Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Black Screen and background music

Started by ugrinwa , Oct 02 2011 07:43 PM

This topic is locked

#1
ugrinwa

Posted 02 October 2011 - 07:43 PM

Member

Member
52 posts

Hi there members.
I am hoping that someone can help me please.
Last night while working on my desktop pc running Windows Vista Service Pack 2 strange occurrence began to take place.

Windows error alerts began popping up on my screen by the dozens.
IE was taking me to incorrect pages when performing Google searches.
When I tried to reboot, my desktop was all black and all my personal icons were missing.
From the start menu there was also no icons being displayed and it was just blank.
I kept noticing one Lavasoft Ad-Aware pop up prompting me to upgrade but the cancel button was greyed out so there was really no choice but to click through. I just minimized it not wanting to make matters worse.
I re-booted in safe mode and did a system restore to three days ago and that made my icons on my desktop return and I no longer see a black screen but still feels like I am infected.
For no reason, I start hearing radio and music as if I were streaming from a live radio station but see no other software program that is open.
It happens sporadically and goes in and out. I tried looking at my processes running at the time but see nothing out of the ordinary at least for my untrained eye.
I ran the OTL log posted below.
Please please help me get through this. Appreciate your response in advance.

Thanks,

OTL Log:

OTL logfile created on: 02/10/2011 4:50:37 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\zeev\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 40.68% Memory free
4.23 Gb Paging File | 2.84 Gb Available in Paging File | 67.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.79 Gb Total Space | 140.55 Gb Free Space | 63.08% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.23 Gb Free Space | 62.25% Space Free | Partition Type: NTFS

Computer Name: ZEEV-PC | User Name: zeev | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/02 16:49:59 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\zeev\Desktop\OTL.exe
PRC - [2011/08/06 07:25:14 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/08/06 07:25:14 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/23 19:44:22 | 001,386,776 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2011/06/17 03:35:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2011/06/11 20:08:10 | 000,669,936 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe
PRC - [2011/04/21 07:54:05 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/21 07:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/12/14 10:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/12 10:44:32 | 000,184,968 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\SPAMfighter\sfus.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/11/28 20:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/07/10 03:03:42 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/07/10 03:03:36 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2006/10/29 09:03:30 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
PRC - [2006/09/29 12:38:50 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/16 03:41:38 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll
MOD - [2011/09/16 03:13:21 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
MOD - [2011/09/16 03:13:15 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/23 19:44:34 | 000,877,848 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2011/06/11 20:08:12 | 001,640,216 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Resources.dll
MOD - [2011/06/11 20:08:12 | 000,090,592 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll
MOD - [2011/06/11 20:08:10 | 000,669,936 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe
MOD - [2007/09/20 19:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2011/08/06 07:25:14 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/08/06 07:25:14 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/17 03:33:46 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/06/11 20:08:08 | 001,036,104 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/03/12 10:44:32 | 000,184,968 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files\SPAMfighter\sfus.exe -- (SPAMfighter Update Service)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/28 20:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/09/12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/07/10 03:03:36 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/11/18 07:01:26 | 000,195,032 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®
SRV - [2006/11/18 07:00:48 | 000,550,872 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®
SRV - [2006/11/18 07:00:06 | 000,174,552 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®
SRV - [2006/11/18 06:59:38 | 000,081,880 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®
SRV - [2006/11/18 06:59:02 | 000,032,216 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv™
SRV - [2006/10/29 09:03:30 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/09/29 12:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

========== Driver Services (SafeList) ==========

DRV - [2011/08/06 07:25:15 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/08/06 07:25:14 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/04/30 08:00:20 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011/04/30 08:00:18 | 000,039,064 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/04/30 08:00:06 | 000,042,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2011/04/30 08:00:06 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/04/30 08:00:06 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/24 05:23:16 | 011,614,760 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/06/06 20:10:34 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007/08/29 07:08:16 | 000,005,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH)
DRV - [2007/07/11 06:05:32 | 000,214,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/07/10 03:03:44 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/18 07:01:08 | 000,018,904 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/19 15:49:48 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/09/27 16:37:24 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsgopro.sys -- (nmsgopro)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca...=ca&ibd=3070829

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....r=ytff-yma3&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca"
FF - prefs.js..extensions.enabledItems: {8C2374C3-4E21-43CD-A410-4B6BFE56C02C}:1.9.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: [email protected]:3.12.2.100006
FF - prefs.js..keyword.URL: "http://search.yahoo....r=ytff-yma3&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\zeev\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\zeev\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/28 16:27:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/28 16:27:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8C2374C3-4E21-43CD-A410-4B6BFE56C02C}: C:\Users\zeev\AppData\Local\{8C2374C3-4E21-43CD-A410-4B6BFE56C02C} [2011/10/02 16:04:36 | 000,000,000 | ---D | M]

[2009/02/28 21:49:58 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\zeev\AppData\Roaming\Mozilla\Extensions
[2011/09/29 09:45:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zeev\AppData\Roaming\Mozilla\Firefox\Profiles\5sdn7712.default\extensions
[2011/10/02 16:04:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\zeev\AppData\Roaming\Mozilla\Firefox\Profiles\5sdn7712.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/02 16:04:39 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus WebGuard") -- C:\Users\zeev\AppData\Roaming\Mozilla\Firefox\Profiles\5sdn7712.default\extensions\[email protected]
[2011/04/16 10:23:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/23 05:11:50 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009/02/28 21:49:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/10/02 16:04:36 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\ZEEV\APPDATA\LOCAL\{8C2374C3-4E21-43CD-A410-4B6BFE56C02C}

O1 HOSTS File: ([2010/03/10 04:28:38 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL File not found
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AROReminder] C:\Program Files\ARO 2011\ARO.exe (Support.com)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)" -"http://www.interacti...checker_l1.htm" File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: agentware.net ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: sabre.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: ujafed.org ([webmail] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {B7C49732-4761-4A66-9945-BAF55E98E0E4} https://ve1.verint.c...lient/JDsAx.cab (COCKPIT Client)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD3A2939-7451-40E7-B6D7-CAAD955173CF}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\dellwall1.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\dellwall1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{e1bca88a-992e-11dd-94f6-0019d19185f4}\Shell\AutoRun\command - "" = H:\PMB_P.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/10/02 16:49:56 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\zeev\Desktop\OTL.exe

========== Files - Modified Within 30 Days ==========

[2011/10/02 16:49:59 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\zeev\Desktop\OTL.exe
[2011/10/02 16:39:10 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/02 16:39:10 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/02 16:14:32 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-978806049-3308876999-957044163-1001UA.job
[2011/10/02 16:13:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-978806049-3308876999-957044163-1001Core.job
[2011/10/02 16:11:07 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{19A89B08-65C3-4B47-B064-67D7AE5FCC06}.job
[2011/10/02 16:07:24 | 000,000,054 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/10/02 16:07:24 | 000,000,039 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/10/02 16:06:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/02 15:51:39 | 000,000,680 | ---- | M] () -- C:\Users\zeev\AppData\Local\d3d9caps.dat
[2011/10/01 22:14:51 | 000,000,440 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/10/01 22:11:45 | 000,000,272 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/01 22:11:45 | 000,000,184 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/01 22:08:42 | 000,035,565 | -H-- | M] () -- C:\ProgramData\nvModes.dat
[2011/10/01 22:08:42 | 000,035,565 | -H-- | M] () -- C:\ProgramData\nvModes.001
[2011/10/01 16:46:13 | 000,001,808 | -H-- | M] () -- C:\Users\zeev\Documents\Default.rdp
[2011/09/27 17:40:48 | 000,000,117 | -H-- | M] () -- C:\Users\zeev\Desktop\Welcome to edline.net.URL
[2011/09/26 20:08:04 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/09/25 17:18:54 | 000,002,627 | ---- | M] () -- C:\Users\zeev\Desktop\Microsoft Office Word 2007.lnk
[2011/09/21 16:00:51 | 000,000,226 | -H-- | M] () -- C:\Users\zeev\Desktop\Staff Bulletin Board.url
[2011/09/21 01:14:45 | 000,002,078 | ---- | M] () -- C:\Users\zeev\Desktop\Google Chrome.lnk
[2011/09/21 01:14:45 | 000,002,040 | ---- | M] () -- C:\Users\zeev\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/16 03:10:54 | 000,598,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/16 03:10:54 | 000,104,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/04 19:01:12 | 000,000,138 | -H-- | M] () -- C:\Users\zeev\Desktop\Bialik Hebrew Day School Mail.url

========== Files Created - No Company Name ==========

[2011/10/02 16:07:24 | 000,000,054 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/10/02 16:07:24 | 000,000,039 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/10/01 22:11:45 | 000,000,184 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/01 22:11:44 | 000,000,272 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/01 22:11:02 | 000,000,440 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/09/06 15:08:07 | 000,000,226 | -H-- | C] () -- C:\Users\zeev\Desktop\Staff Bulletin Board.url
[2011/09/04 19:08:48 | 000,000,117 | -H-- | C] () -- C:\Users\zeev\Desktop\Welcome to edline.net.URL
[2011/09/04 19:01:12 | 000,000,138 | -H-- | C] () -- C:\Users\zeev\Desktop\Bialik Hebrew Day School Mail.url
[2011/04/16 10:24:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/27 03:43:21 | 000,035,565 | -H-- | C] () -- C:\ProgramData\nvModes.001
[2010/07/27 03:04:42 | 000,035,565 | -H-- | C] () -- C:\ProgramData\nvModes.dat
[2010/03/21 16:39:39 | 000,000,680 | ---- | C] () -- C:\Users\zeev\AppData\Local\d3d9caps.dat
[2010/03/19 18:45:46 | 000,000,120 | -H-- | C] () -- C:\Users\zeev\AppData\Local\Mzocoyem.dat
[2010/03/19 18:45:46 | 000,000,000 | -H-- | C] () -- C:\Users\zeev\AppData\Local\Rtodozaz.bin
[2010/03/19 18:42:08 | 000,011,944 | -HS- | C] () -- C:\Users\zeev\AppData\Local\48531I0
[2010/03/19 18:42:08 | 000,011,944 | -HS- | C] () -- C:\ProgramData\48531I0
[2010/03/19 18:42:06 | 000,000,016 | -H-- | C] () -- C:\Users\zeev\AppData\Roaming\jasltw.dat
[2009/09/18 06:02:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/18 06:02:35 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/06/05 03:08:43 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/06/05 03:03:51 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/02/28 21:52:32 | 000,008,264 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2009/02/28 21:19:31 | 000,015,688 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2008/05/02 17:18:29 | 000,000,057 | ---- | C] () -- C:\Windows\SABRE.INI
[2007/10/13 17:09:55 | 000,000,614 | -H-- | C] () -- C:\Users\zeev\AppData\Roaming\wklnhst.dat
[2007/09/08 18:09:55 | 000,002,528 | ---- | C] () -- C:\Windows\FCIC.INI
[2007/09/08 17:51:30 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/09/04 23:31:18 | 000,047,104 | ---- | C] () -- C:\Users\zeev\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/10 09:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/07 15:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,436,536 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,598,702 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,716 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/06/23 09:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll

