4600 | User Name: DAVE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Setup.exe" = E:\Setup.exe:*:Enabled:Setup


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{27B1EB20-36B9-11DF-6784-088ACD3A18BE}" = InstaCode
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"ie8" = Windows Internet Explorer 8
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft Security Client" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PROSet" = Intel® PRO Network Connections Drivers
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AOL Messaging Toolbar" = AOL Messaging Toolbar
"LastPass" = LastPass (uninstall only)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/25/2011 7:01:02 PM | Computer Name = DAVID-BLACK4600 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/25/2011 7:01:02 PM | Computer Name = DAVID-BLACK4600 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 4/15/2011 2:49:11 PM | Computer Name = DAVID-BLACK4600 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8107.0,
P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 4/16/2011 11:12:08 AM | Computer Name = DAVID-BLACK4600 | Source = Application Hang | ID = 1002
Description = Hanging application mshta.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/21/2011 11:15:09 AM | Computer Name = DAVID-BLACK4600 | Source = Application Hang | ID = 1002
Description = Hanging application soffice.bin, version 3.3.9556.500, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/21/2011 11:16:41 AM | Computer Name = DAVID-BLACK4600 | Source = Application Hang | ID = 1002
Description = Hanging application soffice.bin, version 3.3.9556.500, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/29/2011 8:36:37 AM | Computer Name = DAVID-BLACK4600 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/29/2011 8:36:40 AM | Computer Name = DAVID-BLACK4600 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 4/29/2011 8:41:08 AM | Computer Name = DAVID-BLACK4600 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/29/2011 8:41:10 AM | Computer Name = DAVID-BLACK4600 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

[ System Events ]
Error - 8/5/2011 3:15:00 AM | Computer Name = DAVID-BLACK4600 | Source = Schedule | ID = 7901
Description = The At4.job command failed to start due to the following error: %%2147942402

Error - 8/5/2011 4:15:00 AM | Computer Name = DAVID-BLACK4600 | Source = Schedule | ID = 7901
Description = The At5.job command failed to start due to the following error: %%2147942402

Error - 8/5/2011 5:15:00 AM | Computer Name = DAVID-BLACK4600 | Source = Schedule | ID = 7901
Description = The At6.job command failed to start due to the following error: %%2147942402

Error - 8/5/2011 5:39:55 AM | Computer Name = DAVID-BLACK4600 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 8/6/2011 9:45:45 AM | Computer Name = DAVID-BLACK4600 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 8/6/2011 9:55:27 AM | Computer Name = DAVID-BLACK4600 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.109.967.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 8/6/2011 9:58:22 AM | Computer Name = DAVID-BLACK4600 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 8/6/2011 10:52:00 AM | Computer Name = DAVID-BLACK4600 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.109.967.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 8/6/2011 11:40:01 AM | Computer Name = DAVID-BLACK4600 | Source = Microsoft Antimalware | ID = 5008
Description = %%860 engine has been terminated due to an unexpected error. Failure
Type: %%830 Exception code: 0xc0000005 Resource: file:C:\Program Files\OpenOffice.org
3\Basis\share\template\wizard\letter\pt\off-office_l.ott

Error - 8/6/2011 12:37:02 PM | Computer Name = DAVID-BLACK4600 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.109.967.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.


< End of report >

Edited by njlock, 06 August 2011 - 11:06 AM.

[Advertisements]

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

• Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  
• Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  
• If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  
• If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  
• Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  
• Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  
• I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together
  Because of this, you must reply within three days failure to reply will result in the topic being closed!
  
• Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
  Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Can you please post the contents of the Extras.txt log for me to review?


Please download UnHide.exe by Grinler.

It will unhide folders/files that were set to be hidden by the infection you had.



NEXT:



OTL Fix

We need to run an OTL Fix

• Please reopen on your desktop.
• Copy and Paste the following code into the textbox.
  

  :Services
  :Processes
  KILLALLPROCESSES
  :OTL
  IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Value error. File not found
  FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
  [2011/02/16 11:00:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
  O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net
  O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net
  O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net
  O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
  O2 - BHO: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Value error. File not found
  O3 - HKLM\..\Toolbar: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Value error. File not found
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
  O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
  O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
  O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
  O33 - MountPoints2\{54d91b7f-515d-11e0-94ee-485b39953b7f}\Shell - "" = AutoRun
  O33 - MountPoints2\{54d91b7f-515d-11e0-94ee-485b39953b7f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007/07/03 17:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
  O33 - MountPoints2\{54d91b81-515d-11e0-94ee-485b39953b7f}\Shell - "" = AutoRun
  O33 - MountPoints2\{54d91b81-515d-11e0-94ee-485b39953b7f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007/07/03 17:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
  O33 - MountPoints2\{54d91b82-515d-11e0-94ee-485b39953b7f}\Shell - "" = AutoRun
  O33 - MountPoints2\{54d91b82-515d-11e0-94ee-485b39953b7f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007/07/03 17:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
  O33 - MountPoints2\{54d91b83-515d-11e0-94ee-485b39953b7f}\Shell - "" = AutoRun
  O33 - MountPoints2\{54d91b83-515d-11e0-94ee-485b39953b7f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007/07/03 17:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
  O33 - MountPoints2\{54d91b84-515d-11e0-94ee-485b39953b7f}\Shell - "" = AutoRun
  O33 - MountPoints2\{54d91b84-515d-11e0-94ee-485b39953b7f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007/07/03 17:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
  O33 - MountPoints2\{5e1b2097-7b48-11e0-981b-485b39953b7f}\Shell - "" = AutoRun
  O33 - MountPoints2\{5e1b2097-7b48-11e0-981b-485b39953b7f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007/07/03 17:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
  O33 - MountPoints2\{66befa32-2547-11e0-975e-485b39953b7f}\Shell - "" = AutoRun
  O33 - MountPoints2\{66befa32-2547-11e0-975e-485b39953b7f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007/07/03 17:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
  O33 - MountPoints2\G\Shell - "" = AutoRun
  O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007/07/03 17:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
  [4 C:\WINDOWS.0\System32\*.tmp files -> C:\WINDOWS.0\System32\*.tmp -> ]
  [4 C:\WINDOWS.0\*.tmp files -> C:\WINDOWS.0\*.tmp -> ]
  [1 C:\Documents and Settings\Cesar.COLOSSUS\*.tmp files -> C:\Documents and Settings\Cesar.COLOSSUS\*.tmp -> ]
  
  :Reg
  
  :Files
  dir /s /a "C:\Documents and Settings\Cesar.COLOSSUS\Datos de programa\QuickScan" /c
  echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
  ipconfig /flushdns /c
  :Commands
  [purity]
  [resethosts]
  [CreateRestorePoint]
  [emptytemp]
  [EMPTYFLASH]
  

• Push
• OTL may ask to reboot the machine. Please do so if asked.
• Click the OK button.
• A report will open. Copy and Paste that report in your next reply.
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:



Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

• IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  
  Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
  
• Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

[SweetTech]

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

• Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  
• Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  
• If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  
• If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  
• Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  
• Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  
• I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together
  Because of this, you must reply within three days failure to reply will result in the topic being closed!
  
• Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
  Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Can you please post the contents of the Extras.txt log for me to review?


Please download UnHide.exe by Grinler.

It will unhide folders/files that were set to be hidden by the infection you had.



NEXT:



OTL Fix

We need to run an OTL Fix

• Please reopen on your desktop.
• Copy and Paste the following code into the textbox.
  

  :Services
  :Processes
  KILLALLPROCESSES
  :OTL
  IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Value error. File not found
  FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
  [2011/02/16 11:00:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
  O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net
  O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net
  O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net
  O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
  O2 - BHO: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Value error. File not found
  O3 - HKLM\..\Toolbar: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Value error. File not found
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
  O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
  O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
  O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
  O33 - MountPoints2\{54d91b7f-515d-11e0-94ee-485b39953b7f}\Shell - "" = AutoRun
  O33 - MountPoints2\{54d91b7f-515d-11e0-94ee-485b39953b7f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007/07/03 17:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
  O33 - MountPoints2\{54d91b81-515d-11e0-94ee-485b39953b7f}\Shell - "" = AutoRun
  O33 - MountPoints2\{54d91b81-515d-11e0-94ee-485b39953b7f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007/07/03 17:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
  O33 - MountPoints2\{54d91b82-515d-11e0-94ee-485b39953b7f}\Shell - "" = AutoRun
  O33 - MountPoints2\{54d91b82-515d-11e0-94ee-485b39953b7f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007/07/03 17:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
  O33 - MountPoints2\{54d91b83-515d-11e0-94ee-485b39953b7f}\Shell - "" = AutoRun
  O33 - MountPoints2\{54d91b83-515d-11e0-94ee-485b39953b7f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007/07/03 17:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
  O33 - MountPoints2\{54d91b84-515d-11e0-94ee-485b39953b7f}\Shell - "" = AutoRun
  O33 - MountPoints2\{54d91b84-515d-11e0-94ee-485b39953b7f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007/07/03 17:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
  O33 - MountPoints2\{5e1b2097-7b48-11e0-981b-485b39953b7f}\Shell - "" = AutoRun
  O33 - MountPoints2\{5e1b2097-7b48-11e0-981b-485b39953b7f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007/07/03 17:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
  O33 - MountPoints2\{66befa32-2547-11e0-975e-485b39953b7f}\Shell - "" = AutoRun
  O33 - MountPoints2\{66befa32-2547-11e0-975e-485b39953b7f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007/07/03 17:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
  O33 - MountPoints2\G\Shell - "" = AutoRun
  O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007/07/03 17:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)
  [4 C:\WINDOWS.0\System32\*.tmp files -> C:\WINDOWS.0\System32\*.tmp -> ]
  [4 C:\WINDOWS.0\*.tmp files -> C:\WINDOWS.0\*.tmp -> ]
  [1 C:\Documents and Settings\Cesar.COLOSSUS\*.tmp files -> C:\Documents and Settings\Cesar.COLOSSUS\*.tmp -> ]
  
  :Reg
  
  :Files
  dir /s /a "C:\Documents and Settings\Cesar.COLOSSUS\Datos de programa\QuickScan" /c
  echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
  ipconfig /flushdns /c
  :Commands
  [purity]
  [resethosts]
  [CreateRestorePoint]
  [emptytemp]
  [EMPTYFLASH]
  

• Push
• OTL may ask to reboot the machine. Please do so if asked.
• Click the OK button.
• A report will open. Copy and Paste that report in your next reply.
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:



Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

• IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  
  Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
  
• Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

[njlock]

Hi ST, thanks for your help.

oh where do I begin?? I've been bad and impatient. while waiting for a response, I tried to do a windows system disk repair, where windows is reinstalled, but not wiped clean. seemed to make system more stable, but also seemed to give whatever virus I'm infected with a tighter grip.
my anti virus and malwarebytes can't load now at all.
the original extras log is posted in 1st post above (last file)
did the unhide
did the otl fix
the combo fix did not run sucessfully, there was a file "trying to attach itself, ...." and I was'nt paying attention (sorry) to your instructions and tried to run it again, and got a "windows can't start....... error" on restart, tried to do some research on how to fix that but seemed confusing and complicted (a long multi step microsoft fix for non oem xp installs, and I beleive mine is an oem)
wound up doing the windows system disk repair/reinstall thing again, and I'm up again with my sick machine, I decided to tuck tail, stop and wait to post here for further instructions.
thanks





All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found.
Folder C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{54d91b7f-515d-11e0-94ee-485b39953b7f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54d91b7f-515d-11e0-94ee-485b39953b7f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{54d91b7f-515d-11e0-94ee-485b39953b7f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54d91b7f-515d-11e0-94ee-485b39953b7f}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{54d91b81-515d-11e0-94ee-485b39953b7f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54d91b81-515d-11e0-94ee-485b39953b7f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{54d91b81-515d-11e0-94ee-485b39953b7f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54d91b81-515d-11e0-94ee-485b39953b7f}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{54d91b82-515d-11e0-94ee-485b39953b7f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54d91b82-515d-11e0-94ee-485b39953b7f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{54d91b82-515d-11e0-94ee-485b39953b7f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54d91b82-515d-11e0-94ee-485b39953b7f}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{54d91b83-515d-11e0-94ee-485b39953b7f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54d91b83-515d-11e0-94ee-485b39953b7f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{54d91b83-515d-11e0-94ee-485b39953b7f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54d91b83-515d-11e0-94ee-485b39953b7f}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{54d91b84-515d-11e0-94ee-485b39953b7f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54d91b84-515d-11e0-94ee-485b39953b7f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{54d91b84-515d-11e0-94ee-485b39953b7f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54d91b84-515d-11e0-94ee-485b39953b7f}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e1b2097-7b48-11e0-981b-485b39953b7f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e1b2097-7b48-11e0-981b-485b39953b7f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e1b2097-7b48-11e0-981b-485b39953b7f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e1b2097-7b48-11e0-981b-485b39953b7f}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{66befa32-2547-11e0-975e-485b39953b7f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66befa32-2547-11e0-975e-485b39953b7f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{66befa32-2547-11e0-975e-485b39953b7f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66befa32-2547-11e0-975e-485b39953b7f}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\AutoRun.exe not found.
File/Folder C:\WINDOWS.0\System32\*.tmp not found.
File/Folder C:\WINDOWS.0\*.tmp not found.
File/Folder C:\Documents and Settings\Cesar.COLOSSUS\*.tmp not found.
========== REGISTRY ==========
========== FILES ==========
< dir /s /a "C:\Documents and Settings\Cesar.COLOSSUS\Datos de programa\QuickScan" /c >
C:\Documents and Settings\DAVE\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\DAVE\Desktop\cmd.txt deleted successfully.
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\WINDOWS\system32\drivers\etc\hosts
C:\Documents and Settings\DAVE\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\DAVE\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\DAVE\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\DAVE\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (4294967296)