========== LOP Check ==========

[2009/02/07 21:09:41 | 000,000,000 | -H-D | M] -- C:\Users\zeev\AppData\Roaming\Amazon
[2008/03/01 19:19:05 | 000,000,000 | -H-D | M] -- C:\Users\zeev\AppData\Roaming\BitSpirit
[2009/02/28 20:47:42 | 000,000,000 | -H-D | M] -- C:\Users\zeev\AppData\Roaming\eMusic
[2010/05/30 11:57:10 | 000,000,000 | -H-D | M] -- C:\Users\zeev\AppData\Roaming\GARMIN
[2011/08/07 11:23:29 | 000,000,000 | -H-D | M] -- C:\Users\zeev\AppData\Roaming\Leadertech
[2009/11/15 13:14:44 | 000,000,000 | ---D | M] -- C:\Users\zeev\AppData\Roaming\OpenOffice.org
[2011/03/02 23:13:17 | 000,000,000 | ---D | M] -- C:\Users\zeev\AppData\Roaming\PCDr
[2011/06/23 04:56:47 | 000,000,000 | ---D | M] -- C:\Users\zeev\AppData\Roaming\Sammsoft
[2009/05/01 19:58:29 | 000,000,000 | -H-D | M] -- C:\Users\zeev\AppData\Roaming\SPAMfighter
[2007/10/13 17:09:57 | 000,000,000 | -H-D | M] -- C:\Users\zeev\AppData\Roaming\Template
[2011/09/26 20:08:04 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/09/16 03:33:35 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/10/02 16:11:07 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{19A89B08-65C3-4B47-B064-67D7AE5FCC06}.job

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2011/06/07 15:29:53 | 000,014,478 | -H-- | M] ()(C:\Users\zeev\Desktop\???.docx) -- C:\Users\zeev\Desktop\שרה.docx
[2011/05/22 18:58:52 | 000,014,478 | -H-- | C] ()(C:\Users\zeev\Desktop\???.docx) -- C:\Users\zeev\Desktop\שרה.docx
[2011/05/07 12:52:54 | 000,014,958 | -H-- | M] ()(C:\Users\zeev\Desktop\?? ?? ???? ???? ???? ???-2011.docx) -- C:\Users\zeev\Desktop\רק על עצמי לספר סכום שנה-2011.docx
[2011/05/07 12:52:53 | 000,014,958 | -H-- | C] ()(C:\Users\zeev\Desktop\?? ?? ???? ???? ???? ???-2011.docx) -- C:\Users\zeev\Desktop\רק על עצמי לספר סכום שנה-2011.docx
[2010/05/09 10:10:03 | 000,027,430 | -H-- | M] ()(C:\Users\zeev\Desktop\?? ???? ?.docx) -- C:\Users\zeev\Desktop\מי ידאג ל.docx
[2010/05/09 10:10:02 | 000,027,430 | -H-- | C] ()(C:\Users\zeev\Desktop\?? ???? ?.docx) -- C:\Users\zeev\Desktop\מי ידאג ל.docx

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Documents\HP_Vista_Drivers:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Documents\FirstClass:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Documents\Anat Pic:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Desktop\REPORT CARDS 2009 2010:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Desktop\REPORT CARDS 2008:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Desktop\REPORT CARDS 2007:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Desktop\OpenOffice.org 3.1 (en-US) Installation Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Desktop\My eMusic:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Desktop\GROUP EMAILS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Desktop\CHIDON:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Desktop\BellSettings.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Desktop\09-TATE'S WORLD'S.mp3:Roxio EMC Stream

< End of report >

#2
CompCav

Posted 03 October 2011 - 02:01 PM

Member 5k

Expert
12,454 posts

Hi, ugrinwa! Welcome to GeeksToGo! My nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out.

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
You must reply within four days failure to reply will result in the topic being closed!
Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.

Now let's get started!

Step 1.

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

Step 2.

Download OTL to your Desktop or skip to next step if already on your desktop
Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top, make sure Standard output is selected.
Select Scan all users
Select Use Safe List under Extra Registry
Check the boxes beside LOP Check and Purity Check.
Under the Custom Scans/Fixes box copy and paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
Click the button. Do not change any settings unless otherwise told to do so. The scan won't take long.
When the scan completes, it will open OTL.Txt in Notepad window and the Extras.txt file on the task bar.
Please copy (Edit->Select All, Edit->Copy) the content of this file, the Extras.txt file, and post them with your next reply.

Step 3.

Post:
aswMBR log
OTL.txt
Extras.txt

Step 4.

Also please tell me what antivirus scans you have already done and what they found.

#3
ugrinwa

Posted 05 October 2011 - 07:18 PM

Member

Topic Starter
Member
52 posts

Hi CompCav.

Thanks for taking the time to help me out.

I downloaded aswMBR.exe to my desktop but when I tried double clicking it as per your instructions I got the built in security alert from the Windows OS asking if I want to run or cancel this action. When I click run nothing happens.

I thought it might be the user account control setting so I disabled that and my windows fireall setting and rebooted as per the UAC changes to take place. Now there is no shield icon on the aswMBE.exe file on my desktop but I still cant open it?

I also noted that upon restarting pc, Avira AntiVir Personal (Free Edition) popped up with the alert "Avira Malware found Boo/TDss.D was found in Master boot sector of drive Master boot sector HDO" (what is that?) I did not ask it to be removed and just closed box. The I saw two adverts pop up. Both were ARO 2011? Something about cleaning my system from Malware etc. I closed both these boxes as well.

Should I try running aswMBR.exe in safe mode?

Thanks,

Uri

#4
CompCav

Posted 05 October 2011 - 08:08 PM

Member 5k

Expert
12,454 posts

Hi Uri,

I thought it might be the user account control setting so I disabled that and my windows fireall setting and rebooted as per the UAC changes to take place. Now there is no shield icon on the aswMBE.exe file on my desktop but I still cant open it?

Try to right click on it and then run as administrator. But if that does not work do the following steps:

Step 1.

Temporarily disable AdAware AdWatch by following these directions.

Step 2.

Download RogueKiller to your desktop

Quit all running programs
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
When prompted, type 2 and validate
The RKreport.txt shall be generated next to the executable.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

Step 3.

Do not reboot!

Now delete old aswMBR on your desktop.

Then follow my instructions in post #2 to re-download it, run it, and OTL.

Step 4.

Please include the following logs in your next post:

RKreport.txt
aswMBR log
OTL.txt
Extras.txt

#5
ugrinwa

Posted 09 October 2011 - 09:14 AM

Member

Topic Starter
Member
52 posts

Hi and thanks for your prompt reply.

I proceeded to disable Ad-Aware but it complained of a missing file and would therefore not run.
I then tried to uninstall it from the control panel(add/remove program) but like before this would also not let me.
I then tried to install a new version of Ad-Aware and when I ran that it looks like it found the old one and uninstalled it from my pc.
Next I ran RogueKiller and have the report included below.
I also tried to repeat running aswMBR.exe but it still would not open.
I then ran OTL.exe and have that report below as well.

FYI
While I was responding to this message this browser automatically closed all sessiosn on me and I heard music again from the background.

I hope I was able to make some progress for us.
Thanks.

**********ROGUE REPORT**************
RogueKiller V6.1.2 [10/07/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: zeev [Admin rights]
Mode: Remove -- Date : 10/09/2011 10:49:41

Bad processes: 0

Registry Entries: 4
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[FILE ASSO] HKLM\[...]Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command : ("C:\Users\zeev\AppData\Local\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") -> REPLACED : ("C:\Program Files\internet explorer\iexplore.exe")

Particular Files / Folders:

Driver: [LOADED]

HOSTS File:
127.0.0.1 localhost
::1 localhost

Finished : << RKreport[1].txt >>
RKreport[1].txt

************OTL REPORT*****************
OTL logfile created on: 09/10/2011 10:55:18 AM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\zeev\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 43.89% Memory free
4.23 Gb Paging File | 2.87 Gb Available in Paging File | 67.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.79 Gb Total Space | 140.14 Gb Free Space | 62.90% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.23 Gb Free Space | 62.25% Space Free | Partition Type: NTFS

Computer Name: ZEEV-PC | User Name: zeev | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/02 16:49:59 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\zeev\Desktop\OTL.exe
PRC - [2011/08/06 07:25:14 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/08/06 07:25:14 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/23 19:44:22 | 001,386,776 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2011/06/17 03:35:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2011/04/21 07:54:05 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/21 07:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 02:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/03/12 10:44:32 | 000,184,968 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\SPAMfighter\sfus.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/01/19 03:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/07/10 03:03:42 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/07/10 03:03:36 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2006/10/29 09:03:30 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
PRC - [2006/09/29 12:38:50 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/16 03:41:38 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll
MOD - [2011/09/16 03:13:21 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
MOD - [2011/09/16 03:13:15 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/23 19:44:34 | 000,877,848 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2007/09/20 19:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2011/08/06 07:25:14 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/08/06 07:25:14 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/17 03:33:46 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/03/12 10:44:32 | 000,184,968 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files\SPAMfighter\sfus.exe -- (SPAMfighter Update Service)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/07/10 03:03:36 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/11/18 07:01:26 | 000,195,032 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®
SRV - [2006/11/18 07:00:48 | 000,550,872 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®
SRV - [2006/11/18 07:00:06 | 000,174,552 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®
SRV - [2006/11/18 06:59:38 | 000,081,880 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®
SRV - [2006/11/18 06:59:02 | 000,032,216 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv™
SRV - [2006/10/29 09:03:30 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/09/29 12:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

========== Driver Services (SafeList) ==========

DRV - [2011/10/09 10:48:25 | 000,111,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/08/06 07:25:15 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/08/06 07:25:14 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/04/30 08:00:20 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011/04/30 08:00:18 | 000,039,064 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/04/30 08:00:06 | 000,042,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2011/04/30 08:00:06 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/04/30 08:00:06 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/24 05:23:16 | 011,614,760 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/06/06 20:10:34 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007/08/29 07:08:16 | 000,005,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH)
DRV - [2007/07/11 06:05:32 | 000,214,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/07/10 03:03:44 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/18 07:01:08 | 000,018,904 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/19 15:49:48 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/09/27 16:37:24 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsgopro.sys -- (nmsgopro)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca...=ca&ibd=3070829

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....r=ytff-yma3&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca"
FF - prefs.js..extensions.enabledItems: {8C2374C3-4E21-43CD-A410-4B6BFE56C02C}:1.9.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: [email protected]:3.12.2.100006
FF - prefs.js..keyword.URL: "http://search.yahoo....r=ytff-yma3&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\zeev\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\zeev\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/28 16:27:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/28 16:27:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8C2374C3-4E21-43CD-A410-4B6BFE56C02C}: C:\Users\zeev\AppData\Local\{8C2374C3-4E21-43CD-A410-4B6BFE56C02C} [2011/10/02 16:04:36 | 000,000,000 | ---D | M]

[2009/02/28 21:49:58 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\zeev\AppData\Roaming\Mozilla\Extensions
[2011/10/07 08:45:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zeev\AppData\Roaming\Mozilla\Firefox\Profiles\5sdn7712.default\extensions
[2011/10/02 16:04:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\zeev\AppData\Roaming\Mozilla\Firefox\Profiles\5sdn7712.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/02 16:04:39 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus WebGuard") -- C:\Users\zeev\AppData\Roaming\Mozilla\Firefox\Profiles\5sdn7712.default\extensions\[email protected]
[2011/10/07 08:45:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/23 05:11:50 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009/02/28 21:49:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/10/02 16:04:36 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\ZEEV\APPDATA\LOCAL\{8C2374C3-4E21-43CD-A410-4B6BFE56C02C}

O1 HOSTS File: ([2010/03/10 04:28:38 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL File not found
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AROReminder] C:\Program Files\ARO 2011\ARO.exe (Support.com)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)" -"http://www.interacti...checker_l1.htm" File not found
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: agentware.net ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: sabre.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: ujafed.org ([webmail] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {B7C49732-4761-4A66-9945-BAF55E98E0E4} https://ve1.verint.c...lient/JDsAx.cab (COCKPIT Client)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD3A2939-7451-40E7-B6D7-CAAD955173CF}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\dellwall1.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\dellwall1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{e1bca88a-992e-11dd-94f6-0019d19185f4}\Shell\AutoRun\command - "" = H:\PMB_P.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/10/09 10:52:40 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\zeev\Desktop\aswMBR.exe
[2011/10/09 10:48:24 | 000,000,000 | ---D | C] -- C:\Users\zeev\Desktop\RK_Quarantine
[2011/10/09 10:43:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/10/06 18:54:21 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/10/05 21:23:15 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\zeev\Documents\aswMBR.exe
[2011/10/02 16:49:56 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\zeev\Desktop\OTL.exe

========== Files - Modified Within 30 Days ==========

[2011/10/09 10:52:54 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\zeev\Desktop\aswMBR.exe
[2011/10/09 10:48:25 | 000,111,744 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/10/09 10:47:47 | 000,723,968 | ---- | M] () -- C:\Users\zeev\Desktop\RogueKiller.exe
[2011/10/09 10:44:59 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/09 10:44:59 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/09 10:37:38 | 010,268,672 | ---- | M] () -- C:\Users\zeev\Desktop\Ad-Aware95Install.msi
[2011/10/09 10:13:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-978806049-3308876999-957044163-1001UA.job
[2011/10/09 09:26:29 | 000,001,808 | -H-- | M] () -- C:\Users\zeev\Documents\Default.rdp
[2011/10/08 20:12:36 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{19A89B08-65C3-4B47-B064-67D7AE5FCC06}.job
[2011/10/08 20:08:02 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/10/08 16:13:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-978806049-3308876999-957044163-1001Core.job
[2011/10/07 18:56:19 | 000,335,559 | ---- | M] () -- C:\Users\zeev\Desktop\Class List - 5C.pdf
[2011/10/07 13:31:19 | 000,002,627 | ---- | M] () -- C:\Users\zeev\Desktop\Microsoft Office Word 2007.lnk
[2011/10/06 18:44:51 | 000,000,054 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/10/06 18:44:51 | 000,000,039 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/10/06 18:44:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/05 21:23:20 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\zeev\Documents\aswMBR.exe
[2011/10/04 18:15:00 | 000,002,040 | ---- | M] () -- C:\Users\zeev\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/04 18:14:59 | 000,002,078 | ---- | M] () -- C:\Users\zeev\Desktop\Google Chrome.lnk
[2011/10/02 20:44:40 | 000,611,664 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/02 20:44:40 | 000,109,112 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/02 17:44:45 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/10/02 16:49:59 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\zeev\Desktop\OTL.exe
[2011/10/02 15:51:39 | 000,000,680 | ---- | M] () -- C:\Users\zeev\AppData\Local\d3d9caps.dat
[2011/10/01 22:14:51 | 000,000,440 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/10/01 22:11:45 | 000,000,272 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/01 22:11:45 | 000,000,184 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/01 22:08:42 | 000,035,565 | -H-- | M] () -- C:\ProgramData\nvModes.dat
[2011/10/01 22:08:42 | 000,035,565 | -H-- | M] () -- C:\ProgramData\nvModes.001
[2011/09/27 17:40:48 | 000,000,117 | -H-- | M] () -- C:\Users\zeev\Desktop\Welcome to edline.net.URL
[2011/09/21 16:00:51 | 000,000,226 | -H-- | M] () -- C:\Users\zeev\Desktop\Staff Bulletin Board.url

========== Files Created - No Company Name ==========

[2011/10/09 10:48:25 | 000,111,744 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/10/09 10:47:44 | 000,723,968 | ---- | C] () -- C:\Users\zeev\Desktop\RogueKiller.exe
[2011/10/09 10:37:30 | 010,268,672 | ---- | C] () -- C:\Users\zeev\Desktop\Ad-Aware95Install.msi
[2011/10/07 18:56:16 | 000,335,559 | ---- | C] () -- C:\Users\zeev\Desktop\Class List - 5C.pdf
[2011/10/02 16:07:24 | 000,000,054 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/10/02 16:07:24 | 000,000,039 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/10/01 22:11:45 | 000,000,184 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/01 22:11:44 | 000,000,272 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/01 22:11:02 | 000,000,440 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/04/16 10:24:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/27 03:43:21 | 000,035,565 | -H-- | C] () -- C:\ProgramData\nvModes.001
[2010/07/27 03:04:42 | 000,035,565 | -H-- | C] () -- C:\ProgramData\nvModes.dat
[2010/03/21 16:39:39 | 000,000,680 | ---- | C] () -- C:\Users\zeev\AppData\Local\d3d9caps.dat
[2010/03/19 18:45:46 | 000,000,120 | -H-- | C] () -- C:\Users\zeev\AppData\Local\Mzocoyem.dat
[2010/03/19 18:45:46 | 000,000,000 | -H-- | C] () -- C:\Users\zeev\AppData\Local\Rtodozaz.bin
[2010/03/19 18:42:08 | 000,011,944 | -HS- | C] () -- C:\Users\zeev\AppData\Local\48531I0
[2010/03/19 18:42:08 | 000,011,944 | -HS- | C] () -- C:\ProgramData\48531I0
[2010/03/19 18:42:06 | 000,000,016 | -H-- | C] () -- C:\Users\zeev\AppData\Roaming\jasltw.dat
[2009/09/18 06:02:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/18 06:02:35 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/06/05 03:08:43 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/06/05 03:03:51 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/02/28 21:52:32 | 000,008,264 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008/05/02 17:18:29 | 000,000,057 | ---- | C] () -- C:\Windows\SABRE.INI
[2007/10/13 17:09:55 | 000,000,614 | -H-- | C] () -- C:\Users\zeev\AppData\Roaming\wklnhst.dat
[2007/09/08 18:09:55 | 000,002,528 | ---- | C] () -- C:\Windows\FCIC.INI
[2007/09/08 17:51:30 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/09/04 23:31:18 | 000,047,104 | ---- | C] () -- C:\Users\zeev\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/10 09:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/07 15:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,436,536 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,611,664 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,109,112 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/06/23 09:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll

========== LOP Check ==========

[2009/02/07 21:09:41 | 000,000,000 | -H-D | M] -- C:\Users\zeev\AppData\Roaming\Amazon
[2008/03/01 19:19:05 | 000,000,000 | -H-D | M] -- C:\Users\zeev\AppData\Roaming\BitSpirit
[2009/02/28 20:47:42 | 000,000,000 | -H-D | M] -- C:\Users\zeev\AppData\Roaming\eMusic
[2010/05/30 11:57:10 | 000,000,000 | -H-D | M] -- C:\Users\zeev\AppData\Roaming\GARMIN
[2011/08/07 11:23:29 | 000,000,000 | -H-D | M] -- C:\Users\zeev\AppData\Roaming\Leadertech
[2009/11/15 13:14:44 | 000,000,000 | ---D | M] -- C:\Users\zeev\AppData\Roaming\OpenOffice.org
[2011/03/02 23:13:17 | 000,000,000 | ---D | M] -- C:\Users\zeev\AppData\Roaming\PCDr
[2011/06/23 04:56:47 | 000,000,000 | ---D | M] -- C:\Users\zeev\AppData\Roaming\Sammsoft
[2009/05/01 19:58:29 | 000,000,000 | -H-D | M] -- C:\Users\zeev\AppData\Roaming\SPAMfighter
[2007/10/13 17:09:57 | 000,000,000 | -H-D | M] -- C:\Users\zeev\AppData\Roaming\Template
[2011/10/08 20:08:02 | 000,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/10/05 21:38:56 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/10/08 20:12:36 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{19A89B08-65C3-4B47-B064-67D7AE5FCC06}.job

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2011/06/07 15:29:53 | 000,014,478 | -H-- | M] ()(C:\Users\zeev\Desktop\???.docx) -- C:\Users\zeev\Desktop\שרה.docx
[2011/05/22 18:58:52 | 000,014,478 | -H-- | C] ()(C:\Users\zeev\Desktop\???.docx) -- C:\Users\zeev\Desktop\שרה.docx
[2011/05/07 12:52:54 | 000,014,958 | -H-- | M] ()(C:\Users\zeev\Desktop\?? ?? ???? ???? ???? ???-2011.docx) -- C:\Users\zeev\Desktop\רק על עצמי לספר סכום שנה-2011.docx
[2011/05/07 12:52:53 | 000,014,958 | -H-- | C] ()(C:\Users\zeev\Desktop\?? ?? ???? ???? ???? ???-2011.docx) -- C:\Users\zeev\Desktop\רק על עצמי לספר סכום שנה-2011.docx
[2010/05/09 10:10:03 | 000,027,430 | -H-- | M] ()(C:\Users\zeev\Desktop\?? ???? ?.docx) -- C:\Users\zeev\Desktop\מי ידאג ל.docx
[2010/05/09 10:10:02 | 000,027,430 | -H-- | C] ()(C:\Users\zeev\Desktop\?? ???? ?.docx) -- C:\Users\zeev\Desktop\מי ידאג ל.docx

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Documents\HP_Vista_Drivers:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Documents\FirstClass:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Documents\Anat Pic:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Desktop\RK_Quarantine:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Desktop\REPORT CARDS 2009 2010:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Desktop\REPORT CARDS 2008:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Desktop\REPORT CARDS 2007:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Desktop\OpenOffice.org 3.1 (en-US) Installation Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Desktop\My eMusic:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Desktop\GROUP EMAILS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Desktop\CHIDON:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Desktop\BellSettings.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Desktop\09-TATE'S WORLD'S.mp3:Roxio EMC Stream

< End of report >

#6
CompCav

Posted 09 October 2011 - 04:16 PM

Member 5k

Expert
12,454 posts

Thanks for the logs, we will attack the rootkit with a different tool in this post.

Step 1.

Download RogueKiller to your desktop or run the copy you already have.

Quit all running programs
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
When prompted, type 2 and validate
The RKreport.txt shall be generated next to the executable.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

Step 2.

Quit all running programs and run RogueKiller once again.

For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
When prompted, type 6 and validate
The RKreport.txt shall be generated next to the executable.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

Step 3.

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
When prompted to run the scan, click Yes.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Step 4.

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 5.

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:OTL
[2011/10/02 16:04:36 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\ZEEV\APPDATA\LOCAL\{8C2374C3-4E21-43CD-A410-4B6BFE56C02C}
O4 - HKLM..\Run: [] File not found
[2011/10/02 16:07:24 | 000,000,054 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/10/02 16:07:24 | 000,000,039 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/10/01 22:14:51 | 000,000,440 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/10/01 22:11:45 | 000,000,272 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/01 22:11:45 | 000,000,184 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/01 22:08:42 | 000,035,565 | -H-- | M] () -- C:\ProgramData\nvModes.dat
[2011/10/01 22:08:42 | 000,035,565 | -H-- | M] () -- C:\ProgramData\nvModes.001
[2010/03/19 18:45:46 | 000,000,120 | -H-- | C] () -- C:\Users\zeev\AppData\Local\Mzocoyem.dat
[2010/03/19 18:45:46 | 000,000,000 | -H-- | C] () -- C:\Users\zeev\AppData\Local\Rtodozaz.bin
[2010/03/19 18:42:08 | 000,011,944 | -HS- | C] () -- C:\Users\zeev\AppData\Local\48531I0
[2010/03/19 18:42:08 | 000,011,944 | -HS- | C] () -- C:\ProgramData\48531I0
[2010/03/19 18:42:06 | 000,000,016 | -H-- | C] () -- C:\Users\zeev\AppData\Roaming\jasltw.dat

:Files
ipconfig /flushdns /c
 C:\Users\Travis\Application Data\Microsoft\Internet Explorer\Quick Launch\Data Recovery.lnk
C:\Users\Travis\Desktop\Data Recovery.lnk



:Commands
[purity]
[resethosts]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.