[EMPTYTEMP]

User: All Users

User: DAVE
->Temp folder emptied: 28793863 bytes
->Temporary Internet Files folder emptied: 305961228 bytes
->Java cache emptied: 1666307 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 51602 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 34346 bytes
->Flash cache emptied: 343 bytes

User: NetworkService
->Temp folder emptied: 442808 bytes
->Temporary Internet Files folder emptied: 87987668 bytes
->Flash cache emptied: 20797 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3304489 bytes
%systemroot%\System32 .tmp files removed: 78818204 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 37694341 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 61527288 bytes
RecycleBin emptied: 83412894 bytes

Total Files Cleaned = 658.00 mb


[EMPTYFLASH]

User: All Users

User: DAVE
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 08092011_125108

Files\Folders moved on Reboot...
C:\Documents and Settings\DAVE\Local Settings\Temporary Internet Files\Content.IE5\3UBDBIOK\page__p__2045097__fromsearch__1[1] moved successfully.
C:\WINDOWS\temp\fla28E.tmp moved successfully.
C:\WINDOWS\temp\fla293.tmp moved successfully.
C:\WINDOWS\temp\fla298.tmp moved successfully.
C:\WINDOWS\temp\fla6D.tmp moved successfully.
C:\WINDOWS\temp\fla9A.tmp moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MCCOG8W1\1716108058[1] moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MCCOG8W1\CAEIQKZ1.htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MCCOG8W1\CAO9QV0H.php moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MCCOG8W1\tc441568b2[2] moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MCCOG8W1\UPug[1] moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MCCOG8W1\UPug[2] moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HABGUECW\channels[1] moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HABGUECW\frame[1].html moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HABGUECW\fw-nonplayer-banner[1].php moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HABGUECW\GetAdDirector_BannerCreative[1].asp moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HABGUECW\xd_receiver[1].php moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\APKZE7O9\bestofyoutube.mevio[1] moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\APKZE7O9\data_sync[1].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\APKZE7O9\dot[1].gif moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\APKZE7O9\emily[1].html moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\APKZE7O9\frame[1].htm moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\APKZE7O9\frm[1].html moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\APKZE7O9\fw-nonplayer-banner[1].php moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\APKZE7O9\gamesweaseltv.mevio[1] moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\APKZE7O9\login_status[1].php moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\APKZE7O9\pixel[1] moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\3RZTFKQI\companion[1] moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\3RZTFKQI\emily[1] moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\3RZTFKQI\fw-nonplayer-banner[1].php moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\3RZTFKQI\GetAdDirector_BannerCreative[1].asp moved successfully.
C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\3RZTFKQI\na[1].htm moved successfully.

Registry entries deleted on Reboot...

Edited by njlock, 10 August 2011 - 08:24 AM.

[SweetTech]

Hi!

Thanks for that information, and I'm sorry to hear you experienced issues with some of the instructions in my previous post.

Lets take a step back and run some new scans, so I can see what the current state of the PC is.

Scanning with GMER

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Download GMER Rootkit Scanner from here or here.

• Extract the contents of the zipped file to desktop.
• Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  
  
  Click the image to enlarge it
  
• In the right panel, you will see several boxes that have been checked. Uncheck the following ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  
• Save it where you can easily find it, such as your desktop, and attach it in your reply.

Notes:
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.



NEXT:



Re-Running OTL

We need to create a New FULL OTL Report

• Please download OTL from here if you have not done so already:
  
  • Main Mirror
  • Mirror
• Save it to your desktop.
• Double click on the icon on your desktop.
• Click the "Scan All Users" checkbox.
• Change the "Extra Registry" option to "SafeList"
• Push the button.
• Two reports will open, copy and paste them in a reply here:
  
  • OTL.txt <-- Will be opened
  • Extras.txt <-- Will be minimized

[njlock]

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-11 12:00:26
Windows 5.1.2600 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdePort0 ST380011A rev.8.16
Running: gmer.exe; Driver: C:\DOCUME~1\DAVE\LOCALS~1\Temp\fgwyifoc.sys


---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1100] ntdll.dll!NtProtectVirtualMemory 77F75F36 5 Bytes JMP 00AB000A
.text C:\WINDOWS\System32\svchost.exe[1100] ntdll.dll!NtWriteVirtualMemory 77F76768 5 Bytes JMP 00AC000A
.text C:\WINDOWS\System32\svchost.exe[1100] ntdll.dll!KiUserExceptionDispatcher 77FB4DAF 5 Bytes JMP 00AA000C
.text C:\WINDOWS\System32\svchost.exe[1100] ole32.dll!CoCreateInstance 771C2177 5 Bytes JMP 020A000B
.text C:\WINDOWS\System32\svchost.exe[1100] USER32.dll!GetCursorPos 77D441C0 5 Bytes JMP 020B000B
.text C:\WINDOWS\System32\svchost.exe[1100] USER32.dll!WindowFromPoint 77D4466B 5 Bytes JMP 0225000A
.text C:\WINDOWS\System32\svchost.exe[1100] USER32.dll!GetForegroundWindow 77D4686F 5 Bytes JMP 0227000A
.text C:\WINDOWS\Explorer.EXE[1476] ntdll.dll!NtProtectVirtualMemory 77F75F36 5 Bytes JMP 013F000A
.text C:\WINDOWS\Explorer.EXE[1476] ntdll.dll!NtWriteVirtualMemory 77F76768 5 Bytes JMP 0140000A
.text C:\WINDOWS\Explorer.EXE[1476] ntdll.dll!KiUserExceptionDispatcher 77FB4DAF 5 Bytes JMP 013E000C
.text C:\Program Files\Internet Explorer\iexplore.exe[2516] ntdll.dll!NtProtectVirtualMemory 77F75F36 5 Bytes JMP 0143000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2516] ntdll.dll!NtWriteVirtualMemory 77F76768 5 Bytes JMP 0168000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2516] ntdll.dll!KiUserExceptionDispatcher 77FB4DAF 5 Bytes JMP 0142000C

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T1L0-17 89BB631B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 89BB631B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 89BB631B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 89BB631B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-f 89BB631B

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\System32\alg.exe? (*** hidden *** ) [MANUAL] ALG <-- ROOTKIT !!!
Service C:\WINDOWS\system32\cisvc.exe? (*** hidden *** ) [MANUAL] CiSvc <-- ROOTKIT !!!
Service C:\WINDOWS\system32\clipsrv.exe? (*** hidden *** ) [MANUAL] ClipSrv <-- ROOTKIT !!!
Service C:\WINDOWS\system32\imapi.exe? (*** hidden *** ) [MANUAL] ImapiService <-- ROOTKIT !!!
Service C:\WINDOWS\system32\lsass.exe? (*** hidden *** ) [MANUAL] PolicyAgent <-- ROOTKIT !!!
Service C:\WINDOWS\system32\lsass.exe? (*** hidden *** ) [AUTO] ProtectedStorage <-- ROOTKIT !!!
Service C:\WINDOWS\system32\spoolsv.exe? (*** hidden *** ) [AUTO] Spooler <-- ROOTKIT !!!
Service C:\WINDOWS\System32\ups.exe? (*** hidden *** ) [MANUAL] UPS <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

OTL logfile created on: 8/11/2011 12:26:37 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\DAVE\Desktop
Windows XP Home Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 83.55% Memory free
3.85 Gb Paging File | 3.61 Gb Available in Paging File | 93.81% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.49 Gb Total Space | 45.95 Gb Free Space | 64.27% Space Free | Partition Type: NTFS
Drive G: | 976.11 Mb Total Space | 621.56 Mb Free Space | 63.68% Space Free | Partition Type: FAT

Computer Name: DAVID-BLACK4600 | User Name: DAVE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/06 12:34:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DAVE\Desktop\OTL.exe
PRC - [2011/07/08 07:55:36 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2003/07/16 16:28:11 | 001,004,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/08/06 12:34:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DAVE\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2003/07/16 16:36:01 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSIMTF.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wuauserv)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/07/20 04:38:40 | 001,526,592 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/07/20 04:35:34 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/07/08 07:55:36 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2003/07/16 16:36:35 | 000,047,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\mspmspsv.dll -- (WmdmPmSp)


========== Driver Services (SafeList) ==========

DRV - [2011/08/10 09:45:17 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05350E50-1F42-40F4-A0F0-D18BC43B4814}\MpKsl7c58938c.sys -- (MpKsl7c58938c)
DRV - [2011/07/08 07:55:36 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/02/10 11:22:58 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2004/03/05 23:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 23:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 23:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 23:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1292428093-448539723-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1292428093-448539723-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1292428093-448539723-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1292428093-448539723-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1292428093-448539723-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1292428093-448539723-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