Step 6.

Run OTL Scan

Please reopen on your desktop.
Please check Scan All Users
Under Extra Registry select Use SafeList
Click Run Scan
Please post the OTL.txt and Extras.txt in the next reply.

Step 7.

Please post the following logs:

BOTH RKreport.txt files
Gooredfix.txt
TDSSKiller log
OTL fix
OTL.txt
Extras.txt

Step 8.

Do you have your normal wallpaper and icons on your desktop now?

How is your computer running?

Step 9.

Response to issues raised

I thought it might be the user account control setting so I disabled that and my windows firewall setting and rebooted as per the UAC changes to take place. Now there is no shield icon on the aswMBE.exe file on my desktop but I still cant open it?

Please re-enable firewall and UAC if not already corrected.

I also noted that upon restarting pc, Avira AntiVir Personal (Free Edition) popped up with the alert "Avira Malware found Boo/TDss.D was found in Master boot sector of drive Master boot sector HDO" (what is that?) I did not ask it to be removed and just closed box.

This is something to remove and if Avira alert pops up again this is a real infection.

The I saw two adverts pop up. Both were ARO 2011? Something about cleaning my system from Malware etc. I closed both these boxes as well.

Just close any adverts that come up.

#7
ugrinwa

Posted 10 October 2011 - 07:39 PM

Member

Topic Starter
Member
52 posts

Hi there.

Here are the reports you asked for:

*******BOTH RKreport.txt files*******
RogueKiller V6.1.2 [10/07/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: zeev [Admin rights]
Mode: Remove -- Date : 10/10/2011 20:50:25

Bad processes: 0

Registry Entries: 0

Particular Files / Folders:

Driver: [LOADED]

HOSTS File:
127.0.0.1 localhost
::1 localhost

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

RogueKiller V6.1.2 [10/07/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: zeev [Admin rights]
Mode: Shortcuts HJfix -- Date : 10/10/2011 20:59:19

Bad processes: 0

Driver: [LOADED]

File attributes restored:
Desktop: Success 73 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 1841 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 148124 / Fail 0
My documents: Success 3075 / Fail 0
My favorites: Success 87 / Fail 0
My pictures: Success 281 / Fail 0
My music: Success 283 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 2206 / Fail 0
Backup: [FOUND] Success 0 / Fail 0

Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\HarddiskVolume4 -- 0x2 --> Restored

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

***************Gooredfix.txt**************
GooredFix by jpshortstuff (03.07.10.1)
Log created at 21:02 on 10/10/2011 (zeev)
Firefox version 3.6.23 (en-US)

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
[email protected] [21:51 08/09/2007]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [21:51 08/09/2007]
{AB2CE124-6272-4b12-94A9-7303C7397BD1} [14:23 16/04/2011]
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [17:09 15/11/2009]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [23:58 16/03/2010]

C:\Users\zeev\Application Data\Mozilla\Firefox\Profiles\5sdn7712.default\extensions\
[email protected] [11:28 06/08/2011]
{20a82645-c095-46ed-80e3-08825760534b} [22:28 24/06/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [07:10 26/09/2009]