Hosts file not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKU\.DEFAULT..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\S-1-5-18..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1292428093-448539723-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1292428093-448539723-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll (Google Inc.)
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1262909885852 (WUWebControl Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto....veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/07 19:02:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1292428093-448539723-839522115-1004..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1292428093-448539723-839522115-1004\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/11 12:05:18 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DAVE\Desktop\Copy of xOTL.exe
[2011/08/09 17:48:03 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/08/09 16:33:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/08/09 16:29:42 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2011/08/09 16:29:42 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2011/08/09 16:29:42 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2011/08/09 16:29:41 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2011/08/09 16:29:40 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2011/08/09 16:29:40 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2011/08/09 16:29:40 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2011/08/09 16:29:39 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2011/08/09 16:29:39 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2011/08/09 16:29:38 | 000,426,042 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2011/08/09 16:29:38 | 000,086,074 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2011/08/09 16:29:36 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2011/08/09 16:29:35 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2011/08/09 16:29:35 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2011/08/09 16:29:34 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2011/08/09 16:29:34 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2011/08/09 16:29:34 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2011/08/09 16:29:34 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2011/08/09 16:29:33 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2011/08/09 16:29:33 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2011/08/09 16:29:33 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2011/08/09 16:29:33 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2011/08/09 16:29:31 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2011/08/09 16:29:30 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2011/08/09 16:29:29 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2011/08/09 16:29:29 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2011/08/09 16:29:29 | 000,182,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2011/08/09 16:29:29 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2011/08/09 16:29:29 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2011/08/09 16:29:29 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2011/08/09 16:29:29 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2011/08/09 16:29:29 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2011/08/09 16:29:29 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2011/08/09 16:29:28 | 000,431,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2011/08/09 16:29:28 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2011/08/09 16:29:28 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2011/08/09 16:29:28 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2011/08/09 16:29:28 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2011/08/09 16:29:28 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpapi.dll
[2011/08/09 16:29:28 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2011/08/09 16:29:28 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2011/08/09 16:29:27 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2011/08/09 16:29:27 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2011/08/09 16:29:27 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2011/08/09 16:29:27 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2011/08/09 16:29:27 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2011/08/09 16:29:26 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2011/08/09 16:29:26 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2011/08/09 16:29:26 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2011/08/09 16:29:26 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2011/08/09 16:29:26 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2011/08/09 16:29:26 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2011/08/09 16:29:25 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2011/08/09 16:29:25 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2011/08/09 16:29:21 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seo.dll
[2011/08/09 16:29:21 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2011/08/09 16:29:21 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2011/08/09 16:29:20 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/08/09 16:29:20 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_rwnh.dll
[2011/08/09 16:29:19 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/08/09 16:29:19 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2011/08/09 16:29:19 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2011/08/09 16:29:18 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2011/08/09 16:29:18 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2011/08/09 16:29:18 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2011/08/09 16:29:16 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2011/08/09 16:29:16 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2011/08/09 16:29:16 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2011/08/09 16:29:14 | 000,479,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2011/08/09 16:29:14 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2011/08/09 16:29:14 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2011/08/09 16:29:14 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2011/08/09 16:29:14 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2011/08/09 16:29:14 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2011/08/09 16:29:13 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2011/08/09 16:29:13 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2011/08/09 16:29:13 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2011/08/09 16:29:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2011/08/09 16:29:12 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2011/08/09 16:29:12 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2011/08/09 16:29:10 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2011/08/09 16:29:08 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2011/08/09 16:29:07 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2011/08/09 16:29:03 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2011/08/09 16:29:03 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2011/08/09 16:28:58 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2011/08/09 16:28:58 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2011/08/09 16:28:57 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2011/08/09 16:28:57 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2011/08/09 16:28:56 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2011/08/09 16:28:56 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2011/08/09 16:28:55 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2011/08/09 16:28:54 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2011/08/09 16:28:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2011/08/09 16:28:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2011/08/09 16:28:53 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2011/08/09 16:28:53 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2011/08/09 16:28:53 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2011/08/09 16:28:53 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2011/08/09 16:28:52 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2011/08/09 16:28:52 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2011/08/09 16:28:52 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2011/08/09 16:28:52 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2011/08/09 16:28:52 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2011/08/09 16:28:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2011/08/09 16:28:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2011/08/09 16:28:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2011/08/09 16:28:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2011/08/09 16:28:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2011/08/09 16:28:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2011/08/09 16:28:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2011/08/09 16:28:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2011/08/09 16:28:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2011/08/09 16:28:50 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2011/08/09 16:28:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2011/08/09 16:28:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2011/08/09 16:28:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2011/08/09 16:28:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2011/08/09 16:28:50 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2011/08/09 16:28:49 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2011/08/09 16:28:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2011/08/09 16:28:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2011/08/09 16:28:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2011/08/09 16:28:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2011/08/09 16:28:49 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2011/08/09 16:28:49 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2011/08/09 16:28:48 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2011/08/09 16:28:48 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2011/08/09 16:28:48 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2011/08/09 16:28:48 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2011/08/09 16:28:48 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2011/08/09 16:28:47 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2011/08/09 16:28:45 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2011/08/09 16:28:45 | 000,315,452 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2011/08/09 16:28:45 | 000,274,490 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2011/08/09 16:28:45 | 000,262,201 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2011/08/09 16:28:45 | 000,233,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2011/08/09 16:28:45 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2011/08/09 16:28:45 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2011/08/09 16:28:45 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2011/08/09 16:28:44 | 000,716,857 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2011/08/09 16:28:44 | 000,360,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2011/08/09 16:28:44 | 000,307,258 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2011/08/09 16:28:44 | 000,208,953 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2011/08/09 16:28:44 | 000,155,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2011/08/09 16:28:44 | 000,081,977 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2011/08/09 16:28:44 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2011/08/09 16:28:43 | 000,827,438 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2011/08/09 16:28:43 | 000,340,013 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2011/08/09 16:28:43 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2011/08/09 16:28:43 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2011/08/09 16:28:43 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2011/08/09 16:28:43 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2011/08/09 16:28:43 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2011/08/09 16:28:42 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2011/08/09 16:28:39 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2011/08/09 16:28:32 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2011/08/09 16:28:32 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2011/08/09 16:28:31 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2011/08/09 16:28:30 | 000,395,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2011/08/09 16:28:30 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2011/08/09 16:28:30 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2011/08/09 16:28:30 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2011/08/09 16:28:29 | 000,559,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2011/08/09 16:28:29 | 000,250,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2011/08/09 16:28:29 | 000,236,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2011/08/09 16:28:29 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2011/08/09 16:28:29 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2011/08/09 16:28:29 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2011/08/09 16:28:29 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2011/08/09 16:28:29 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2011/08/09 16:28:29 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2011/08/09 16:28:29 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2011/08/09 16:28:29 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2011/08/09 16:28:29 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2011/08/09 16:28:28 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2011/08/09 16:28:28 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2011/08/09 16:28:28 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2011/08/09 16:28:28 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2011/08/09 16:28:28 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2011/08/09 16:28:28 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2011/08/09 16:28:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2011/08/09 16:28:27 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2011/08/09 16:28:27 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2011/08/09 16:28:27 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2011/08/09 16:28:27 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2011/08/09 16:28:26 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2011/08/09 16:28:26 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2011/08/09 16:28:26 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2011/08/09 16:28:26 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2011/08/09 16:28:26 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2011/08/09 16:28:26 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2011/08/09 16:28:26 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2011/08/09 16:28:25 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2011/08/09 16:28:18 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2011/08/09 16:28:16 | 000,057,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2011/08/09 16:28:16 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2011/08/09 16:28:14 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2011/08/09 16:28:14 | 000,201,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2011/08/09 16:28:14 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2011/08/09 16:28:13 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2011/08/09 16:28:13 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2011/08/09 16:28:13 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2011/08/09 16:28:13 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2011/08/09 16:28:12 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2011/08/09 16:28:12 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2011/08/09 16:28:12 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2011/08/09 16:28:12 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2011/08/09 16:28:12 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2011/08/09 16:28:11 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/08/09 16:28:10 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2011/08/09 16:28:10 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2011/08/09 16:28:10 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2011/08/09 16:28:08 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqueue.dll
[2011/08/09 16:28:08 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2011/08/09 16:28:08 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2011/08/09 16:28:08 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2011/08/09 16:28:08 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2011/08/09 16:28:07 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2011/08/09 16:28:07 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2011/08/09 16:28:07 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2011/08/09 16:28:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2011/08/09 16:28:03 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2011/08/09 16:28:02 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpsnap.dll
[2011/08/09 16:28:02 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpadm.dll
[2011/08/09 16:28:02 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2011/08/09 16:28:01 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2011/08/09 16:28:01 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2011/08/09 16:27:56 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2011/08/09 16:27:56 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2011/08/09 16:27:56 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2011/08/09 16:27:55 | 000,872,557 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2011/08/09 16:27:55 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2011/08/09 16:27:55 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2011/08/09 16:27:55 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2011/08/09 16:27:55 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2011/08/09 16:27:55 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2011/08/09 16:27:55 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2011/08/09 16:27:54 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2011/08/09 16:27:54 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2011/08/09 16:27:54 | 000,127,034 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2011/08/09 16:27:54 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2011/08/09 16:27:54 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2011/08/09 16:27:54 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2011/08/09 16:27:53 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2011/08/09 16:27:53 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2011/08/09 16:27:53 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2011/08/09 16:27:53 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2011/08/09 16:27:52 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2011/08/09 16:18:29 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwres.dll
[2011/08/09 16:18:29 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwutil.dll
[2011/08/09 16:18:29 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trialoc.dll
[2011/08/09 16:18:29 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwrmind.exe
[2011/08/09 16:18:28 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwhelp.dll
[2011/08/09 16:18:28 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe
[2011/08/09 16:18:28 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn.dll
[2011/08/09 16:17:18 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2011/08/09 16:17:18 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2011/08/09 16:12:36 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2011/08/09 16:12:36 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2011/08/09 16:12:36 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2011/08/09 16:12:36 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2011/08/09 14:05:05 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/09 14:00:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/09 14:00:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/09 14:00:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/09 14:00:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/09 13:12:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/09 13:12:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/09 13:11:03 | 004,168,373 | R--- | C] (Swearware) -- C:\Documents and Settings\DAVE\Desktop\ComboFix.exe
[2011/08/09 12:51:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/09 11:41:30 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2011/08/09 11:41:24 | 000,106,562 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srchctls.dll
[2011/08/09 11:41:23 | 003,346,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgr3en.dll
[2011/08/09 11:41:19 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoobe.exe
[2011/08/09 11:41:19 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobshel.dll
[2011/08/09 11:41:19 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobweb.dll
[2011/08/09 11:41:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobdl.dll
[2011/08/09 11:41:17 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uploadm.exe
[2011/08/09 11:41:16 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2011/08/09 11:41:16 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrslv.dll
[2011/08/09 11:41:16 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2011/08/09 11:41:16 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrcdlg.dll
[2011/08/09 11:41:16 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2011/08/09 11:41:16 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\racpldlg.dll
[2011/08/09 11:41:16 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2011/08/09 11:41:16 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrdm.dll
[2011/08/09 11:41:14 | 000,028,672 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll
[2011/08/09 11:41:14 | 000,028,672 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\isrdbg32.dll
[2011/08/09 11:41:13 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\confmrsl.dll
[2011/08/09 11:41:13 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/08/09 11:41:13 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mnmsrvc.exe
[2011/08/09 11:41:12 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabimp.dll
[2011/08/09 11:41:12 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\directdb.dll
[2011/08/09 11:41:12 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabfind.dll
[2011/08/09 11:41:12 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabmig.exe
[2011/08/09 11:41:11 | 002,479,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoeres.dll
[2011/08/09 11:41:11 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oeimport.dll
[2011/08/09 11:41:11 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2011/08/09 11:41:11 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetres.dll
[2011/08/09 11:41:10 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2011/08/09 11:41:10 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwphbk.dll
[2011/08/09 11:41:10 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oemig50.exe
[2011/08/09 11:41:10 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oemiglib.dll
[2011/08/09 11:41:09 | 000,266,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2011/08/09 11:41:09 | 000,266,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcfg.dll
[2011/08/09 11:41:09 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2011/08/09 11:41:09 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll
[2011/08/09 11:41:09 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2011/08/09 11:41:09 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwdial.dll
[2011/08/09 11:41:08 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwdl.dll
[2011/08/09 11:41:07 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn2.exe
[2011/08/09 11:41:07 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetwiz.exe
[2011/08/09 11:41:07 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2011/08/09 11:41:06 | 000,557,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dao360.dll
[2011/08/09 11:41:06 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledb32r.dll
[2011/08/09 11:41:05 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msader15.dll
[2011/08/09 11:41:05 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasqlr.dll
[2011/08/09 11:41:05 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaorar.dll
[2011/08/09 11:41:04 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaddsr.dll
[2011/08/09 11:41:04 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaremr.dll
[2011/08/09 11:41:04 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaprsr.dll
[2011/08/09 11:41:04 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcor.dll
[2011/08/09 11:41:03 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcer.dll
[2011/08/09 11:41:03 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcfr.dll
[2011/08/09 11:41:01 | 000,802,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2011/08/09 11:41:01 | 000,798,782 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srchui.dll
[2011/08/09 11:41:00 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe
[2011/08/09 11:40:59 | 000,806,969 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2011/08/09 11:40:59 | 000,221,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qmgr.dll
[2011/08/09 11:40:59 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2011/08/09 11:40:59 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qmgrprxy.dll
[2011/08/09 11:40:58 | 000,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobmain.dll
[2011/08/09 11:40:58 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobcomm.dll
[2011/08/09 11:40:58 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oobebaln.exe
[2011/08/09 11:40:56 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pchshell.dll
[2011/08/09 11:40:56 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pchsvc.dll
[2011/08/09 11:40:55 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2011/08/09 11:40:55 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msconfig.exe
[2011/08/09 11:40:54 | 000,742,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpctr.exe
[2011/08/09 11:40:54 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rstrui.exe
[2011/08/09 11:40:53 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2011/08/09 11:40:53 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srrstr.dll
[2011/08/09 11:40:53 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srsvc.dll
[2011/08/09 11:40:53 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll
[2011/08/09 11:40:53 | 000,069,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sr.sys
[2011/08/09 11:40:53 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srclient.dll
[2011/08/09 11:40:52 | 000,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll
[2011/08/09 11:40:52 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2011/08/09 11:40:52 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ils.dll
[2011/08/09 11:40:52 | 000,008,223 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll
[2011/08/09 11:40:51 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2011/08/09 11:40:51 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msconf.dll
[2011/08/09 11:40:51 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2011/08/09 11:40:51 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mnmdd.dll
[2011/08/09 11:40:51 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2011/08/09 11:40:51 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmmkcert.dll
[2011/08/09 11:40:50 | 000,360,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\callcont.dll
[2011/08/09 11:40:50 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmas.dll
[2011/08/09 11:40:50 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dcap32.dll
[2011/08/09 11:40:50 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmasnt.dll
[2011/08/09 11:40:49 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nac.dll
[2011/08/09 11:40:49 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rrcm.dll
[2011/08/09 11:40:49 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\h323cc.dll
[2011/08/09 11:40:48 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mst120.dll
[2011/08/09 11:40:48 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmwb.dll
[2011/08/09 11:40:48 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmchat.dll
[2011/08/09 11:40:48 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmcom.dll
[2011/08/09 11:40:48 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mst123.dll
[2011/08/09 11:40:47 | 000,995,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\conf.exe
[2011/08/09 11:40:47 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmoldwb.dll
[2011/08/09 11:40:47 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmft.dll
[2011/08/09 11:40:47 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2011/08/09 11:40:47 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoert2.dll
[2011/08/09 11:40:46 | 000,459,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab32.dll
[2011/08/09 11:40:46 | 000,249,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab32res.dll
[2011/08/09 11:40:46 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2011/08/09 11:40:46 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoeacct.dll
[2011/08/09 11:40:45 | 000,587,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2011/08/09 11:40:45 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schedsvc.dll
[2011/08/09 11:40:45 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup50.exe
[2011/08/09 11:40:45 | 000,057,344 | --S- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msimn.exe
[2011/08/09 11:40:44 | 000,250,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstask.dll
[2011/08/09 11:40:44 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2011/08/09 11:40:44 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstinit.exe
[2011/08/09 11:40:43 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledb32.dll
[2011/08/09 11:40:43 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sqlxmlx.dll
[2011/08/09 11:40:43 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdatl3.dll
[2011/08/09 11:40:42 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaps.dll
[2011/08/09 11:40:42 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaosp.dll
[2011/08/09 11:40:42 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxactps.dll
[2011/08/09 11:40:42 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdatt.dll
[2011/08/09 11:40:42 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaurl.dll
[2011/08/09 11:40:41 | 000,303,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasql.dll
[2011/08/09 11:40:41 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaora.dll
[2011/08/09 11:40:41 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasc.dll
[2011/08/09 11:40:41 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaer.dll
[2011/08/09 11:40:41 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaenum.dll
[2011/08/09 11:40:41 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdadc.dll
[2011/08/09 11:40:40 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadox.dll
[2011/08/09 11:40:40 | 000,159,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadomd.dll
[2011/08/09 11:40:40 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjro.dll
[2011/08/09 11:40:40 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado26.tlb
[2011/08/09 11:40:40 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadrh15.dll
[2011/08/09 11:40:40 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msador15.dll
[2011/08/09 11:40:39 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
[2011/08/09 11:40:39 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdarem.dll
[2011/08/09 11:40:39 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado25.tlb
[2011/08/09 11:40:39 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado21.tlb
[2011/08/09 11:40:39 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado20.tlb
[2011/08/09 11:40:39 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdfmap.dll
[2011/08/09 11:40:38 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2011/08/09 11:40:38 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaprst.dll
[2011/08/09 11:40:38 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadds.dll
[2011/08/09 11:40:38 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadco.dll
[2011/08/09 11:40:38 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcf.dll
[2011/08/09 11:40:38 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcs.dll
[2011/08/09 11:40:37 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hmmapi.dll
[2011/08/09 11:40:36 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2011/08/09 11:39:30 | 000,272,896 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2011/08/09 11:39:29 | 000,489,984 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll
[2011/08/09 11:39:29 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\accwiz.exe
[2011/08/09 11:39:29 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2011/08/09 11:39:29 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2011/08/09 11:39:29 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndrec32.exe
[2011/08/09 11:39:29 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\access.cpl
[2011/08/09 11:39:29 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2011/08/09 11:39:28 | 000,522,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dialer.exe
[2011/08/09 11:39:28 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2011/08/09 11:39:28 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcuiu.dll
[2011/08/09 11:39:28 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2011/08/09 11:39:28 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdshost.exe
[2011/08/09 11:39:28 | 000,020,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdtcp.sys
[2011/08/09 11:39:28 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2011/08/09 11:39:28 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qprocess.exe
[2011/08/09 11:39:28 | 000,011,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdpipe.sys
[2011/08/09 11:39:27 | 000,869,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2011/08/09 11:39:27 | 000,869,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtctm.dll
[2011/08/09 11:39:27 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci.dll
[2011/08/09 11:39:27 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxoci.dll
[2011/08/09 11:39:27 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2011/08/09 11:39:27 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xolehlp.dll
[2011/08/09 11:39:26 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2011/08/09 11:39:26 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtclog.dll
[2011/08/09 11:39:26 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.exe
[2011/08/09 11:39:26 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtc.exe
[2011/08/09 11:39:26 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dcomcnfg.exe
[2011/08/09 11:39:26 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2011/08/09 11:39:26 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrereg.exe
[2011/08/09 11:39:25 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrv.dll
[2011/08/09 11:39:25 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv.dll
[2011/08/09 11:39:25 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clbcatex.dll
[2011/08/09 11:39:25 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2011/08/09 11:39:25 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrvps.dll
[2011/08/09 11:39:25 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2011/08/09 11:39:25 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.dll
[2011/08/09 11:39:25 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2011/08/09 11:39:25 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2011/08/09 11:39:25 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact.dll
[2011/08/09 11:39:25 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2011/08/09 11:39:25 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stclient.dll
[2011/08/09 11:39:25 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comaddin.dll
[2011/08/09 11:39:25 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2011/08/09 11:39:25 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2011/08/09 11:39:25 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxlegih.dll
[2011/08/09 11:39:25 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2011/08/09 11:39:25 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxdm.dll
[2011/08/09 11:39:25 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2011/08/09 11:39:25 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxex.dll
[2011/08/09 11:39:24 | 000,495,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comuid.dll
[2011/08/09 11:39:24 | 000,495,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2011/08/09 11:39:24 | 000,468,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clbcatq.dll
[2011/08/09 11:39:24 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsnap.dll
[2011/08/09 11:39:24 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2011/08/09 11:39:23 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipdskq.dll
[2011/08/09 11:39:23 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiapsrv.exe
[2011/08/09 11:39:23 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiaprpl.dll
[2011/08/09 11:39:23 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipjobj.dll
[2011/08/09 11:39:23 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipiprt.dll
[2011/08/09 11:39:23 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiapres.dll
[2011/08/09 11:39:22 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiadap.exe
[2011/08/09 11:39:22 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcntl.dll
[2011/08/09 11:39:22 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.dll
[2011/08/09 11:39:22 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemtest.exe
[2011/08/09 11:39:22 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcons.dll
[2011/08/09 11:39:22 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemsvc.dll
[2011/08/09 11:39:21 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\provthrd.dll
[2011/08/09 11:39:21 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntevt.dll
[2011/08/09 11:39:21 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viewprov.dll
[2011/08/09 11:39:21 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrcons.exe
[2011/08/09 11:39:20 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\framedyn.dll
[2011/08/09 11:39:20 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmprops.dll
[2011/08/09 11:39:20 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2011/08/09 11:39:20 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2011/08/09 11:39:20 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\servdeps.dll
[2011/08/09 11:39:20 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\krnlprov.dll
[2011/08/09 11:39:20 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2011/08/09 11:39:20 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mmfutil.dll
[2011/08/09 11:39:19 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2011/08/09 11:39:19 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe
[2011/08/09 11:39:19 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2011/08/09 11:39:19 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe
[2011/08/09 11:39:18 | 000,534,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2011/08/09 11:39:18 | 000,534,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spider.exe
[2011/08/09 11:39:18 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clipbrd.exe
[2011/08/09 11:39:18 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2011/08/09 11:39:17 | 000,598,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2011/08/09 11:39:17 | 000,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstsc.exe
[2011/08/09 11:39:17 | 000,115,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/08/09 11:39:17 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2011/08/09 11:39:17 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscfgwmi.dll
[2011/08/09 11:39:17 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauserv.dll
[2011/08/09 11:39:16 | 000,200,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\termsrv.dll
[2011/08/09 11:39:16 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2011/08/09 11:39:16 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdchost.dll
[2011/08/09 11:39:16 | 000,129,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sessmgr.exe
[2011/08/09 11:39:16 | 000,075,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2011/08/09 11:39:16 | 000,075,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwsx.dll
[2011/08/09 11:39:16 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\remotepg.dll
[2011/08/09 11:39:16 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2011/08/09 11:39:16 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpclip.exe
[2011/08/09 11:39:16 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe
[2011/08/09 11:39:16 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscupgrd.exe
[2011/08/09 11:39:16 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2011/08/09 11:39:16 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpsnd.dll
[2011/08/09 11:39:16 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2011/08/09 11:39:16 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdsaddin.exe
[2011/08/09 11:39:15 | 000,582,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrvut.dll
[2011/08/09 11:39:15 | 000,582,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll
[2011/08/09 11:39:15 | 000,359,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2011/08/09 11:39:15 | 000,359,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcprx.dll
[2011/08/09 11:39:15 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comadmin.dll
[2011/08/09 11:39:15 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgbkend.dll
[2011/08/09 11:39:15 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2011/08/09 11:39:15 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll
[2011/08/09 11:39:15 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icaapi.dll
[2011/08/09 11:39:14 | 001,172,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsvcs.dll
[2011/08/09 11:39:14 | 001,172,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs.dll
[2011/08/09 11:39:14 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmisvc.dll
[2011/08/09 11:39:14 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiutils.dll
[2011/08/09 11:39:14 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipsess.dll
[2011/08/09 11:39:13 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipcima.dll
[2011/08/09 11:39:13 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmidcprv.dll
[2011/08/09 11:39:13 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprov.dll
[2011/08/09 11:39:13 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemupgd.dll
[2011/08/09 11:39:13 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmicookr.dll
[2011/08/09 11:39:12 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcore.dll
[2011/08/09 11:39:12 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemess.dll
[2011/08/09 11:39:12 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcomn.dll
[2011/08/09 11:39:12 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stdprov.dll
[2011/08/09 11:39:12 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemprox.dll
[2011/08/09 11:39:11 | 000,138,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\repdrvfs.dll
[2011/08/09 11:39:11 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mofd.dll
[2011/08/09 11:39:11 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ncprov.dll
[2011/08/09 11:39:11 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mofcomp.exe
[2011/08/09 11:39:10 | 001,267,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cimwin32.dll
[2011/08/09 11:39:10 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\esscli.dll
[2011/08/09 11:39:09 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2011/08/09 11:39:09 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licwmi.dll
[2011/08/09 11:21:20 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2011/08/09 11:21:20 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2011/08/09 11:19:36 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapi.cpl
[2011/08/09 11:19:35 | 000,696,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapi.dll
[2011/08/09 11:19:34 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0408.dll
[2011/08/09 11:19:34 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040e.dll
[2011/08/09 11:19:34 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt041f.dll
[2011/08/09 11:19:34 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0419.dll
[2011/08/09 11:19:34 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0415.dll
[2011/08/09 11:19:34 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0405.dll
[2011/08/09 11:19:30 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irenum.sys
[2011/08/09 11:19:29 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WINSPOOL.DRV
[2011/08/09 11:19:26 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2011/08/06 12:34:42 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DAVE\Desktop\OTL.exe
[2011/08/06 10:55:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/08/04 15:58:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2011/08/04 10:16:15 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2011/08/04 10:13:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/08/04 10:09:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAVE\Application Data\Malwarebytes
[2011/08/04 10:08:37 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/04 10:08:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/04 10:08:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/08/04 10:08:07 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/04 10:08:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/04 09:44:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/08/04 09:44:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/07/29 14:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2011/07/28 13:55:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAVE\Local Settings\Application Data\PhotoChannel
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/11 12:27:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4CE79A16-1219-4577-AE0A-F74FF62B600B}.job
[2011/08/11 12:23:34 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/08/11 12:21:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/11 12:16:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/11 11:22:41 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/10 09:44:03 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/10 09:33:46 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\DAVE\Desktop\Windows Explorer.lnk
[2011/08/09 16:36:14 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/09 16:36:14 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/09 16:31:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/09 16:30:20 | 000,000,263 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/08/09 16:19:51 | 000,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2011/08/09 16:19:50 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/08/09 16:19:50 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/08/09 16:19:49 | 000,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
[2011/08/09 16:19:38 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/08/09 16:18:06 | 000,022,744 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/08/09 16:16:22 | 000,000,375 | -HS- | M] () -- C:\boot.ini
[2011/08/09 14:52:25 | 000,116,227 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2011/08/09 14:50:33 | 000,001,326 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/09 13:11:03 | 004,168,373 | R--- | M] (Swearware) -- C:\Documents and Settings\DAVE\Desktop\ComboFix.exe
[2011/08/09 12:07:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/09 11:59:23 | 000,118,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/09 11:37:55 | 000,000,304 | -HS- | M] () -- C:\Boot.bak
[2011/08/06 12:34:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DAVE\Desktop\OTL.exe
[2011/08/06 12:34:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DAVE\Desktop\Copy of xOTL.exe
[2011/08/04 16:08:49 | 000,000,225 | ---- | M] () -- C:\WINDOWS\MYOBP.INI
[2011/08/04 16:08:30 | 000,000,119 | ---- | M] () -- C:\WINDOWS\SwDrvs.ini
[2011/08/04 16:08:30 | 000,000,039 | ---- | M] () -- C:\WINDOWS\MYOB.INI
[2011/08/04 10:08:45 | 000,000,834 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/04 09:44:39 | 000,018,916 | -HS- | M] () -- C:\Documents and Settings\DAVE\Local Settings\Application Data\b5qd4s4dm0c6py7b1st7v0i1v82y3085l6f0wt1
[2011/08/04 09:44:39 | 000,018,916 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\b5qd4s4dm0c6py7b1st7v0i1v82y3085l6f0wt1
[2011/08/03 16:16:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\htqd.exe
[2011/08/03 16:16:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\gqpc.exe
[2011/08/03 16:16:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\galm.exe
[2011/08/03 16:16:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\efkr.exe
[2011/07/27 18:01:42 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/07/20 13:57:14 | 000,000,841 | ---- | M] () -- C:\Documents and Settings\DAVE\Desktop\OpenOffice EXCEL.lnk
[2011/07/20 04:41:22 | 000,031,552 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
[2011/07/20 04:35:34 | 000,029,504 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/09 16:29:13 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/08/09 16:28:54 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/08/09 16:28:45 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/08/09 16:28:44 | 000,196,666 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/08/09 16:28:42 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/08/09 16:28:35 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/08/09 16:28:31 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/08/09 16:28:27 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2011/08/09 16:28:13 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/08/09 14:50:02 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/08/09 14:50:02 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/08/09 14:50:02 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/08/09 14:50:02 | 000,031,405 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2011/08/09 14:50:02 | 000,013,608 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2011/08/09 14:50:02 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/08/09 14:50:02 | 000,010,881 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2011/08/09 14:50:02 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/08/09 14:50:02 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2011/08/09 14:50:02 | 000,007,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/08/09 14:50:01 | 002,049,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2011/08/09 14:50:01 | 000,344,390 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2011/08/09 14:05:12 | 000,000,304 | -HS- | C] () -- C:\Boot.bak
[2011/08/09 14:05:10 | 000,245,920 | RHS- | C] () -- C:\cmldr
[2011/08/09 14:00:12 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/09 14:00:12 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/09 14:00:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/09 14:00:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/09 14:00:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/09 11:41:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2011/08/09 11:40:52 | 000,004,639 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2011/08/09 11:16:57 | 000,116,227 | ---- | C] () -- C:\WINDOWS\setupapi.old
[2011/08/04 10:08:45 | 000,000,834 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/03 16:16:51 | 000,018,916 | -HS- | C] () -- C:\Documents and Settings\DAVE\Local Settings\Application Data\b5qd4s4dm0c6py7b1st7v0i1v82y3085l6f0wt1
[2011/08/03 16:16:51 | 000,018,916 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\b5qd4s4dm0c6py7b1st7v0i1v82y3085l6f0wt1
[2011/08/03 16:16:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\htqd.exe
[2011/08/03 16:16:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\gqpc.exe
[2011/08/03 16:16:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\galm.exe
[2011/08/03 16:16:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\efkr.exe
[2011/07/27 18:06:35 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/07/20 13:57:14 | 000,000,841 | ---- | C] () -- C:\Documents and Settings\DAVE\Desktop\OpenOffice EXCEL.lnk
[2011/04/16 09:46:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/15 15:26:52 | 000,000,225 | ---- | C] () -- C:\WINDOWS\MYOBP.INI
[2011/04/15 15:26:52 | 000,000,119 | ---- | C] () -- C:\WINDOWS\SwDrvs.ini
[2011/04/15 15:26:52 | 000,000,039 | ---- | C] () -- C:\WINDOWS\MYOB.INI
[2010/01/07 20:44:22 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\DAVE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/07 20:37:44 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/01/07 20:26:22 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2010/01/07 19:07:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/01/07 19:00:09 | 000,022,744 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/01/07 13:54:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/01/07 13:53:45 | 000,118,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/07/16 16:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 16:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 16:44:10 | 000,004,573 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/07/16 16:44:08 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/07/16 16:41:25 | 000,311,604 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 16:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 16:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 16:41:21 | 000,039,992 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 16:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 16:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 16:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 16:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 16:26:37 | 000,001,740 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