-=E.O.F=-

***********TDSSKiller log*************
21:03:53.0575 5708 TDSS rootkit removing tool 2.6.7.0 Oct 10 2011 09:40:06
21:03:54.0994 5708 ============================================================
21:03:54.0994 5708 Current date / time: 2011/10/10 21:03:54.0994
21:03:54.0994 5708 SystemInfo:
21:03:54.0994 5708
21:03:54.0994 5708 OS Version: 6.0.6002 ServicePack: 2.0
21:03:54.0994 5708 Product type: Workstation
21:03:54.0994 5708 ComputerName: ZEEV-PC
21:03:54.0994 5708 UserName: zeev
21:03:54.0994 5708 Windows directory: C:\Windows
21:03:54.0994 5708 System windows directory: C:\Windows
21:03:54.0994 5708 Processor architecture: Intel x86
21:03:54.0994 5708 Number of processors: 2
21:03:54.0994 5708 Page size: 0x1000
21:03:54.0994 5708 Boot type: Normal boot
21:03:54.0994 5708 ============================================================
21:03:55.0899 5708 Initialize success
21:04:40.0484 4996 ============================================================
21:04:40.0484 4996 Scan started
21:04:40.0484 4996 Mode: Manual; SigCheck; TDLFS;
21:04:40.0484 4996 ============================================================
21:04:42.0340 4996 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:04:42.0496 4996 ACPI - ok
21:04:44.0977 4996 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
21:04:45.0289 4996 adp94xx - ok
21:04:45.0819 4996 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
21:04:45.0866 4996 adpahci - ok
21:04:45.0928 4996 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
21:04:45.0960 4996 adpu160m - ok
21:04:45.0991 4996 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
21:04:46.0038 4996 adpu320 - ok
21:04:46.0162 4996 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:04:46.0240 4996 AFD - ok
21:04:46.0381 4996 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
21:04:46.0412 4996 agp440 - ok
21:04:46.0537 4996 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:04:46.0599 4996 aic78xx - ok
21:04:46.0677 4996 aliide (5c42a992e68724d2cd3ddb4fc3b0409f) C:\Windows\system32\drivers\aliide.sys
21:04:46.0724 4996 aliide - ok
21:04:46.0771 4996 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
21:04:46.0802 4996 amdagp - ok
21:04:46.0849 4996 amdide (849dfacdde533da5d1810f0caf84eb19) C:\Windows\system32\drivers\amdide.sys
21:04:46.0896 4996 amdide - ok
21:04:46.0942 4996 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
21:04:47.0098 4996 AmdK7 - ok
21:04:47.0161 4996 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
21:04:47.0254 4996 AmdK8 - ok
21:04:47.0426 4996 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
21:04:47.0457 4996 arc - ok
21:04:47.0504 4996 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
21:04:47.0535 4996 arcsas - ok
21:04:47.0629 4996 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:04:47.0863 4996 AsyncMac - ok
21:04:47.0988 4996 atapi (9e7e85ec61d1c9c3171cc08427108863) C:\Windows\system32\drivers\atapi.sys
21:04:48.0019 4996 atapi - ok
21:04:48.0159 4996 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
21:04:48.0206 4996 avgio - ok
21:04:50.0250 4996 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
21:04:50.0390 4996 avgntflt - ok
21:04:51.0030 4996 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
21:04:51.0123 4996 avipbb - ok
21:04:51.0607 4996 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:04:51.0856 4996 Beep - ok
21:04:51.0981 4996 blbdrive - ok
21:04:52.0044 4996 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:04:52.0090 4996 bowser - ok
21:04:52.0153 4996 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:04:52.0324 4996 BrFiltLo - ok
21:04:52.0356 4996 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:04:52.0480 4996 BrFiltUp - ok
21:04:52.0574 4996 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:04:52.0683 4996 Brserid - ok
21:04:53.0136 4996 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:04:53.0245 4996 BrSerWdm - ok
21:04:53.0338 4996 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:04:53.0448 4996 BrUsbMdm - ok
21:04:53.0588 4996 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:04:53.0666 4996 BrUsbSer - ok
21:04:53.0838 4996 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:04:53.0931 4996 BTHMODEM - ok
21:04:54.0072 4996 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:04:54.0103 4996 cdfs - ok
21:04:54.0150 4996 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:04:54.0243 4996 cdrom - ok
21:04:55.0928 4996 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
21:04:56.0443 4996 circlass - ok
21:04:57.0160 4996 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:04:57.0270 4996 CLFS - ok
21:04:58.0284 4996 cmdide (de11a06e187756ecb86cfa82dac40ff7) C:\Windows\system32\drivers\cmdide.sys
21:04:58.0346 4996 cmdide - ok
21:04:59.0064 4996 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
21:04:59.0142 4996 Compbatt - ok
21:04:59.0391 4996 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
21:04:59.0407 4996 crcdisk - ok
21:04:59.0438 4996 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
21:04:59.0516 4996 Crusoe - ok
21:04:59.0703 4996 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:04:59.0766 4996 DfsC - ok
21:04:59.0922 4996 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:04:59.0937 4996 disk - ok
21:05:00.0109 4996 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
21:05:01.0029 4996 Dot4 - ok
21:05:03.0182 4996 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:05:03.0447 4996 Dot4Print - ok
21:05:04.0321 4996 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
21:05:04.0477 4996 dot4usb - ok
21:05:04.0648 4996 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:05:04.0711 4996 drmkaud - ok
21:05:04.0789 4996 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
21:05:04.0851 4996 DSproct ( UnsignedFile.Multi.Generic ) - warning
21:05:04.0851 4996 DSproct - detected UnsignedFile.Multi.Generic (1)
21:05:04.0945 4996 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys
21:05:04.0992 4996 dsunidrv - ok
21:05:05.0038 4996 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:05:05.0101 4996 DXGKrnl - ok
21:05:05.0257 4996 e1express (9f3e3f19d28b3b4ff261a1e758f4ad26) C:\Windows\system32\DRIVERS\e1e6032.sys
21:05:05.0319 4996 e1express - ok
21:05:05.0382 4996 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:05:05.0475 4996 E1G60 - ok
21:05:05.0538 4996 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:05:05.0553 4996 Ecache - ok
21:05:05.0600 4996 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
21:05:05.0647 4996 elxstor - ok
21:05:05.0725 4996 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:05:05.0803 4996 exfat - ok
21:05:05.0834 4996 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:05:05.0881 4996 fastfat - ok
21:05:05.0928 4996 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
21:05:06.0021 4996 fdc - ok
21:05:06.0084 4996 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:05:06.0084 4996 FileInfo - ok
21:05:06.0146 4996 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:05:06.0240 4996 Filetrace - ok
21:05:07.0846 4996 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
21:05:08.0751 4996 flpydisk - ok
21:05:09.0718 4996 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:05:09.0781 4996 FltMgr - ok
21:05:09.0890 4996 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:05:09.0937 4996 Fs_Rec - ok
21:05:09.0984 4996 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
21:05:09.0999 4996 gagp30kx - ok
21:05:10.0062 4996 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:05:10.0108 4996 GEARAspiWDM - ok
21:05:10.0436 4996 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:05:10.0530 4996 HDAudBus - ok
21:05:10.0608 4996 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:05:10.0670 4996 HidBth - ok
21:05:10.0717 4996 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:05:10.0810 4996 HidIr - ok
21:05:10.0935 4996 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:05:10.0982 4996 HidUsb - ok
21:05:11.0029 4996 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
21:05:11.0076 4996 HpCISSs - ok
21:05:11.0122 4996 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:05:11.0232 4996 HTTP - ok
21:05:11.0388 4996 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
21:05:11.0419 4996 i2omp - ok
21:05:11.0606 4996 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:05:11.0668 4996 i8042prt - ok
21:05:11.0902 4996 iaStor (e9f704ca833bd24bfaa3b4a59707633a) C:\Windows\system32\drivers\iastor.sys
21:05:11.0949 4996 iaStor - ok
21:05:12.0012 4996 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
21:05:12.0074 4996 iaStorV - ok
21:05:12.0152 4996 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:05:12.0183 4996 iirsp - ok
21:05:15.0210 4996 IntelDH (b7a420e4b137176234272d5ca9d51a49) C:\Windows\system32\Drivers\IntelDH.sys
21:05:15.0584 4996 IntelDH - ok
21:05:16.0114 4996 intelide (1b16626beae3a52e611fc681cd796f86) C:\Windows\system32\drivers\intelide.sys
21:05:16.0161 4996 intelide - ok
21:05:16.0239 4996 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:05:16.0286 4996 intelppm - ok
21:05:16.0364 4996 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:05:16.0411 4996 IpFilterDriver - ok
21:05:16.0442 4996 IpInIp - ok
21:05:16.0489 4996 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
21:05:16.0598 4996 IPMIDRV - ok
21:05:16.0707 4996 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:05:16.0863 4996 IPNAT - ok
21:05:17.0019 4996 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:05:17.0082 4996 IRENUM - ok
21:05:17.0144 4996 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
21:05:17.0175 4996 isapnp - ok
21:05:17.0269 4996 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:05:17.0284 4996 iScsiPrt - ok
21:05:17.0331 4996 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:05:17.0362 4996 iteatapi - ok
21:05:17.0409 4996 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:05:17.0440 4996 iteraid - ok
21:05:17.0518 4996 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:05:17.0550 4996 kbdclass - ok
21:05:17.0596 4996 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
21:05:17.0674 4996 kbdhid - ok
21:05:17.0877 4996 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
21:05:17.0908 4996 KSecDD - ok
21:05:18.0018 4996 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\Windows\system32\DRIVERS\Lbd.sys
21:05:18.0033 4996 Lbd - ok
21:05:20.0202 4996 LEqdUsb (0fe8fefe98626509661b50ea20ecd129) C:\Windows\system32\Drivers\LEqdUsb.Sys
21:05:20.0342 4996 LEqdUsb - ok
21:05:22.0027 4996 LHidEqd (93657522a5dd7da4c81fb347973ae01c) C:\Windows\system32\Drivers\LHidEqd.Sys
21:05:22.0105 4996 LHidEqd - ok
21:05:22.0261 4996 LHidFilt (05d6b85ecc3204931923ab7940b9596e) C:\Windows\system32\DRIVERS\LHidFilt.Sys
21:05:22.0292 4996 LHidFilt - ok
21:05:22.0401 4996 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:05:22.0479 4996 lltdio - ok
21:05:22.0588 4996 LMouFilt (053dbcc1082fdf74ab145a71917a6556) C:\Windows\system32\DRIVERS\LMouFilt.Sys
21:05:22.0635 4996 LMouFilt - ok
21:05:22.0682 4996 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
21:05:22.0698 4996 LSI_FC - ok
21:05:22.0729 4996 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
21:05:22.0760 4996 LSI_SAS - ok
21:05:22.0838 4996 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
21:05:22.0869 4996 LSI_SCSI - ok
21:05:22.0916 4996 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:05:22.0963 4996 luafv - ok
21:05:23.0025 4996 LUsbFilt (95dab70d56bbac7ddb7e6d0017d71369) C:\Windows\system32\Drivers\LUsbFilt.Sys
21:05:23.0041 4996 LUsbFilt - ok
21:05:23.0088 4996 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
21:05:23.0134 4996 megasas - ok
21:05:23.0197 4996 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:05:23.0275 4996 Modem - ok
21:05:23.0353 4996 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:05:23.0400 4996 monitor - ok
21:05:23.0462 4996 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:05:23.0509 4996 mouclass - ok
21:05:23.0571 4996 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:05:23.0649 4996 mouhid - ok
21:05:23.0790 4996 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:05:23.0805 4996 MountMgr - ok
21:05:23.0883 4996 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
21:05:23.0914 4996 mpio - ok
21:05:24.0304 4996 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:05:26.0052 4996 mpsdrv - ok
21:05:27.0409 4996 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:05:27.0440 4996 Mraid35x - ok
21:05:27.0924 4996 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:05:27.0970 4996 MRxDAV - ok
21:05:28.0095 4996 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:05:28.0126 4996 mrxsmb - ok
21:05:28.0236 4996 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:05:28.0282 4996 mrxsmb10 - ok
21:05:28.0345 4996 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:05:28.0360 4996 mrxsmb20 - ok
21:05:28.0392 4996 msahci (0d1c042188ffe61a702a9df5944de5ba) C:\Windows\system32\drivers\msahci.sys
21:05:28.0423 4996 msahci - ok
21:05:28.0470 4996 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
21:05:28.0501 4996 msdsm - ok
21:05:28.0594 4996 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:05:28.0626 4996 Msfs - ok
21:05:28.0688 4996 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:05:28.0688 4996 msisadrv - ok
21:05:28.0797 4996 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:05:28.0891 4996 MSKSSRV - ok
21:05:29.0140 4996 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:05:29.0187 4996 MSPCLOCK - ok
21:05:29.0250 4996 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:05:29.0312 4996 MSPQM - ok
21:05:29.0390 4996 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:05:29.0406 4996 MsRPC - ok
21:05:29.0499 4996 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:05:29.0499 4996 mssmbios - ok
21:05:29.0608 4996 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:05:29.0655 4996 MSTEE - ok
21:05:29.0733 4996 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:05:29.0749 4996 Mup - ok
21:05:32.0806 4996 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:05:33.0040 4996 NativeWifiP - ok
21:05:33.0352 4996 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:05:33.0399 4996 NDIS - ok
21:05:33.0680 4996 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:05:33.0742 4996 NdisTapi - ok
21:05:33.0852 4996 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:05:33.0930 4996 Ndisuio - ok
21:05:34.0008 4996 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:05:34.0086 4996 NdisWan - ok
21:05:34.0132 4996 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:05:34.0210 4996 NDProxy - ok
21:05:34.0351 4996 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:05:34.0413 4996 NetBIOS - ok
21:05:34.0569 4996 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:05:34.0663 4996 netbt - ok
21:05:34.0772 4996 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:05:34.0803 4996 nfrd960 - ok
21:05:34.0897 4996 nmsgopro (acc8d7fc0da793450f5f257d9ce4ff75) C:\Windows\system32\DRIVERS\nmsgopro.sys
21:05:34.0959 4996 nmsgopro - ok
21:05:35.0068 4996 nmsunidr (64fa28c15dd71a80bef3527e1ef07df6) C:\Windows\system32\DRIVERS\nmsunidr.sys
21:05:35.0131 4996 nmsunidr - ok
21:05:35.0224 4996 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:05:35.0256 4996 Npfs - ok
21:05:35.0443 4996 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:05:35.0568 4996 nsiproxy - ok
21:05:38.0360 4996 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:05:38.0968 4996 Ntfs - ok
21:05:39.0078 4996 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:05:39.0187 4996 ntrigdigi - ok
21:05:39.0265 4996 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:05:39.0343 4996 Null - ok
21:05:39.0655 4996 nvlddmkm (55526cd7b311236aab3f73434cbc651e) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:05:40.0279 4996 nvlddmkm - ok
21:05:40.0404 4996 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
21:05:40.0435 4996 nvraid - ok
21:05:40.0482 4996 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
21:05:40.0497 4996 nvstor - ok
21:05:40.0560 4996 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
21:05:40.0606 4996 nv_agp - ok
21:05:40.0653 4996 NwlnkFlt - ok
21:05:40.0684 4996 NwlnkFwd - ok
21:05:40.0731 4996 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
21:05:40.0794 4996 ohci1394 - ok
21:05:40.0934 4996 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:05:41.0059 4996 Parport - ok
21:05:41.0199 4996 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:05:41.0215 4996 partmgr - ok
21:05:41.0293 4996 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:05:41.0355 4996 Parvdm - ok
21:05:41.0433 4996 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:05:41.0449 4996 pci - ok
21:05:43.0368 4996 pciide (54d23dc5b5072311116826fdb7f6e83e) C:\Windows\system32\drivers\pciide.sys
21:05:43.0524 4996 pciide - ok
21:05:44.0288 4996 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:05:44.0522 4996 pcmcia - ok
21:05:45.0505 4996 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:05:45.0692 4996 PEAUTH - ok
21:05:45.0957 4996 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:05:46.0035 4996 PptpMiniport - ok
21:05:46.0176 4996 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
21:05:46.0269 4996 Processor - ok
21:05:46.0394 4996 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:05:46.0425 4996 PSched - ok
21:05:46.0472 4996 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
21:05:46.0472 4996 PxHelp20 - ok
21:05:46.0534 4996 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
21:05:46.0675 4996 ql2300 - ok
21:05:46.0753 4996 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:05:46.0800 4996 ql40xx - ok
21:05:46.0924 4996 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:05:46.0971 4996 QWAVEdrv - ok
21:05:47.0174 4996 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
21:05:49.0904 4996 R300 - ok
21:05:50.0934 4996 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:05:51.0012 4996 RasAcd - ok
21:05:51.0168 4996 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:05:51.0246 4996 Rasl2tp - ok
21:05:51.0402 4996 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:05:51.0433 4996 RasPppoe - ok
21:05:51.0495 4996 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:05:51.0542 4996 RasSstp - ok
21:05:51.0620 4996 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:05:51.0636 4996 rdbss - ok
21:05:51.0698 4996 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:05:51.0776 4996 RDPCDD - ok
21:05:51.0901 4996 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
21:05:51.0994 4996 rdpdr - ok
21:05:52.0088 4996 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:05:52.0166 4996 RDPENCDD - ok
21:05:52.0260 4996 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
21:05:52.0338 4996 RDPWD - ok
21:05:52.0447 4996 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:05:52.0509 4996 rspndr - ok
21:05:52.0556 4996 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:05:52.0572 4996 sbp2port - ok
21:05:52.0603 4996 SDDMI2 - ok
21:05:52.0634 4996 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:05:52.0728 4996 secdrv - ok
21:05:52.0774 4996 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:05:52.0868 4996 Serenum - ok
21:05:52.0993 4996 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:05:53.0118 4996 Serial - ok
21:05:54.0943 4996 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:05:55.0536 4996 sermouse - ok
21:05:55.0723 4996 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
21:05:55.0785 4996 sffdisk - ok
21:05:55.0832 4996 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
21:05:55.0894 4996 sffp_mmc - ok
21:05:55.0926 4996 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
21:05:55.0988 4996 sffp_sd - ok
21:05:56.0035 4996 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:05:56.0097 4996 sfloppy - ok
21:05:56.0206 4996 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
21:05:56.0253 4996 sisagp - ok
21:05:56.0316 4996 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
21:05:56.0347 4996 SiSRaid2 - ok
21:05:56.0425 4996 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
21:05:56.0456 4996 SiSRaid4 - ok
21:05:56.0518 4996 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:05:56.0581 4996 Smb - ok
21:05:56.0659 4996 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:05:56.0659 4996 spldr - ok
21:05:56.0706 4996 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:05:56.0752 4996 srv - ok
21:05:56.0877 4996 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:05:56.0940 4996 srv2 - ok
21:05:57.0033 4996 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:05:57.0064 4996 srvnet - ok
21:05:57.0127 4996 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
21:05:57.0142 4996 ssmdrv - ok
21:05:57.0252 4996 STHDA (167909a1c36aa3e8f2582962f0ccc748) C:\Windows\system32\drivers\stwrt.sys
21:05:57.0345 4996 STHDA - ok
21:05:57.0704 4996 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:05:57.0720 4996 swenum - ok
21:05:57.0985 4996 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:05:58.0016 4996 Symc8xx - ok
21:05:58.0063 4996 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:05:58.0078 4996 Sym_hi - ok
21:05:58.0172 4996 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:05:58.0203 4996 Sym_u3 - ok
21:05:58.0281 4996 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
21:05:58.0359 4996 Tcpip - ok
21:05:58.0437 4996 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
21:05:58.0468 4996 Tcpip6 - ok
21:05:58.0546 4996 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:05:58.0609 4996 tcpipreg - ok
21:05:58.0671 4996 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:05:58.0734 4996 TDPIPE - ok
21:05:58.0780 4996 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:05:59.0248 4996 TDTCP - ok
21:06:00.0699 4996 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:06:00.0902 4996 tdx - ok
21:06:01.0526 4996 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:06:01.0604 4996 TermDD - ok
21:06:02.0134 4996 TrueSight (4bfab463e1d1f20dfa83a04a9698934d) c:\windows\system32\drivers\TrueSight.sys
21:06:02.0150 4996 TrueSight ( UnsignedFile.Multi.Generic ) - warning
21:06:02.0150 4996 TrueSight - detected UnsignedFile.Multi.Generic (1)
21:06:02.0275 4996 TSHWMDTCP (3f6dc449398b21c213dcdd18f460df72) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys
21:06:02.0306 4996 TSHWMDTCP - ok
21:06:02.0431 4996 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:06:02.0509 4996 tssecsrv - ok
21:06:02.0571 4996 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:06:02.0649 4996 tunmp - ok
21:06:02.0727 4996 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:06:02.0790 4996 tunnel - ok
21:06:02.0836 4996 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
21:06:02.0883 4996 uagp35 - ok
21:06:02.0961 4996 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:06:03.0008 4996 udfs - ok
21:06:03.0087 4996 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
21:06:03.0134 4996 uliagpkx - ok
21:06:03.0383 4996 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
21:06:03.0430 4996 uliahci - ok
21:06:03.0493 4996 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:06:03.0508 4996 UlSata - ok
21:06:03.0555 4996 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:06:03.0586 4996 ulsata2 - ok
21:06:03.0711 4996 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:06:03.0789 4996 umbus - ok
21:06:03.0914 4996 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
21:06:03.0992 4996 USBAAPL - ok
21:06:04.0054 4996 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:06:04.0101 4996 usbccgp - ok
21:06:04.0179 4996 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:06:04.0288 4996 usbcir - ok
21:06:04.0491 4996 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:06:04.0553 4996 usbehci - ok
21:06:04.0600 4996 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:06:04.0678 4996 usbhub - ok
21:06:04.0709 4996 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:06:04.0803 4996 usbohci - ok
21:06:04.0865 4996 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:06:04.0912 4996 usbprint - ok
21:06:05.0521 4996 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:06:06.0004 4996 USBSTOR - ok
21:06:07.0190 4996 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:06:07.0455 4996 usbuhci - ok
21:06:07.0954 4996 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
21:06:08.0032 4996 vga - ok
21:06:08.0095 4996 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:06:08.0173 4996 VgaSave - ok
21:06:08.0219 4996 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
21:06:08.0266 4996 viaagp - ok
21:06:08.0329 4996 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
21:06:08.0391 4996 ViaC7 - ok
21:06:08.0422 4996 viaide (c0ace9d0f5a5ee0b00f58345947a57fc) C:\Windows\system32\drivers\viaide.sys
21:06:08.0438 4996 viaide - ok
21:06:08.0516 4996 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:06:08.0531 4996 volmgr - ok
21:06:08.0641 4996 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:06:08.0656 4996 volmgrx - ok
21:06:08.0703 4996 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:06:08.0781 4996 volsnap - ok
21:06:08.0828 4996 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
21:06:08.0875 4996 vsmraid - ok
21:06:08.0937 4996 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:06:08.0999 4996 WacomPen - ok
21:06:09.0124 4996 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:06:09.0187 4996 Wanarp - ok
21:06:09.0202 4996 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:06:09.0218 4996 Wanarpv6 - ok
21:06:09.0327 4996 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
21:06:09.0358 4996 Wd - ok
21:06:09.0452 4996 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:06:09.0514 4996 Wdf01000 - ok
21:06:09.0733 4996 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
21:06:09.0826 4996 WmiAcpi - ok
21:06:09.0982 4996 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
21:06:10.0060 4996 WpdUsb - ok
21:06:10.0154 4996 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:06:10.0232 4996 ws2ifsl - ok
21:06:10.0403 4996 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:06:10.0435 4996 WUDFRd - ok
21:06:10.0497 4996 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0
21:06:10.0497 4996 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
21:06:10.0497 4996 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
21:06:10.0544 4996 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:06:10.0544 4996 \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:06:10.0575 4996 Boot (0x1200) (b5abb88369c72e80aff59d00e95d7df7) \Device\Harddisk0\DR0\Partition0
21:06:10.0575 4996 \Device\Harddisk0\DR0\Partition0 - ok
21:06:10.0622 4996 Boot (0x1200) (fe525c2f9952478ee82818836018715e) \Device\Harddisk0\DR0\Partition1
21:06:10.0684 4996 \Device\Harddisk0\DR0\Partition1 - ok
21:06:10.0684 4996 ============================================================
21:06:10.0684 4996 Scan finished
21:06:10.0684 4996 ============================================================
21:06:10.0700 5248 Detected object count: 4
21:06:10.0700 5248 Actual detected object count: 4
21:07:17.0143 5248 DSproct ( UnsignedFile.Multi.Generic ) - skipped by user
21:07:17.0143 5248 DSproct ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:07:17.0143 5248 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user
21:07:17.0143 5248 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:07:17.0221 5248 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - will be cured on reboot
21:07:17.0221 5248 \Device\Harddisk0\DR0 - ok
21:07:17.0252 5248 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure
21:07:17.0268 5248 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
21:07:17.0268 5248 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
21:07:21.0668 4508 Deinitialize success

************OTL fix***********************

========== OTL ==========
C:\USERS\ZEEV\APPDATA\LOCAL\{8C2374C3-4E21-43CD-A410-4B6BFE56C02C}\chrome\content folder moved successfully.
C:\USERS\ZEEV\APPDATA\LOCAL\{8C2374C3-4E21-43CD-A410-4B6BFE56C02C}\chrome folder moved successfully.
C:\USERS\ZEEV\APPDATA\LOCAL\{8C2374C3-4E21-43CD-A410-4B6BFE56C02C} folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Windows\System32\rp_stats.dat moved successfully.
C:\Windows\System32\rp_rules.dat moved successfully.
C:\ProgramData\6DSS92c31Apgjk moved successfully.
C:\ProgramData\~6DSS92c31Apgjk moved successfully.
C:\ProgramData\~6DSS92c31Apgjkr moved successfully.
C:\ProgramData\nvModes.dat moved successfully.
C:\ProgramData\nvModes.001 moved successfully.
C:\Users\zeev\AppData\Local\Mzocoyem.dat moved successfully.
C:\Users\zeev\AppData\Local\Rtodozaz.bin moved successfully.
C:\Users\zeev\AppData\Local\48531I0 moved successfully.
C:\ProgramData\48531I0 moved successfully.
C:\Users\zeev\AppData\Roaming\jasltw.dat moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\zeev\Desktop\cmd.bat deleted successfully.
C:\Users\zeev\Desktop\cmd.txt deleted successfully.
File\Folder C:\Users\Travis\Application Data\Microsoft\Internet Explorer\Quick Launch\Data Recovery.lnk not found.
File\Folder C:\Users\Travis\Desktop\Data Recovery.lnk not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: IUSR_NMPR

User: Public

User: zeev
->Flash cache emptied: 5379611 bytes

Total Flash Files Cleaned = 5.00 mb

OTL by OldTimer - Version 3.2.29.1 log created on 10102011_211419

*********OTL.Txt***************************
OTL logfile created on: 10/10/2011 9:21:21 PM - Run 3
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\zeev\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 56.66% Memory free
4.23 Gb Paging File | 3.16 Gb Available in Paging File | 74.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.79 Gb Total Space | 148.65 Gb Free Space | 66.72% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.23 Gb Free Space | 62.25% Space Free | Partition Type: NTFS

Computer Name: ZEEV-PC | User Name: zeev | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/02 16:49:59 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\zeev\Desktop\OTL.exe
PRC - [2011/08/06 07:25:14 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/08/06 07:25:14 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/07/09 07:13:42 | 000,397,992 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/06/23 19:44:22 | 001,386,776 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2011/06/17 03:35:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2011/04/21 07:54:05 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/21 07:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/12 10:44:32 | 000,184,968 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\SPAMfighter\sfus.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/01/19 03:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/07/10 03:03:42 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/07/10 03:03:36 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2006/10/29 09:03:30 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
PRC - [2006/09/29 12:38:50 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/16 03:41:38 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll
MOD - [2011/09/16 03:13:21 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
MOD - [2011/09/16 03:13:15 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/23 19:44:34 | 000,877,848 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2007/09/20 19:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2011/08/06 07:25:14 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/08/06 07:25:14 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/17 03:33:46 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/03/12 10:44:32 | 000,184,968 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files\SPAMfighter\sfus.exe -- (SPAMfighter Update Service)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/07/10 03:03:36 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/11/18 07:01:26 | 000,195,032 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®
SRV - [2006/11/18 07:00:48 | 000,550,872 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®
SRV - [2006/11/18 07:00:06 | 000,174,552 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®
SRV - [2006/11/18 06:59:38 | 000,081,880 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®
SRV - [2006/11/18 06:59:02 | 000,032,216 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv™
SRV - [2006/10/29 09:03:30 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/09/29 12:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

========== Driver Services (SafeList) ==========

DRV - [2011/10/10 20:51:03 | 000,111,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/08/06 07:25:15 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/08/06 07:25:14 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/04/30 08:00:20 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011/04/30 08:00:18 | 000,039,064 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/04/30 08:00:06 | 000,042,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2011/04/30 08:00:06 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/04/30 08:00:06 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/24 05:23:16 | 011,614,760 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/06/06 20:10:34 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007/08/29 07:08:16 | 000,005,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH)
DRV - [2007/07/11 06:05:32 | 000,214,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/07/10 03:03:44 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/18 07:01:08 | 000,018,904 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/19 15:49:48 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/09/27 16:37:24 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsgopro.sys -- (nmsgopro)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca...=ca&ibd=3070829

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-978806049-3308876999-957044163-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-978806049-3308876999-957044163-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-978806049-3308876999-957044163-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-978806049-3308876999-957044163-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-978806049-3308876999-957044163-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-978806049-3308876999-957044163-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-978806049-3308876999-957044163-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-978806049-3308876999-957044163-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-978806049-3308876999-957044163-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....r=ytff-yma3&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca"
FF - prefs.js..extensions.enabledItems: {8C2374C3-4E21-43CD-A410-4B6BFE56C02C}:1.9.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: [email protected]:3.12.2.100006
FF - prefs.js..keyword.URL: "http://search.yahoo....r=ytff-yma3&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\zeev\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\zeev\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/28 16:27:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/28 16:27:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8C2374C3-4E21-43CD-A410-4B6BFE56C02C}: C:\Users\zeev\AppData\Local\{8C2374C3-4E21-43CD-A410-4B6BFE56C02C}