< End of report >


OTL Extras logfile created on: 8/11/2011 12:26:37 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\DAVE\Desktop
Windows XP Home Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 83.55% Memory free
3.85 Gb Paging File | 3.61 Gb Available in Paging File | 93.81% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.49 Gb Total Space | 45.95 Gb Free Space | 64.27% Space Free | Partition Type: NTFS
Drive G: | 976.11 Mb Total Space | 621.56 Mb Free Space | 63.68% Space Free | Partition Type: FAT

Computer Name: DAVID-BLACK4600 | User Name: DAVE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1292428093-448539723-839522115-1004\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Setup.exe" = E:\Setup.exe:*:Enabled:Setup


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{27B1EB20-36B9-11DF-6784-088ACD3A18BE}" = InstaCode
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ie8" = Windows Internet Explorer 8
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft Security Client" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PROSet" = Intel® PRO Network Connections Drivers
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1292428093-448539723-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AOL Messaging Toolbar" = AOL Messaging Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/11/2011 11:15:43 AM | Computer Name = DAVID-BLACK4600 | Source = PerfNet | ID = 2005
Description = Unable to read performance data from the Server service. No Server
performance data will be returned in this sample. Error code returned is in data
DWORD 0, IOSB.Status is DWORD 1 and the IOSB.Information is DWORD 2.

Error - 8/11/2011 11:15:43 AM | Computer Name = DAVID-BLACK4600 | Source = PerfNet | ID = 2006
Description = Unable to read Server Queue performance data from the Server service.
No
Server Queue performance data will be returned in this sample. Error code returned
is in data DWORD 0, IOSB.Status is DWORD 1 and the IOSB.Information is DWORD 2.

Error - 8/11/2011 11:15:57 AM | Computer Name = DAVID-BLACK4600 | Source = Perflib | ID = 2002
Description = The open procedure for service "WmiApRpl" in DLL "C:\WINDOWS\System32\wbem\wmiaprpl.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

Error - 8/11/2011 11:23:14 AM | Computer Name = DAVID-BLACK4600 | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 8/11/2011 11:23:25 AM | Computer Name = DAVID-BLACK4600 | Source = Perflib | ID = 2002
Description = The open procedure for service "WmiApRpl" in DLL "C:\WINDOWS\System32\wbem\wmiaprpl.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

Error - 8/11/2011 11:27:03 AM | Computer Name = DAVID-BLACK4600 | Source = Application Error | ID = 1000
Description = Faulting application TuneUpUtilitiesService32.exe, version 10.0.4310.27,
faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 8/11/2011 11:34:14 AM | Computer Name = DAVID-BLACK4600 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80080005, P2 beginsearch, P3 search, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 8/11/2011 11:37:17 AM | Computer Name = DAVID-BLACK4600 | Source = Perflib | ID = 1015
Description = The timeout waiting for the performance data collection function "PerfDisk"
in
the "C:\WINDOWS\system32\perfdisk.dll" Library to finish has expired. There may
be a problem with this extensible counter or the service it is collecting data from
or the system may have been very busy when this call was attempted.

Error - 8/11/2011 12:18:39 PM | Computer Name = DAVID-BLACK4600 | Source = Perflib | ID = 1015
Description = The timeout waiting for the performance data collection function "Spooler"
in
the "C:\WINDOWS\system32\winspool.drv" Library to finish has expired. There may
be a problem with this extensible counter or the service it is collecting data from
or the system may have been very busy when this call was attempted.

Error - 8/11/2011 12:23:35 PM | Computer Name = DAVID-BLACK4600 | Source = Application Error | ID = 1000
Description = Faulting application TuneUpUtilitiesService32.exe, version 10.0.4310.27,
faulting module unknown, version 0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 8/11/2011 12:25:01 PM | Computer Name = DAVID-BLACK4600 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Schedule service.

Error - 8/11/2011 12:25:31 PM | Computer Name = DAVID-BLACK4600 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the ShellHWDetection service.

Error - 8/11/2011 12:26:01 PM | Computer Name = DAVID-BLACK4600 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Schedule service.

Error - 8/11/2011 12:26:31 PM | Computer Name = DAVID-BLACK4600 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WZCSVC service.

Error - 8/11/2011 12:27:01 PM | Computer Name = DAVID-BLACK4600 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Schedule service.

Error - 8/11/2011 12:27:31 PM | Computer Name = DAVID-BLACK4600 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the AudioSrv service.

Error - 8/11/2011 12:28:01 PM | Computer Name = DAVID-BLACK4600 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Schedule service.

Error - 8/11/2011 12:28:31 PM | Computer Name = DAVID-BLACK4600 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the ShellHWDetection service.

Error - 8/11/2011 12:29:01 PM | Computer Name = DAVID-BLACK4600 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Schedule service.

Error - 8/11/2011 12:29:31 PM | Computer Name = DAVID-BLACK4600 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the AudioSrv service.


< End of report >

[SweetTech]

Hi!

Thanks for posting the GMER Log.

It's showing me the exact infection I was thinking you had which is a TDL4 infection.

We'll run a utility now to deal with that infection.

You should be aware of the following;

One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.

I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



The main infection that you were infected with is called TDL4.

You can read more about this infection here:

• TDL4 Rootkit - Bootkit
• TDSS: Rootkit technologies from the beginning
• TDL3: The Rootkit of All Evil?
• Backdoor.Tdss.565
• TDL3: Part I A detailed analysis of TDL rootkit 3rd generation

Special thanks to quietman7 for providing the above links.



NEXT:


Running TDSSKiller

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
  
  
  
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
  
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
  
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
  
  
  
• If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

NEXT:



OTL Fix

We need to run an OTL Fix

• Please reopen on your desktop.
• Copy and Paste the following code into the textbox.
  

  :Services
  :Processes
  KILLALLPROCESSES
  :OTL
  [2011/08/04 09:44:39 | 000,018,916 | -HS- | M] () -- C:\Documents and Settings\DAVE\Local Settings\Application Data\b5qd4s4dm0c6py7b1st7v0i1v82y3085l6f0wt1
  [2011/08/04 09:44:39 | 000,018,916 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\b5qd4s4dm0c6py7b1st7v0i1v82y3085l6f0wt1
  [2011/08/03 16:16:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\htqd.exe
  [2011/08/03 16:16:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\gqpc.exe
  [2011/08/03 16:16:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\galm.exe
  [2011/08/03 16:16:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\efkr.exe
  :Reg
  
  :Files
  echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
  ipconfig /flushdns /c
  :Commands
  [purity]
  [resethosts]
  [CreateRestorePoint]
  [EMPTYFLASH]
  

• Push
• OTL may ask to reboot the machine. Please do so if asked.
• Click the OK button.
• A report will open. Copy and Paste that report in your next reply.
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

[njlock]

Thanks, again for your help, Yes I'd like to try to salvage this to use as a basic home computer.

2011/08/11 13:38:51.0765 3400 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/11 13:38:52.0000 3400 ================================================================================
2011/08/11 13:38:52.0000 3400 SystemInfo:
2011/08/11 13:38:52.0000 3400
2011/08/11 13:38:52.0015 3400 OS Version: 5.1.2600 ServicePack: 1.0
2011/08/11 13:38:52.0015 3400 Product type: Workstation
2011/08/11 13:38:52.0015 3400 ComputerName: DAVID-BLACK4600
2011/08/11 13:38:52.0015 3400 UserName: DAVE
2011/08/11 13:38:52.0015 3400 Windows directory: C:\WINDOWS
2011/08/11 13:38:52.0015 3400 System windows directory: C:\WINDOWS
2011/08/11 13:38:52.0015 3400 Processor architecture: Intel x86
2011/08/11 13:38:52.0015 3400 Number of processors: 2
2011/08/11 13:38:52.0015 3400 Page size: 0x1000
2011/08/11 13:38:52.0015 3400 Boot type: Normal boot
2011/08/11 13:38:52.0015 3400 ================================================================================
2011/08/11 13:38:53.0109 3400 Initialize success
2011/08/11 13:39:06.0203 3456 ================================================================================
2011/08/11 13:39:06.0203 3456 Scan started
2011/08/11 13:39:06.0203 3456 Mode: Manual;
2011/08/11 13:39:06.0203 3456 ================================================================================
2011/08/11 13:39:06.0734 3456 ACPI (94ddd4b3acbd7a9558e1762cd58386f9) C:\WINDOWS\System32\DRIVERS\ACPI.sys
2011/08/11 13:39:06.0843 3456 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\System32\drivers\ACPIEC.sys
2011/08/11 13:39:06.0984 3456 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\System32\drivers\aeaudio.sys
2011/08/11 13:39:07.0125 3456 aec (ff773feda15e8bd97fd54fe87a0acdbe) C:\WINDOWS\System32\drivers\aec.sys
2011/08/11 13:39:07.0250 3456 AFD (51b1872b62d1c335bac53313913c8d5b) C:\WINDOWS\System32\drivers\afd.sys
2011/08/11 13:39:07.0375 3456 agp440 (65880045c51aa36184841cee915a61df) C:\WINDOWS\System32\DRIVERS\agp440.sys
2011/08/11 13:39:07.0968 3456 AsyncMac (03f403b07a884fc2aa54a0916c410931) C:\WINDOWS\System32\DRIVERS\asyncmac.sys
2011/08/11 13:39:08.0093 3456 atapi (95b858761a00e1d4f81f79a0da019aca) C:\WINDOWS\System32\DRIVERS\atapi.sys
2011/08/11 13:39:08.0281 3456 Atmarpc (8d735ca1cbdb0081b0e3b9ff0eb222d0) C:\WINDOWS\System32\DRIVERS\atmarpc.sys
2011/08/11 13:39:08.0437 3456 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\System32\DRIVERS\audstub.sys
2011/08/11 13:39:08.0546 3456 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\System32\drivers\Beep.sys
2011/08/11 13:39:08.0859 3456 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\drivers\cbidf2k.sys
2011/08/11 13:39:09.0000 3456 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\System32\drivers\Cdaudio.sys
2011/08/11 13:39:09.0125 3456 Cdfs (049a38451f2611caf2fd528e023a0b5a) C:\WINDOWS\System32\drivers\Cdfs.sys
2011/08/11 13:39:09.0218 3456 Cdrom (6506e033ad04cfec9ee56dbefd1083dd) C:\WINDOWS\System32\DRIVERS\cdrom.sys
2011/08/11 13:39:09.0765 3456 Disk (d1b16340ceaceecbf52340a0cbdf43e1) C:\WINDOWS\System32\DRIVERS\disk.sys
2011/08/11 13:39:09.0953 3456 dmboot (e18132d39407aadca6b1d19adf408a8a) C:\WINDOWS\System32\drivers\dmboot.sys
2011/08/11 13:39:10.0093 3456 dmio (aca44e9a8e2ff7c833664263c8478629) C:\WINDOWS\System32\drivers\dmio.sys
2011/08/11 13:39:10.0218 3456 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\System32\drivers\dmload.sys
2011/08/11 13:39:10.0296 3456 DMusic (ef05974d47d56fa8387f170f05bae5e7) C:\WINDOWS\System32\drivers\DMusic.sys
2011/08/11 13:39:10.0468 3456 drmkaud (fd859e517fa2abb53654afa7ec9e3a94) C:\WINDOWS\System32\drivers\drmkaud.sys
2011/08/11 13:39:10.0578 3456 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\System32\DRIVERS\e100b325.sys
2011/08/11 13:39:10.0687 3456 Fastfat (e4a3a8f3e60b542a747b10e86faa5dad) C:\WINDOWS\System32\drivers\Fastfat.sys
2011/08/11 13:39:10.0765 3456 Fdc (19c5c7eac0190a42522290bf002f64ea) C:\WINDOWS\System32\DRIVERS\fdc.sys
2011/08/11 13:39:10.0859 3456 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\System32\drivers\Fips.sys
2011/08/11 13:39:10.0937 3456 Flpydisk (8f70d1f7606f7442e2f7383f3701d728) C:\WINDOWS\System32\drivers\Flpydisk.sys
2011/08/11 13:39:11.0250 3456 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\System32\drivers\fltmgr.sys
2011/08/11 13:39:11.0515 3456 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\System32\drivers\Fs_Rec.sys
2011/08/11 13:39:11.0609 3456 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\System32\DRIVERS\ftdisk.sys
2011/08/11 13:39:11.0703 3456 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys
2011/08/11 13:39:11.0812 3456 Gpc (13591e0a02e85de2a388f3ec4bd206df) C:\WINDOWS\System32\DRIVERS\msgpc.sys
2011/08/11 13:39:12.0281 3456 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\System32\DRIVERS\hidusb.sys
2011/08/11 13:39:12.0437 3456 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\System32\Drivers\HTTP.sys
2011/08/11 13:39:12.0609 3456 i8042prt (7080f46568108cc6ea73e460ee6ee702) C:\WINDOWS\System32\DRIVERS\i8042prt.sys
2011/08/11 13:39:12.0703 3456 Imapi (3cb4410747f2330d97b10b656d5bb2ac) C:\WINDOWS\System32\DRIVERS\imapi.sys
2011/08/11 13:39:12.0859 3456 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\System32\DRIVERS\IntelC51.sys
2011/08/11 13:39:13.0171 3456 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\System32\DRIVERS\IntelC52.sys
2011/08/11 13:39:13.0453 3456 IntelC53 (de2686c0e012e6ae24acd6e79eb7ff5d) C:\WINDOWS\System32\DRIVERS\IntelC53.sys
2011/08/11 13:39:13.0562 3456 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\System32\DRIVERS\intelppm.sys
2011/08/11 13:39:13.0640 3456 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\System32\drivers\ip6fw.sys
2011/08/11 13:39:13.0718 3456 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
2011/08/11 13:39:13.0796 3456 IpInIp (f56dd863ba732a4e8ee58d486c31250f) C:\WINDOWS\System32\DRIVERS\ipinip.sys
2011/08/11 13:39:13.0859 3456 IpNat (fc672ad6e9676814a0c844912f2abcff) C:\WINDOWS\System32\DRIVERS\ipnat.sys
2011/08/11 13:39:13.0953 3456 IPSec (1c4802409cfd4a7051f458b744cfcaa5) C:\WINDOWS\System32\DRIVERS\ipsec.sys
2011/08/11 13:39:14.0031 3456 IRENUM (b43201394646b7e98c89056edda686b5) C:\WINDOWS\System32\DRIVERS\irenum.sys
2011/08/11 13:39:14.0140 3456 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\System32\DRIVERS\isapnp.sys
2011/08/11 13:39:14.0437 3456 Kbdclass (1e7f78c2fc393356cd884c6fde7966f9) C:\WINDOWS\System32\DRIVERS\kbdclass.sys
2011/08/11 13:39:14.0703 3456 kbdhid (4e33c6dea3bcc50776f02a1c1ae28671) C:\WINDOWS\System32\DRIVERS\kbdhid.sys
2011/08/11 13:39:14.0812 3456 kmixer (10e0feb086d8c1419b958c9034e4668a) C:\WINDOWS\System32\drivers\kmixer.sys
2011/08/11 13:39:14.0921 3456 KSecDD (abc70e8b89cce44731a346deb764bf95) C:\WINDOWS\System32\drivers\KSecDD.sys
2011/08/11 13:39:15.0031 3456 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys
2011/08/11 13:39:15.0109 3456 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\System32\drivers\mnmdd.sys
2011/08/11 13:39:15.0234 3456 Modem (7760873e4ec17f288e61f00044dea000) C:\WINDOWS\System32\drivers\Modem.sys
2011/08/11 13:39:15.0312 3456 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\System32\drivers\MODEMCSA.sys
2011/08/11 13:39:15.0390 3456 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\System32\DRIVERS\mohfilt.sys
2011/08/11 13:39:15.0484 3456 Mouclass (81fb25d6ee5e0728d2c0630c58d7d908) C:\WINDOWS\System32\DRIVERS\mouclass.sys
2011/08/11 13:39:15.0578 3456 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\System32\DRIVERS\mouhid.sys
2011/08/11 13:39:15.0687 3456 MountMgr (d4face53a1c48cf8419b4cf494d2ee2e) C:\WINDOWS\System32\drivers\MountMgr.sys
2011/08/11 13:39:15.0765 3456 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\System32\DRIVERS\MpFilter.sys
2011/08/11 13:39:15.0906 3456 MpKsl7c58938c (5f53edfead46fa7adb78eee9ecce8fdf) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05350E50-1F42-40F4-A0F0-D18BC43B4814}\MpKsl7c58938c.sys
2011/08/11 13:39:16.0187 3456 MRxDAV (d30cba20cc355d3648b9fed5bb55a9d5) C:\WINDOWS\System32\DRIVERS\mrxdav.sys
2011/08/11 13:39:16.0296 3456 MRxSmb (7a3a2be44e12e2abde1af891e83ac130) C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
2011/08/11 13:39:16.0468 3456 Msfs (a1831538e119363d0d90d757ac8a2012) C:\WINDOWS\System32\drivers\Msfs.sys
2011/08/11 13:39:16.0562 3456 MSKSSRV (9686ded76afb73b48905c77a002c3ad5) C:\WINDOWS\System32\drivers\MSKSSRV.sys
2011/08/11 13:39:16.0671 3456 MSPCLOCK (bd8a0dcf208c27e20416bf9e8aed9cf9) C:\WINDOWS\System32\drivers\MSPCLOCK.sys
2011/08/11 13:39:16.0750 3456 MSPQM (f6a726b8832db1f88326b8be98b11981) C:\WINDOWS\System32\drivers\MSPQM.sys
2011/08/11 13:39:16.0859 3456 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\System32\DRIVERS\mssmbios.sys
2011/08/11 13:39:16.0937 3456 Mup (08c56887f06473b09fc1b39e7dec0fb6) C:\WINDOWS\System32\drivers\Mup.sys
2011/08/11 13:39:17.0078 3456 NDIS (09b38768036508b51564201afb000950) C:\WINDOWS\System32\drivers\NDIS.sys
2011/08/11 13:39:17.0156 3456 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\System32\DRIVERS\ndistapi.sys
2011/08/11 13:39:17.0234 3456 Ndisuio (ac136fdc051a57e5f8f93694fce2b240) C:\WINDOWS\System32\DRIVERS\ndisuio.sys
2011/08/11 13:39:17.0312 3456 NdisWan (15787deca8c5428beeaa8044f544fd85) C:\WINDOWS\System32\DRIVERS\ndiswan.sys
2011/08/11 13:39:17.0656 3456 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\System32\drivers\NDProxy.sys
2011/08/11 13:39:17.0937 3456 NetBIOS (e351339fa17c4a70940e15b5e3dae6e2) C:\WINDOWS\System32\DRIVERS\netbios.sys
2011/08/11 13:39:18.0031 3456 NetBT (d96f3bc5a6e7452b0e3275b560dc8528) C:\WINDOWS\System32\DRIVERS\netbt.sys
2011/08/11 13:39:18.0140 3456 Npfs (20aba9f035e3a98877480e34fcc4dcb3) C:\WINDOWS\System32\drivers\Npfs.sys
2011/08/11 13:39:18.0265 3456 Ntfs (e3ae9c79498210a5f39fe5a9ad62bc55) C:\WINDOWS\System32\drivers\Ntfs.sys
2011/08/11 13:39:18.0390 3456 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\System32\drivers\Null.sys
2011/08/11 13:39:18.0734 3456 nv (1685a86ce8dc5a70d307dca625fb50e7) C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
2011/08/11 13:39:19.0000 3456 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys
2011/08/11 13:39:19.0093 3456 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys
2011/08/11 13:39:19.0187 3456 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2011/08/11 13:39:19.0265 3456 Parport (67fd105f525a94c0246c9088e85a2f3b) C:\WINDOWS\System32\DRIVERS\parport.sys
2011/08/11 13:39:19.0359 3456 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\System32\drivers\PartMgr.sys
2011/08/11 13:39:19.0828 3456 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\System32\drivers\ParVdm.sys
2011/08/11 13:39:19.0937 3456 PCI (9390447f3b1be5064a3ebe98c555a1e5) C:\WINDOWS\System32\DRIVERS\pci.sys
2011/08/11 13:39:20.0031 3456 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\System32\DRIVERS\pciide.sys
2011/08/11 13:39:20.0171 3456 Pcmcia (4ca446e011e2f61ac45eb2e3bc3f1584) C:\WINDOWS\System32\drivers\Pcmcia.sys
2011/08/11 13:39:20.0546 3456 PptpMiniport (fed674d73eb56c35444f701e847bf85b) C:\WINDOWS\System32\DRIVERS\raspptp.sys
2011/08/11 13:39:20.0656 3456 Processor (0f8a31ab9d8963f66ad93d3f69a1914c) C:\WINDOWS\System32\DRIVERS\processr.sys
2011/08/11 13:39:20.0750 3456 PSched (944440247fe6988c88b376ed85a0cd1a) C:\WINDOWS\System32\DRIVERS\psched.sys
2011/08/11 13:39:20.0828 3456 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\System32\DRIVERS\ptilink.sys
2011/08/11 13:39:21.0437 3456 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\System32\DRIVERS\rasacd.sys
2011/08/11 13:39:21.0515 3456 Rasl2tp (4c242c79a9c0d98d52d6f8cb9248d528) C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
2011/08/11 13:39:21.0640 3456 RasPppoe (888335b3be346119cf7b4eff3a3fca7c) C:\WINDOWS\System32\DRIVERS\raspppoe.sys
2011/08/11 13:39:21.0734 3456 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\System32\DRIVERS\raspti.sys
2011/08/11 13:39:21.0812 3456 Rdbss (df80c149c96fcfbb8a3dc3d5dd950aa8) C:\WINDOWS\System32\DRIVERS\rdbss.sys
2011/08/11 13:39:21.0921 3456 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
2011/08/11 13:39:22.0015 3456 RDPWD (0606700377b6fb8b04475e92507adade) C:\WINDOWS\System32\drivers\RDPWD.sys
2011/08/11 13:39:22.0125 3456 redbook (ab56d6ed4e86d2b6f819a24a070f35f7) C:\WINDOWS\System32\DRIVERS\redbook.sys
2011/08/11 13:39:22.0250 3456 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\System32\DRIVERS\secdrv.sys
2011/08/11 13:39:22.0312 3456 serenum (65a7c4d86c153c82e33a552c217abb29) C:\WINDOWS\System32\DRIVERS\serenum.sys
2011/08/11 13:39:22.0437 3456 Serial (dc7cbfec14b1b38bcf32aba922ffeaad) C:\WINDOWS\System32\DRIVERS\serial.sys
2011/08/11 13:39:22.0546 3456 Sfloppy (4e1b8866f3d208dee3906a191cb493e3) C:\WINDOWS\System32\drivers\Sfloppy.sys
2011/08/11 13:39:22.0703 3456 smwdm (5018a9db5eb62e3edb3110f82f556285) C:\WINDOWS\System32\drivers\smwdm.sys
2011/08/11 13:39:22.0843 3456 splitter (32c54211e9e8a45cbcb097beaeb1999a) C:\WINDOWS\System32\drivers\splitter.sys
2011/08/11 13:39:22.0953 3456 sr (cd952661dbdf31c42e325a06bc67fd0e) C:\WINDOWS\System32\DRIVERS\sr.sys
2011/08/11 13:39:23.0031 3456 Srv (94619eb663216f9bf12f9b950fcab3c0) C:\WINDOWS\System32\DRIVERS\srv.sys
2011/08/11 13:39:23.0156 3456 swenum (064740c5c02de46723c4b8200ee876df) C:\WINDOWS\System32\DRIVERS\swenum.sys
2011/08/11 13:39:23.0250 3456 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\System32\drivers\swmidi.sys
2011/08/11 13:39:23.0531 3456 sysaudio (b0b19f036f76333ab3338c7493e87b12) C:\WINDOWS\System32\drivers\sysaudio.sys
2011/08/11 13:39:23.0656 3456 Tcpip (244a2f9816bc9b593957281ef577d976) C:\WINDOWS\System32\DRIVERS\tcpip.sys
2011/08/11 13:39:23.0781 3456 TDPIPE (1a96630babbd59e8b885eae0dfbe6a3e) C:\WINDOWS\System32\drivers\TDPIPE.sys
2011/08/11 13:39:23.0843 3456 TDTCP (d1c578c6b37713694c5edd7c2d7f7451) C:\WINDOWS\System32\drivers\TDTCP.sys
2011/08/11 13:39:23.0921 3456 TermDD (194c51bc28a7ce9818012142b062e431) C:\WINDOWS\System32\DRIVERS\termdd.sys
2011/08/11 13:39:24.0312 3456 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
2011/08/11 13:39:24.0609 3456 Udfs (01ca8ec606522d2f60820b0c0086fdd5) C:\WINDOWS\System32\drivers\Udfs.sys
2011/08/11 13:39:24.0765 3456 Update (164cfae1d766905f56c432acfc54f28c) C:\WINDOWS\System32\DRIVERS\update.sys
2011/08/11 13:39:24.0875 3456 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\System32\Drivers\usbaapl.sys
2011/08/11 13:39:25.0359 3456 usbccgp (79fee3cfec5b14194dbe0a703d82b2a4) C:\WINDOWS\System32\DRIVERS\usbccgp.sys
2011/08/11 13:39:25.0421 3456 usbehci (2d0c2f3836f72e85d41d9c50aeeb5423) C:\WINDOWS\System32\DRIVERS\usbehci.sys
2011/08/11 13:39:25.0500 3456 usbhub (d7bf70ac85e48b6c4df953401eccb75a) C:\WINDOWS\System32\DRIVERS\usbhub.sys
2011/08/11 13:39:25.0578 3456 usbprint (c9a83be290c89730ae59f6c3085f072d) C:\WINDOWS\System32\DRIVERS\usbprint.sys
2011/08/11 13:39:25.0703 3456 usbscan (7691af2109474eb923004f3dca4c9559) C:\WINDOWS\System32\DRIVERS\usbscan.sys
2011/08/11 13:39:25.0781 3456 USBSTOR (4923c60f9c381eae679db04021d26abb) C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
2011/08/11 13:39:25.0859 3456 usbuhci (49ec068278d85bc1e20ac7f3d315e940) C:\WINDOWS\System32\DRIVERS\usbuhci.sys
2011/08/11 13:39:25.0921 3456 VgaSave (08d2edfd7261242b8aea27f1fe11e120) C:\WINDOWS\System32\drivers\vga.sys
2011/08/11 13:39:26.0046 3456 VolSnap (6fdc9523ef81617cf5028f47fcaf0fbe) C:\WINDOWS\System32\drivers\VolSnap.sys
2011/08/11 13:39:26.0156 3456 Wanarp (484af08f15d1306ff2e8b64fe62a160c) C:\WINDOWS\System32\DRIVERS\wanarp.sys
2011/08/11 13:39:26.0703 3456 wdmaud (499b653356a9e5589ee83ac47e5d2a8c) C:\WINDOWS\System32\drivers\wdmaud.sys
2011/08/11 13:39:26.0828 3456 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\System32\DRIVERS\WudfPf.sys
2011/08/11 13:39:26.0875 3456 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\System32\DRIVERS\wudfrd.sys
2011/08/11 13:39:26.0921 3456 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
2011/08/11 13:39:26.0921 3456 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/08/11 13:39:26.0937 3456 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR3
2011/08/11 13:39:26.0937 3456 Boot (0x1200) (b2e968637cbaba5a1494ae36dad517c6) \Device\Harddisk0\DR0\Partition0
2011/08/11 13:39:26.0953 3456 Boot (0x1200) (de11325ecf8253232c7a6e726cfd0fcf) \Device\Harddisk1\DR3\Partition0
2011/08/11 13:39:26.0968 3456 ================================================================================
2011/08/11 13:39:26.0968 3456 Scan finished
2011/08/11 13:39:26.0968 3456 ================================================================================
2011/08/11 13:39:26.0968 3448 Detected object count: 1
2011/08/11 13:39:26.0968 3448 Actual detected object count: 1
2011/08/11 13:39:37.0687 3448 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/08/11 13:39:37.0687 3448 \Device\Harddisk0\DR0 - ok
2011/08/11 13:39:37.0687 3448 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/08/11 13:40:26.0937 3396 Deinitialize success