[2009/02/28 21:49:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zeev\AppData\Roaming\Mozilla\Extensions
[2011/10/10 08:47:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zeev\AppData\Roaming\Mozilla\Firefox\Profiles\5sdn7712.default\extensions
[2011/10/02 16:04:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\zeev\AppData\Roaming\Mozilla\Firefox\Profiles\5sdn7712.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/02 16:04:39 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus WebGuard") -- C:\Users\zeev\AppData\Roaming\Mozilla\Firefox\Profiles\5sdn7712.default\extensions\[email protected]
[2011/10/07 08:45:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/23 05:11:50 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009/02/28 21:49:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
File not found (No name found) -- C:\USERS\ZEEV\APPDATA\LOCAL\{8C2374C3-4E21-43CD-A410-4B6BFE56C02C}

O1 HOSTS File: ([2011/10/10 21:14:20 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL File not found
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-978806049-3308876999-957044163-1001\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-978806049-3308876999-957044163-1001\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-978806049-3308876999-957044163-1001..\Run: [AROReminder] C:\Program Files\ARO 2011\ARO.exe (Support.com)
O4 - HKU\.DEFAULT..\RunOnce: [AutoLaunch] C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe monthly File not found
O4 - HKU\S-1-5-18..\RunOnce: [AutoLaunch] C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe monthly File not found
O4 - HKU\S-1-5-21-978806049-3308876999-957044163-1001..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)" -"http://www.interacti...checker_l1.htm" File not found
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-978806049-3308876999-957044163-1001\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-978806049-3308876999-957044163-1001\..Trusted Domains: agentware.net ([]https in Trusted sites)
O15 - HKU\S-1-5-21-978806049-3308876999-957044163-1001\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-978806049-3308876999-957044163-1001\..Trusted Domains: sabre.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-978806049-3308876999-957044163-1001\..Trusted Domains: ujafed.org ([webmail] https in Trusted sites)
O15 - HKU\S-1-5-21-978806049-3308876999-957044163-1001\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {B7C49732-4761-4A66-9945-BAF55E98E0E4} https://ve1.verint.c...lient/JDsAx.cab (COCKPIT Client)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD3A2939-7451-40E7-B6D7-CAAD955173CF}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\dellwall1.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\dellwall1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{e1bca88a-992e-11dd-94f6-0019d19185f4}\Shell\AutoRun\command - "" = H:\PMB_P.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-978806049-3308876999-957044163-1001\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/10/10 21:14:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/10 21:03:00 | 001,558,832 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\zeev\Desktop\tdsskiller.exe
[2011/10/10 21:02:02 | 000,000,000 | ---D | C] -- C:\Users\zeev\Desktop\GooredFix Backups
[2011/10/10 21:01:15 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\zeev\Desktop\GooredFix.exe
[2011/10/10 20:51:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiveUpdate Notice
[2011/10/10 18:45:45 | 000,000,000 | ---D | C] -- C:\Users\zeev\Desktop\New rc all terms 5B
[2011/10/10 18:43:44 | 000,000,000 | ---D | C] -- C:\Users\zeev\Desktop\Comments New reports
[2011/10/10 18:42:08 | 000,000,000 | ---D | C] -- C:\Users\zeev\Desktop\Final new reports
[2011/10/10 18:40:01 | 000,000,000 | ---D | C] -- C:\Users\zeev\Desktop\Shabat Forms
[2011/10/10 02:02:38 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/10/09 10:59:42 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\zeev\Desktop\aswMBR.exe
[2011/10/09 10:48:24 | 000,000,000 | ---D | C] -- C:\Users\zeev\Desktop\RK_Quarantine
[2011/10/06 18:54:21 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/10/05 21:23:15 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\zeev\Documents\aswMBR.exe
[2011/10/02 16:49:56 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\zeev\Desktop\OTL.exe

========== Files - Modified Within 30 Days ==========

[2011/10/10 21:17:24 | 000,000,945 | ---- | M] () -- C:\Users\zeev\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/10 21:16:22 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/10 21:16:22 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/10 21:16:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/10 21:14:20 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/10/10 21:13:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-978806049-3308876999-957044163-1001UA.job
[2011/10/10 21:03:08 | 001,558,832 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\zeev\Desktop\tdsskiller.exe
[2011/10/10 21:01:16 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\zeev\Desktop\GooredFix.exe
[2011/10/10 20:51:03 | 000,111,744 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/10/10 20:08:00 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/10/10 19:58:36 | 000,001,808 | ---- | M] () -- C:\Users\zeev\Documents\Default.rdp
[2011/10/10 17:34:15 | 000,002,627 | ---- | M] () -- C:\Users\zeev\Desktop\Microsoft Office Word 2007.lnk
[2011/10/10 17:29:00 | 000,000,328 | ---- | M] () -- C:\Users\zeev\Desktop\Class List - 5B.pdf.url
[2011/10/10 16:13:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-978806049-3308876999-957044163-1001Core.job
[2011/10/10 09:24:14 | 000,000,153 | ---- | M] () -- C:\Users\zeev\Desktop\FWxhNpoE.htm.part.htm
[2011/10/10 09:23:22 | 000,001,446 | ---- | M] () -- C:\Users\zeev\Desktop\logo2.gif
[2011/10/10 02:02:27 | 270,401,483 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/09 20:53:41 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{19A89B08-65C3-4B47-B064-67D7AE5FCC06}.job
[2011/10/09 10:59:58 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\zeev\Desktop\aswMBR.exe
[2011/10/09 10:47:47 | 000,723,968 | ---- | M] () -- C:\Users\zeev\Desktop\RogueKiller.exe
[2011/10/09 10:37:38 | 010,268,672 | ---- | M] () -- C:\Users\zeev\Desktop\Ad-Aware95Install.msi
[2011/10/05 21:23:20 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\zeev\Documents\aswMBR.exe
[2011/10/04 18:15:00 | 000,002,040 | ---- | M] () -- C:\Users\zeev\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/04 18:14:59 | 000,002,078 | ---- | M] () -- C:\Users\zeev\Desktop\Google Chrome.lnk
[2011/10/02 20:44:40 | 000,611,664 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/02 20:44:40 | 000,109,112 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/02 17:44:45 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/10/02 16:49:59 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\zeev\Desktop\OTL.exe
[2011/10/02 15:51:39 | 000,000,680 | ---- | M] () -- C:\Users\zeev\AppData\Local\d3d9caps.dat
[2011/09/27 17:40:48 | 000,000,117 | ---- | M] () -- C:\Users\zeev\Desktop\Welcome to edline.net.URL
[2011/09/21 16:00:51 | 000,000,226 | ---- | M] () -- C:\Users\zeev\Desktop\Staff Bulletin Board.url

========== Files Created - No Company Name ==========

[2011/10/10 21:17:24 | 000,000,945 | ---- | C] () -- C:\Users\zeev\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/10 17:28:49 | 000,000,328 | ---- | C] () -- C:\Users\zeev\Desktop\Class List - 5B.pdf.url
[2011/10/10 09:24:12 | 000,000,153 | ---- | C] () -- C:\Users\zeev\Desktop\FWxhNpoE.htm.part.htm
[2011/10/10 09:23:19 | 000,001,446 | ---- | C] () -- C:\Users\zeev\Desktop\logo2.gif
[2011/10/10 02:02:27 | 270,401,483 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/10/09 10:48:25 | 000,111,744 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/10/09 10:47:44 | 000,723,968 | ---- | C] () -- C:\Users\zeev\Desktop\RogueKiller.exe
[2011/10/09 10:37:30 | 010,268,672 | ---- | C] () -- C:\Users\zeev\Desktop\Ad-Aware95Install.msi
[2011/04/16 10:24:16 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/21 16:39:39 | 000,000,680 | ---- | C] () -- C:\Users\zeev\AppData\Local\d3d9caps.dat
[2009/09/18 06:02:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/18 06:02:35 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/06/05 03:08:43 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/06/05 03:03:51 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/02/28 21:52:32 | 000,008,264 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008/05/02 17:18:29 | 000,000,057 | ---- | C] () -- C:\Windows\SABRE.INI
[2007/10/13 17:09:55 | 000,000,614 | ---- | C] () -- C:\Users\zeev\AppData\Roaming\wklnhst.dat
[2007/09/08 18:09:55 | 000,002,528 | ---- | C] () -- C:\Windows\FCIC.INI
[2007/09/08 17:51:30 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/09/04 23:31:18 | 000,047,104 | ---- | C] () -- C:\Users\zeev\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/10 09:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/07 15:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,436,536 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,611,664 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,109,112 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/06/23 09:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll

========== Files - Unicode (All) ==========
[2011/05/07 12:52:54 | 000,014,958 | -H-- | M] ()(C:\Users\zeev\Desktop\?? ?? ???? ???? ???? ???-2011.docx) -- C:\Users\zeev\Desktop\רק על עצמי לספר סכום שנה-2011.docx
[2011/05/07 12:52:53 | 000,014,958 | -H-- | C] ()(C:\Users\zeev\Desktop\?? ?? ???? ???? ???? ???-2011.docx) -- C:\Users\zeev\Desktop\רק על עצמי לספר סכום שנה-2011.docx
[2010/05/09 10:10:03 | 000,027,430 | -H-- | M] ()(C:\Users\zeev\Desktop\?? ???? ?.docx) -- C:\Users\zeev\Desktop\מי ידאג ל.docx
[2010/05/09 10:10:02 | 000,027,430 | -H-- | C] ()(C:\Users\zeev\Desktop\?? ???? ?.docx) -- C:\Users\zeev\Desktop\מי ידאג ל.docx

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Documents\HP_Vista_Drivers:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Documents\FirstClass:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Documents\Anat Pic:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Desktop\Shabat Forms:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Desktop\RK_Quarantine:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Desktop\REPORT CARDS 2009 2010:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Desktop\REPORT CARDS 2008:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Desktop\REPORT CARDS 2007:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Desktop\OpenOffice.org 3.1 (en-US) Installation Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Desktop\New rc all terms 5B:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Desktop\My eMusic:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Desktop\GROUP EMAILS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Desktop\Final new reports:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Desktop\Comments New reports:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Desktop\CHIDON:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Desktop\BellSettings.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\zeev\Desktop\09-TATE'S WORLD'S.mp3:Roxio EMC Stream

< End of report >

*******Extras.Txt*************

OTL Extras logfile created on: 10/10/2011 9:21:22 PM - Run 3
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\zeev\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 56.66% Memory free
4.23 Gb Paging File | 3.16 Gb Available in Paging File | 74.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.79 Gb Total Space | 148.65 Gb Free Space | 66.72% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.23 Gb Free Space | 62.25% Space Free | Partition Type: NTFS