========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
All processes killed
========== OTL ==========
C:\Documents and Settings\DAVE\Local Settings\Application Data\b5qd4s4dm0c6py7b1st7v0i1v82y3085l6f0wt1 moved successfully.
C:\Documents and Settings\All Users\Application Data\b5qd4s4dm0c6py7b1st7v0i1v82y3085l6f0wt1 moved successfully.
C:\Documents and Settings\All Users\Application Data\htqd.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\gqpc.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\galm.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\efkr.exe moved successfully.
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?
C:\Documents and Settings\DAVE\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\DAVE\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\DAVE\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\DAVE\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully
Restore point Set: OTL Restore Point (4294967296)

[EMPTYFLASH]

User: All Users

User: DAVE
->Flash cache emptied: 668 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 08112011_135703

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[SweetTech]

Hi!

Yep, that found the TDL4 culprit.

Lets try to run a scan with ComboFix now.


Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

• IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  
  Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
  
• Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

[njlock]

not much diffrence,, still blocked from ms updates and my ms essentials is locked down

ComboFix 11-08-12.01 - DAVE 08/12/2011 15:21:08.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.2047.1649 [GMT -4:00]
Running from: c:\documents and settings\DAVE\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\DAVE\GoToAssistDownloadHelper.exe
c:\documents and settings\DAVE\Local Settings\Application Data\odlq.exe
c:\documents and settings\DAVE\Local Settings\Application Data\txpi.exe
c:\documents and settings\DAVE\Local Settings\Application Data\uqki.exe
c:\documents and settings\DAVE\Local Settings\Application Data\vddw.exe
c:\program files\Internet Explorer\SET65.tmp
c:\program files\Internet Explorer\SET6A.tmp
c:\program files\messenger\msmsgsin.exe
c:\windows\system32\_003509_.tmp.dll
c:\windows\system32\_003510_.tmp.dll
c:\windows\system32\_003511_.tmp.dll
c:\windows\system32\_003512_.tmp.dll
.
-- Previous Run --
.
Infected copy of c:\windows\system32\qmgr.dll was found and disinfected
Restored copy from - c:\windows\$NtUninstallKB842773$\qmgr.dll
.
--------
.
Infected copy of c:\windows\system32\qmgr.dll was found and disinfected
Restored copy from - c:\windows\$NtUninstallKB842773$\qmgr.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Service_6to4
-------\Legacy_6TO4
-------\Service_6to4
.
.
((((((((((((((((((((((((( Files Created from 2011-07-12 to 2011-08-12 )))))))))))))))))))))))))))))))
.
.
2011-08-11 18:11 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F1040424-9CBC-48F0-BCE6-6A5D82D56297}\mpengine.dll
2011-08-10 13:42 . 2011-08-10 13:42 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft
2011-08-09 20:48 . 2011-08-09 20:48 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\PCHealth
2011-08-09 20:29 . 2001-08-18 02:36 7168 -c--a-w- c:\windows\system32\dllcache\EXCH_snprfdll.dll
2011-08-09 20:29 . 2001-08-18 02:36 9728 -c--a-w- c:\windows\system32\dllcache\EXCH_smtpapi.dll
2011-08-09 20:29 . 2001-08-18 02:36 12288 -c--a-w- c:\windows\system32\dllcache\EXCH_smtpctrs.dll
2011-08-09 20:29 . 2001-08-18 02:36 57856 -c--a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2011-08-09 20:29 . 2001-08-18 02:36 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2011-08-09 20:29 . 2001-08-18 02:36 205824 -c--a-w- c:\windows\system32\dllcache\EXCH_seo.dll
2011-08-09 20:29 . 2001-08-18 02:36 9216 -c--a-w- c:\windows\system32\dllcache\EXCH_rwnh.dll
2011-08-09 20:29 . 2001-08-18 02:36 23040 -c--a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe
2011-08-09 20:29 . 2001-08-18 02:36 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2011-08-09 20:27 . 2002-05-14 16:08 208896 -c--a-w- c:\windows\system32\dllcache\fpmmcsat.dll
2011-08-09 20:18 . 2003-07-16 20:48 40960 ----a-w- c:\program files\Internet Explorer\Connection Wizard\trialoc.dll
2011-08-09 20:18 . 2003-07-16 20:30 45056 -c--a-w- c:\windows\system32\dllcache\icwutil.dll
2011-08-09 20:18 . 2003-07-16 20:30 45056 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwutil.dll
2011-08-09 20:18 . 2003-07-16 20:30 24576 -c--a-w- c:\windows\system32\dllcache\icwrmind.exe
2011-08-09 20:18 . 2003-07-16 20:30 24576 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwrmind.exe
2011-08-09 20:18 . 2003-07-16 20:30 61440 -c--a-w- c:\windows\system32\dllcache\icwres.dll
2011-08-09 20:18 . 2003-07-16 20:30 61440 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwres.dll
2011-08-09 20:18 . 2003-07-16 20:30 73728 -c--a-w- c:\windows\system32\dllcache\icwtutor.exe
2011-08-09 20:18 . 2003-07-16 20:30 73728 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwtutor.exe
2011-08-09 20:18 . 2003-07-16 20:30 155648 -c--a-w- c:\windows\system32\dllcache\icwhelp.dll
2011-08-09 20:18 . 2003-07-16 20:30 155648 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwhelp.dll
2011-08-09 20:18 . 2003-07-16 20:30 57344 -c--a-w- c:\windows\system32\dllcache\icwconn.dll
2011-08-09 20:18 . 2003-07-16 20:30 57344 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn.dll
2011-08-09 20:17 . 2003-07-16 20:53 189440 ----a-w- c:\windows\system32\wuaueng.dll
2011-08-09 20:17 . 2003-07-16 20:53 139776 ----a-w- c:\windows\system32\wuauclt.exe
2011-08-09 20:12 . 2003-07-16 20:46 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-08-09 20:12 . 2003-07-16 20:30 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-08-09 20:12 . 2003-07-16 20:30 13312 ----a-w- c:\windows\system32\irclass.dll
2011-08-09 20:12 . 2003-07-16 20:54 7046 ----a-r- c:\windows\SET4F.tmp
2011-08-09 20:12 . 2003-07-16 20:30 13608 ----a-r- c:\windows\SET3C.tmp
2011-08-09 20:12 . 2003-07-16 20:39 1086182 ----a-r- c:\windows\SET30.tmp
2011-08-09 18:49 . 2003-07-16 20:54 7046 ----a-r- c:\windows\SET63.tmp
2011-08-09 18:49 . 2003-07-16 20:30 13608 ----a-r- c:\windows\SET51.tmp
2011-08-09 18:49 . 2003-07-16 20:39 1086182 ----a-r- c:\windows\SET45.tmp
2011-08-09 16:51 . 2011-08-09 16:51 -------- d-----w- C:\_OTL
2011-08-09 15:50 . 2004-08-04 07:56 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-08-09 15:50 . 2011-08-09 15:50 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft
2011-08-09 15:40 . 2003-07-16 20:42 17408 ----a-w- c:\windows\system32\qmgrprxy.dll
2011-08-09 15:39 . 2003-07-16 20:41 272896 ----a-w- c:\program files\Windows NT\Pinball\PINBALL.EXE
2011-08-09 15:38 . 2002-08-29 05:06 182400 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2011-08-09 15:37 . 2001-08-17 17:59 50048 ----a-w- c:\windows\system32\drivers\DMusic.sys
2011-08-09 15:37 . 2002-08-29 05:32 5888 ----a-w- c:\windows\system32\drivers\splitter.sys
2011-08-09 15:36 . 2002-08-29 05:27 56576 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-08-09 15:21 . 2001-08-18 02:37 117248 ----a-w- c:\windows\system32\ksproxy.ax
2011-08-09 15:21 . 2001-08-18 02:36 4096 ----a-w- c:\windows\system32\ksuser.dll
2011-08-09 15:20 . 2002-08-29 07:46 38024 ----a-w- c:\windows\system32\drivers\termdd.sys
2011-08-09 15:19 . 2003-07-16 20:43 696320 ----a-w- c:\program files\Common Files\Microsoft Shared\Speech\sapi.dll
2011-08-09 15:19 . 2003-07-16 20:24 19456 -c--a-w- c:\windows\system32\dllcache\agt041f.dll
2011-08-09 15:19 . 2003-07-16 20:24 19456 -c--a-w- c:\windows\system32\dllcache\agt0419.dll
2011-08-09 15:19 . 2003-07-16 20:24 19456 -c--a-w- c:\windows\system32\dllcache\agt0415.dll
2011-08-09 15:19 . 2003-07-16 20:24 19968 -c--a-w- c:\windows\system32\dllcache\agt040e.dll
2011-08-09 15:19 . 2003-07-16 20:23 22016 -c--a-w- c:\windows\system32\dllcache\agt0408.dll
2011-08-09 15:19 . 2003-07-16 20:23 19456 -c--a-w- c:\windows\system32\dllcache\agt0405.dll
2011-08-09 15:19 . 2003-07-16 20:30 10496 ----a-w- c:\windows\system32\drivers\irenum.sys
2011-08-09 15:19 . 2003-07-16 20:51 132096 ----a-w- c:\windows\system\WINSPOOL.DRV
2011-08-09 15:19 . 2002-08-29 07:41 71168 ----a-w- c:\windows\system32\storprop.dll
2011-08-06 14:55 . 2011-08-06 14:56 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-08-04 14:16 . 2011-07-20 08:35 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-08-04 14:09 . 2011-08-04 14:09 -------- d-----w- c:\documents and settings\DAVE\Application Data\Malwarebytes
2011-08-04 14:08 . 2011-07-08 11:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-04 14:08 . 2011-08-04 14:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-04 14:08 . 2011-07-08 11:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-04 14:08 . 2011-08-04 14:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-04 13:44 . 2011-08-04 13:44 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-07-29 18:04 . 2011-08-06 18:25 -------- d-----w- c:\program files\Coupons
2011-07-28 17:55 . 2011-07-28 17:58 -------- d-----w- c:\documents and settings\DAVE\Local Settings\Application Data\PhotoChannel
2011-07-27 22:00 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-20 08:41 . 2011-04-16 12:34 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-07-13 03:39 . 2011-03-05 23:15 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-29 12:49 . 2011-06-11 16:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
.
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
.
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-15 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-07-28 4841472]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-08 449584]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"nwiz"="nwiz.exe" [2003-07-28 323584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-07-28 49152]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt\0sprestrt
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" /background
"NvMediaCenter"="RUNDLL32.EXE" c:\windows\System32\NVMCTRAY.DLL,NvTaskbarInit
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"="nwiz.exe" /install
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2/10/2011 11:22 AM 10064]
S1 MpKsl74e1d365;MpKsl74e1d365;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05350E50-1F42-40F4-A0F0-D18BC43B4814}\MpKsl74e1d365.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05350E50-1F42-40F4-A0F0-D18BC43B4814}\MpKsl74e1d365.sys [?]
S1 MpKslfff299a4;MpKslfff299a4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FC227AF4-495E-44A7-88D5-C091F8B32D31}\MpKslfff299a4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FC227AF4-495E-44A7-88D5-C091F8B32D31}\MpKslfff299a4.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/15/2010 4:41 PM 135664]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/4/2011 10:08 AM 366640]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [7/20/2011 4:38 AM 1526592]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/15/2010 4:41 PM 135664]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/4/2011 10:08 AM 22712]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2011-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 20:41]
.
2011-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 20:41]
.
2011-08-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
2011-08-12 c:\windows\Tasks\User_Feed_Synchronization-{4CE79A16-1219-4577-AE0A-F74FF62B600B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-12 15:32
Windows 5.1.2600 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(644)
c:\windows\System32\ODBC32.dll
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
c:\windows\System32\msctfime.ime
.
- - - - - - - > 'lsass.exe'(700)
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
c:\windows\System32\dssenh.dll
.
- - - - - - - > 'explorer.exe'(3260)
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
c:\windows\System32\msctfime.ime
c:\windows\System32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
.
**************************************************************************
.
Completion time: 2011-08-12 15:37:38 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-12 19:37
.
Pre-Run: 49,165,144,064 bytes free
Post-Run: 49,359,589,376 bytes free
.
- - End Of File - - 4AFF0DB3CA0B10478A4328A0319F5454

[SweetTech]

Hi!

Okay. Please run this fix.

ComboFix Script

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
• They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
File::
c:\windows\SET4F.tmp
c:\windows\SET3C.tmp
c:\windows\SET30.tmp
c:\windows\SET63.tmp
c:\windows\SET51.tmp
c:\windows\SET45.tmp

SRPeek::
c:\windows\system32\wscntfy.exe
c:\windows\system32\xmlprov.dll
c:\windows\system32\drivers\ip6fw.sys
c:\windows\system32\d3d9.dll

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you.
• Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

[njlock]

ComboFix 11-08-12.01 - DAVE 08/12/2011 17:04:29.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.2047.1671 [GMT -4:00]
Running from: c:\documents and settings\DAVE\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\DAVE\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\windows\SET30.tmp"
"c:\windows\SET3C.tmp"
"c:\windows\SET45.tmp"
"c:\windows\SET4F.tmp"
"c:\windows\SET51.tmp"
"c:\windows\SET63.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SET30.tmp
c:\windows\SET3C.tmp
c:\windows\SET45.tmp
c:\windows\SET4F.tmp
c:\windows\SET51.tmp
c:\windows\SET63.tmp
.
Infected copy of c:\windows\system32\qmgr.dll was found and disinfected
Restored copy from - c:\windows\$NtUninstallKB842773$\qmgr.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-07-12 to 2011-08-12 )))))))))))))))))))))))))))))))
.
.
2011-08-12 19:37 . 2004-08-03 18:03 167704 ----a-w- c:\windows\system32\wuaucpl.cpl
2011-08-11 18:11 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F1040424-9CBC-48F0-BCE6-6A5D82D56297}\mpengine.dll
2011-08-10 13:42 . 2011-08-10 13:42 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft
2011-08-09 20:48 . 2011-08-09 20:48 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\PCHealth
2011-08-09 20:28 . 2003-07-16 20:33 6656 -c--a-w- c:\windows\system32\dllcache\migregdb.exe
2011-08-09 20:27 . 2002-05-14 16:08 208896 -c--a-w- c:\windows\system32\dllcache\fpmmcsat.dll
2011-08-09 20:18 . 2003-07-16 20:48 40960 -c--a-w- c:\windows\system32\dllcache\trialoc.dll
2011-08-09 20:17 . 2004-08-03 18:07 1081112 ----a-w- c:\windows\system32\wuaueng.dll
2011-08-09 20:17 . 2004-08-03 18:02 113944 ----a-w- c:\windows\system32\wuauclt.exe
2011-08-09 20:12 . 2003-07-16 20:46 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-08-09 20:12 . 2003-07-16 20:46 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-08-09 20:12 . 2003-07-16 20:30 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-08-09 20:12 . 2003-07-16 20:30 13312 ----a-w- c:\windows\system32\irclass.dll
2011-08-09 16:51 . 2011-08-09 16:51 -------- d-----w- C:\_OTL
2011-08-09 15:50 . 2004-08-04 07:56 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-08-09 15:50 . 2011-08-09 15:50 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft
2011-08-09 15:40 . 2003-07-16 20:42 17408 -c--a-w- c:\windows\system32\dllcache\qmgrprxy.dll
2011-08-09 15:39 . 2003-07-16 20:41 272896 -c--a-w- c:\windows\system32\dllcache\pinball.exe
2011-08-09 15:38 . 2002-08-29 05:06 182400 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2011-08-09 15:37 . 2001-08-17 17:59 50048 ----a-w- c:\windows\system32\drivers\DMusic.sys
2011-08-09 15:37 . 2002-08-29 05:32 5888 ----a-w- c:\windows\system32\drivers\splitter.sys
2011-08-09 15:36 . 2002-08-29 05:27 56576 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-08-09 15:21 . 2001-08-18 02:37 117248 ----a-w- c:\windows\system32\ksproxy.ax
2011-08-09 15:21 . 2001-08-18 02:36 4096 ----a-w- c:\windows\system32\ksuser.dll
2011-08-09 15:20 . 2002-08-29 07:46 38024 ----a-w- c:\windows\system32\drivers\termdd.sys
2011-08-09 15:19 . 2003-07-16 20:43 696320 -c--a-w- c:\windows\system32\dllcache\sapi.dll
2011-08-09 15:19 . 2003-07-16 20:43 696320 ----a-w- c:\program files\Common Files\Microsoft Shared\Speech\sapi.dll
2011-08-09 15:19 . 2003-07-16 20:24 19456 -c--a-w- c:\windows\system32\dllcache\agt041f.dll
2011-08-09 15:19 . 2003-07-16 20:24 19456 -c--a-w- c:\windows\system32\dllcache\agt0419.dll
2011-08-09 15:19 . 2003-07-16 20:24 19456 -c--a-w- c:\windows\system32\dllcache\agt0415.dll
2011-08-09 15:19 . 2003-07-16 20:24 19968 -c--a-w- c:\windows\system32\dllcache\agt040e.dll
2011-08-09 15:19 . 2003-07-16 20:23 22016 -c--a-w- c:\windows\system32\dllcache\agt0408.dll
2011-08-09 15:19 . 2003-07-16 20:23 19456 -c--a-w- c:\windows\system32\dllcache\agt0405.dll
2011-08-09 15:19 . 2003-07-16 20:30 10496 -c--a-w- c:\windows\system32\dllcache\irenum.sys
2011-08-09 15:19 . 2003-07-16 20:30 10496 ----a-w- c:\windows\system32\drivers\irenum.sys
2011-08-09 15:19 . 2003-07-16 20:51 132096 ----a-w- c:\windows\system\WINSPOOL.DRV
2011-08-09 15:19 . 2002-08-29 07:41 71168 ----a-w- c:\windows\system32\storprop.dll
2011-08-06 14:55 . 2011-08-06 14:56 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-08-04 14:16 . 2011-07-20 08:35 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-08-04 14:09 . 2011-08-04 14:09 -------- d-----w- c:\documents and settings\DAVE\Application Data\Malwarebytes
2011-08-04 14:08 . 2011-07-08 11:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-04 14:08 . 2011-08-04 14:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-04 14:08 . 2011-07-08 11:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-04 14:08 . 2011-08-04 14:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-04 13:44 . 2011-08-04 13:44 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-07-29 18:04 . 2011-08-06 18:25 -------- d-----w- c:\program files\Coupons
2011-07-28 17:55 . 2011-07-28 17:58 -------- d-----w- c:\documents and settings\DAVE\Local Settings\Application Data\PhotoChannel
2011-07-27 22:00 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-20 08:41 . 2011-04-16 12:34 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-07-13 03:39 . 2011-03-05 23:15 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-29 12:49 . 2011-06-11 16:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
.
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
.
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-08-12_19.32.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-12 21:12 . 2011-08-12 21:12 16384 c:\windows\temp\Perflib_Perfdata_6c0.dat
+ 2003-07-16 20:25 . 2004-08-03 18:00 71448 c:\windows\system32\dllcache\cdm.dll
- 2011-08-12 19:32 . 2011-08-12 19:32 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-12 19:32 . 2011-08-12 19:41 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-07 23:07 . 2011-08-12 19:41 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-01-07 23:07 . 2011-08-12 19:31 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2003-07-16 20:25 . 2004-08-03 18:00 71448 c:\windows\system32\cdm.dll
+ 2003-07-16 20:30 . 2004-08-03 18:04 185624 c:\windows\system32\iuengine.dll
+ 2011-08-09 20:17 . 2004-08-03 18:02 113944 c:\windows\system32\dllcache\wuauclt.exe
+ 2003-07-16 20:30 . 2004-08-03 18:04 185624 c:\windows\system32\dllcache\iuengine.dll
- 2010-01-07 23:07 . 2011-08-12 19:31 147456 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-01-07 23:07 . 2011-08-12 19:41 147456 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-08-09 20:17 . 2004-08-03 18:07 1081112 c:\windows\system32\dllcache\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-15 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-07-28 4841472]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-08 449584]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"nwiz"="nwiz.exe" [2003-07-28 323584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-07-28 49152]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt\0sprestrt
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" /background
"NvMediaCenter"="RUNDLL32.EXE" c:\windows\System32\NVMCTRAY.DLL,NvTaskbarInit
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"="nwiz.exe" /install
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2/10/2011 11:22 AM 10064]
S1 MpKsl74e1d365;MpKsl74e1d365;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05350E50-1F42-40F4-A0F0-D18BC43B4814}\MpKsl74e1d365.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{05350E50-1F42-40F4-A0F0-D18BC43B4814}\MpKsl74e1d365.sys [?]
S1 MpKslfff299a4;MpKslfff299a4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FC227AF4-495E-44A7-88D5-C091F8B32D31}\MpKslfff299a4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FC227AF4-495E-44A7-88D5-C091F8B32D31}\MpKslfff299a4.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/15/2010 4:41 PM 135664]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/4/2011 10:08 AM 366640]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [7/20/2011 4:38 AM 1526592]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/15/2010 4:41 PM 135664]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/4/2011 10:08 AM 22712]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2011-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 20:41]
.
2011-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 20:41]
.
2011-08-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
2011-08-12 c:\windows\Tasks\User_Feed_Synchronization-{4CE79A16-1219-4577-AE0A-F74FF62B600B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-12 17:13
Windows 5.1.2600 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(644)
c:\windows\System32\ODBC32.dll
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
c:\windows\System32\msctfime.ime
.
- - - - - - - > 'lsass.exe'(700)
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
c:\windows\System32\dssenh.dll
.
- - - - - - - > 'explorer.exe'(2960)
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
c:\windows\System32\msctfime.ime
c:\windows\System32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
.
**************************************************************************
.
Completion time: 2011-08-12 17:17:58 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-12 21:17
ComboFix2.txt 2011-08-12 19:37
.
Pre-Run: 49,345,134,592 bytes free
Post-Run: 49,350,156,288 bytes free
.
- - End Of File - - 08B25E02DA8A46C0CFF89B8C3F1C6DB2

[SweetTech]

How are things running? Any change? Do you happen to have your Windows XP disc?

[njlock]

It seems to be running a lot faster & smoother, the service pack went back to sp1, so I'm in process of updating (doing svc pk3 now.
windows essential still is'nt running, planning on uninstalling it & reinstalling it.
How does my log look?

Thanks for everything!

[njlock]

update; seems to be back alive, MS essential loaded up without need to reinstall, ran scan, alls well. Doing all the necessary xp security updates. Seems better than it ever was.
Thanks for all your help.
you mentioned that it might not be 100% secure even after all this. Do I need to worry about this?
It seems like MS essentials was'nt good enough to protect me from this, do you reccomend any other anti virus or malware software?

[SweetTech]

Hi!

Glad to hear that things are running better!

I'm going to ask that you run through some additional scans to ensure that we've gotten it all.

you mentioned that it might not be 100% secure even after all this. Do I need to worry about this?

Yes, I'd still worry about that.

It seems like MS essentials was'nt good enough to protect me from this, do you reccomend any other anti virus or malware software?

Microsoft Security Essentials is a pretty good Anti-Virus program to use. The best way to prevent becoming infected is to practice safe browsing. I'll cover this topic a little more later on.

But lets run those other scans now.

Lets see what these scans find, and see where we stand then.

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

• Open Malwarebytes' Anti-Malware
• Select the Update tab
• Click Check for Updates
• After the update have been completed, Select the Scanner tab.
• Select Perform quick scan, then click on Scan
• Leave the default options as it is and click on Start Scan
• When done, you will be prompted. Click OK, then click on Show Results
• Checked (ticked) all items and click on Remove Selected
• After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
• Check
• Click the button.
• Accept any security warnings from your browser.
• Check
• Make sure that the option "Remove found threats" is Unchecked
• When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
  
  • Enable Anti-Stealth technology
• Push the Start button.
• ESET will then download updates for itself, install itself, and begin
  scanning your computer. Please be patient as this can take some time.
• When the scan completes, push
• Push , and save the file to your desktop using a unique name, such as
  ESETScan. Include the contents of this report in your next reply.
• Push the button.
• Push

NEXT:



Security Check
Download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.