Computer Name: ZEEV-PC | User Name: zeev | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-978806049-3308876999-957044163-1001\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1DCF9D59-E965-480E-9433-3E655345F0FD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{64C552CB-F786-434F-BE26-1464707EE698}" = lport=1900 | protocol=17 | dir=in | name=intel® viiv™ media server upnp discovery |
"{67D499BA-1596-4AF3-8962-203342121578}" = lport=9442 | protocol=17 | dir=in | name=intel® viiv™ media server discovery |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{24454BB1-4845-4045-ABCC-A2D8CCFAB411}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{28D08AB0-C431-4A0B-8E11-9B88ABD88BDE}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{3ABBF2C9-2A37-4402-A640-7EA7EAFED4F9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{44C38BE3-6D2D-4C36-952E-1302C08EC8CE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6611E9D2-48BF-42CC-8AAE-B641A3175E4C}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{8D6BEF21-632F-4B41-AD55-4205CEC5B9A2}" = protocol=17 | dir=in | app=c:\program files\lavasoft\ad-aware\ad-aware.exe |
"{932677B2-0F55-49E2-8A2E-B80440DE42C8}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{9F030775-973E-4DEB-8588-98EEF00F1A74}" = protocol=6 | dir=in | app=c:\program files\lavasoft\ad-aware\ad-aware.exe |
"{C4A12AC5-D6D0-46B7-B658-9600F1CC4569}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{D877DFDE-9E4A-40D9-AF70-E95C59E22605}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{DAA0DB6E-BA65-48D8-84D0-888EF7CAA3EB}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{DB1764A3-B0FA-49CF-92B2-E3AC652E7D00}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{E9C6C8F7-71D6-434A-9FC7-ACB82FF06D7F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{655F6931-AADA-4B80-8EC0-2B1682C58E63}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{7306C291-F2B2-4B87-A9B4-5D2345B12FF4}C:\users\zeev\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\zeev\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{1C0F7EC4-65D4-4D6A-AF89-E4C390C9ACA2}C:\users\zeev\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\zeev\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{A29775E8-6583-4692-81B6-60775C2C422B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{16C9924C-C42A-4790-BD18-27BDCA4B23C1}" = SPAMfighter
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{2222B364-0854-4265-B32E-A142DB9DC7BB}" = Intel® PRO Network Connections 11.2.1.69
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 17
"{26C610BF-761B-4209-BD6A-A0F1B73D6DDE}" = Intel® Viiv™ Software
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{5B35C417-2649-11D6-83D1-0050FC01225C}" = FirstClass® Client
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A75BC59B-10BF-6B87-DCC7-3501F158ACC6}" = Times Reader
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"ARO 2011_is1" = ARO 2011
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
"Google Desktop" = Google Desktop
"Intel® Configuration Center" = Intel® Viiv™ Software
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSetDX" = Intel® PRO Network Connections 11.2.1.69
"sp6" = Logitech SetPoint 6.30
"SPAMfighter" = SPAMfighter
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"WinRAR archiver" = WinRAR archiver
"Yahoo! Search Defender" = Yahoo! Search Protection
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-978806049-3308876999-957044163-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Sabre VPN" = Sabre VPN

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03/10/2008 10:02:10 PM | Computer Name = zeev-PC | Source = Perflib | ID = 1000
Description =

Error - 09/10/2008 4:57:27 PM | Computer Name = zeev-PC | Source = Application Error | ID = 1000
Description = Faulting application AcroRd32.exe, version 7.0.8.218, time stamp 0x446abf60,
faulting module WININET.dll, version 7.0.6000.16711, time stamp 0x48646467, exception
code 0xc0000005, fault offset 0x000015ac, process id 0x1be4, application start time
0x01c92791d66f0130.

Error - 10/10/2008 10:04:25 PM | Computer Name = zeev-PC | Source = Perflib | ID = 1000
Description =

Error - 13/10/2008 10:02:43 AM | Computer Name = zeev-PC | Source = WerSvc | ID = 5007
Description =

Error - 17/10/2008 10:09:38 PM | Computer Name = zeev-PC | Source = Perflib | ID = 1000
Description =

Error - 21/10/2008 3:33:24 PM | Computer Name = zeev-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16711, time stamp
0x486445ce, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x00000013, process id 0xa8c, application start time
0x01c933b3cd01ce60.

Error - 24/10/2008 9:56:42 PM | Computer Name = zeev-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16711, time stamp
0x486445ce, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc000071c, fault offset 0x0008b5d5, process id 0x1f3c, application
start time 0x01c93644dcf612c0.

Error - 24/10/2008 10:14:44 PM | Computer Name = zeev-PC | Source = Perflib | ID = 1000
Description =

Error - 31/10/2008 10:18:05 PM | Computer Name = zeev-PC | Source = Perflib | ID = 1000
Description =

Error - 05/11/2008 6:41:36 AM | Computer Name = zeev-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16711, time stamp
0x486445ce, faulting module Flash9e.ocx, version 9.0.115.0, time stamp 0x474375f3,
exception code 0xc0000005, fault offset 0x001b48a0, process id 0x1af0, application
start time 0x01c93f318b5a2d20.

[ Media Center Events ]
Error - 28/08/2008 6:49:39 AM | Computer Name = zeev-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 14/02/2009 12:40:48 AM | Computer Name = zeev-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 04/04/2009 9:36:45 PM | Computer Name = zeev-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 26/08/2009 11:31:41 PM | Computer Name = zeev-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 03/07/2009 10:33:13 AM | Computer Name = zeev-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 21/07/2009 9:38:39 AM | Computer Name = zeev-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 02/10/2011 4:09:41 PM | Computer Name = zeev-PC | Source = DCOM | ID = 10010
Description =

Error - 02/10/2011 4:09:51 PM | Computer Name = zeev-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 02/10/2011 4:10:57 PM | Computer Name = zeev-PC | Source = DCOM | ID = 10010
Description =

Error - 02/10/2011 4:13:06 PM | Computer Name = zeev-PC | Source = WinDefend | ID = 2004
Description = %%827 has encountered an error trying to load signatures and will
attempt reverting back to a known-good set of signatures. Signatures Attempted: %%824

Error
Code: 0x8050a001 Error description: The program can't find definition files that
help detect unwanted software. Check for updates to the definition files, and then
try again. For information on installing updates, see Help and Support. Signatures
loading: %%825 Loading signature version: 1.113.359.0 Loading engine version: 1.1.7702.0

Error - 02/10/2011 4:18:58 PM | Computer Name = zeev-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 06/10/2011 6:50:46 PM | Computer Name = zeev-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 10/10/2011 2:02:40 AM | Computer Name = zeev-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:00:32 AM on 10/10/2011 was unexpected.

Error - 10/10/2011 7:30:51 AM | Computer Name = zeev-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 10/10/2011 1:34:03 PM | Computer Name = zeev-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 10/10/2011 9:08:17 PM | Computer Name = zeev-PC | Source = DCOM | ID = 10010
Description =

< End of report >

Do you have your normal wallpaper and icons on your desktop now?

Yes it finally appears normal!

How is your computer running?
So far so good. Will monitor it for a few days and respond back to you.
There has been no background music since I started this last fix

What can I do to protect myself going forward?
I'm I clean now?

#8
CompCav

Posted 10 October 2011 - 07:45 PM

Member 5k

Expert
12,454 posts

Do you have your normal wallpaper and icons on your desktop now?

Yes it finally appears normal!

How is your computer running?
So far so good. Will monitor it for a few days and respond back to you.
There has been no background music since I started this last fix

I am pleased with the progress.

What can I do to protect myself going forward?

I will have several recommendations for you when we finish in my closing recommendations.

I'm I clean now?

You are very close but we have a few steps remaining. I need to review your logs and prepare a post for you to go the next step in cleaning your computer. I will post it tomorrow pending review with my expert advisor.

CompCav

#9
ugrinwa

Posted 10 October 2011 - 07:56 PM

Member

Topic Starter
Member
52 posts

I am so grateful and will certainly be making a donation!!!

#10
CompCav

Posted 11 October 2011 - 02:43 PM

Member 5k

Expert
12,454 posts

Step 1.

I noticed that you have three anti-virus programs running ( McAfee, Norton & Avira Anti-Virus). I strongly recommend that you have only one antivirus product installed and running on your computer at a time. You must uninstall McAfee & Norton. However,
Multiple installed antivirus products can lead to a clash as products fight for access to files which are being opened since they need to be checked for viruses. In general terms, the programs may conflict and cause:
False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
System Performance Problems: Your system may lock up due to multiple products attempting to access the same file at the same time.

I would recommend using the Norton Uninstall Tool to completely remove your Norton Internet Security. The program installs in several places on your computer and to ensure peak performance we recommend it be completely uninstalled.

I would recommend downloading the McAfee removal tool and running it to remove McAfee Security Scan.

Step 2.

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

Step 3.

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:OTL

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[EMPTYFLASH]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.

Step 4.

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 5.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Run ESET Online Scan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

Step 6.

Please post:

aswMBR log
OTL fix log
mbam log
eset log

Please give me an update on how your computer is doing!

#11
ugrinwa

Posted 13 October 2011 - 08:28 PM

Member

Topic Starter
Member
52 posts

Still running scans...
Thanks

#12
CompCav

Posted 13 October 2011 - 09:10 PM

Member 5k

Expert
12,454 posts

Your welcome

#13
ugrinwa

Posted 18 October 2011 - 07:38 AM

Member

Topic Starter
Member
52 posts

Hi CompCav

Thanks for your patience.
Here are the reports:

aswMBR log:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-13 21:15:34
-----------------------------
21:15:34.467 OS Version: Windows 6.0.6002 Service Pack 2
21:15:34.467 Number of processors: 2 586 0xF02
21:15:34.467 ComputerName: ZEEV-PC UserName: zeev
21:15:58.540 Initialize success
21:16:28.795 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:16:28.811 Disk 0 Vendor: ST325082 3.AD Size: 238418MB BusType: 3
21:16:28.826 Disk 0 MBR read successfully
21:16:28.842 Disk 0 MBR scan
21:16:28.842 Disk 0 Windows VISTA default MBR code
21:16:28.858 Disk 0 scanning sectors +488278016
21:16:29.060 Disk 0 scanning C:\Windows\system32\drivers
21:16:42.788 Service scanning
21:16:44.270 Modules scanning
21:17:00.744 Disk 0 trace - called modules:
21:17:00.760 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
21:17:00.760 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85ec34b0]
21:17:00.760 3 CLASSPNP.SYS[881a38b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x84de9030]
21:17:00.760 Scan finished successfully
21:17:09.464 Disk 0 MBR has been saved successfully to "C:\Users\zeev\Desktop\MBR.dat"
21:17:09.464 The log file has been saved successfully to "C:\Users\zeev\Desktop\aswMBR.txt"

OTL Fix:

I had a problem running this. It would start and then the program would become unresponsive.
I tried twice.?

MBAM log:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7941

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

13/10/2011 10:04:46 PM
mbam-log-2011-10-13 (22-04-46).txt

Scan type: Quick scan
Objects scanned: 309113
Time elapsed: 20 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

EsetOnlineScanner:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

eset log:
C:\Users\zeev\AppData\Local\Temp\USPS_Document#15414.zip a variant of Win32/Kryptik.TLU trojan

#14
CompCav

Posted 18 October 2011 - 12:28 PM

Member 5k

Expert
12,454 posts

Step 1.

OTL Fix

We need to run an OTL Fix

Please delete the current copy of OTL on your desktop.
Download a current copy of OTL here to your desktop.
Please open on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:OTL

:Files
C:\Users\zeev\AppData\Local\Temp\USPS_Document#15414.zip
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.

Step 2.

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 3.

Run OTL Scan

Please reopen Posted Image

on your desktop.
Please check Scan All Users
Under Extra Registry select Use SafeList
Please post the OTL.txt in the next reply.

Step 4.

Please post:

Security Check Log
OTL fix log
OTL.txt

Please tell me how your computer is performing and any remaining issues.

#15
Essexboy

Posted 25 October 2011 - 12:25 PM

GeekU Moderator

Retired Staff
69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.