# 0xc0000005 Errors



## DokiDoki (Oct 23, 2010)

Hello.

Ive been struggling mightily with a very stubborn 0xc0000005 error that pops up every time I try to open a program. In fact, on startup I hoave to OK a flood of these errors before I can do anything on the desktop. I can actually open programs if I try enough, though. I typically have to double-click and then OK the error 5-10 times before it finally opens. And then when it does open its very unstable. For example, just going through the motions of making this opening post has taken an entire night.

Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:26:09 PM, on 10/22/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Scotty\My Documents\HijackThis.exe
C:\WINDOWS\system32\wscntfy.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?src=aim&ncid=snsusaimc00000001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\appconf32.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Adobe PDF Reader Link Helper - {F22C37FD-2BCB-40b6-A12E-77DDA1FBDD88} - C:\WINDOWS\system32\AcroIEHelpe.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [naewcmrxos.tmp] "C:\DOCUME~1\Scotty\LOCALS~1\Temp\naewcmrxos.tmp"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM7\aim.exe" /d locale=en-US
O4 - HKUS\S-1-5-21-741860716-177175952-1709535215-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-741860716-177175952-1709535215-1006\..\Run: [AIM] "C:\Program Files\AIM7\aim.exe" /d locale=en-US (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
--
End of file - 8109 bytes

:up:

DDS (Ver_09-09-29.01) - FAT32x86 
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.375 [GMT -4:00]
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Safari\Safari.exe
C:\Documents and Settings\Scotty\My Documents\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:6522
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\appconf32.exe,
uWinlogon: Userinit=c:\windows\system32\vvgeowbv.exe,c:\windows\system32\userinit.exe
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Adobe PDF Reader Link Helper: {f22c37fd-2bcb-40b6-a12e-77dda1fbdd88} - c:\windows\system32\AcroIEHelpe.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AIM] "c:\program files\aim7\aim.exe" /d locale=en-US
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [naewcmrxos.tmp] "c:\docume~1\scotty\locals~1\temp\naewcmrxos.tmp"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: classmates.com\www
Trusted Zone: cybersexent.com\blondesonlyhardcore
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254648470232
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {BD4C7EDB-A392-11D9-8BFB-0040953018D7} - hxxp://www.streamerp2p.com/sfiles/phasex.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
TCP: NameServer = 93.188.164.72,93.188.166.222
TCP: {7EB83D57-CFD1-4BE3-AD55-DA566EB2763E} = 93.188.164.72,93.188.166.222
TCP: {F3D5072B-4BDA-4ECE-8D12-520EC5D05985} = 93.188.164.72,93.188.166.222
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - 
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-7-10 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-7-10 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-7-10 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-18 60936]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S1 dfac;dfac;\??\c:\windows\system32\dfac.sys --> c:\windows\system32\dfac.sys [?]
S3 jfdcd;jfdcd;\??\c:\docume~1\scotty\locals~1\temp\jfdcd.sys --> c:\docume~1\scotty\locals~1\temp\jfdcd.sys [?]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2009-4-9 34064]
S3 pmodem;pmodem;\??\c:\docume~1\scotty\locals~1\temp\pmodem.sys --> c:\docume~1\scotty\locals~1\temp\pmodem.sys [?]
S3 qcrusoe;qcrusoe;\??\c:\docume~1\scotty\locals~1\temp\qcrusoe.sys --> c:\docume~1\scotty\locals~1\temp\qcrusoe.sys [?]
S3 taskmon.sys;taskmon.sys;\??\c:\windows\system32\taskmon.sys --> c:\windows\system32\taskmon.sys [?]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
=============== Created Last 30 ================

==================== Find3M ====================
2010-10-22 21:18 2,048 a--s---- c:\windows\bootstat.dat
2010-10-22 21:18 1,063,714,816 a--sh--- C:\hiberfil.sys
2010-10-22 21:18 1,598,029,824 a--sh--- C:\pagefile.sys
2010-10-22 21:04 12,582,912 a---h--- c:\documents and settings\scotty\NTUSER.DAT
2010-10-13 00:46 212,304 a------- c:\windows\system32\AcroIEHelpe.dll
2010-10-01 03:34 5,120 a------- c:\windows\system32\dx0jryt7.default.dat
2010-09-20 00:33 65,992 a---h--- c:\windows\system32\mlfcache.dat
2010-09-14 05:18 445,132 a------- c:\windows\system32\perfh009.dat
2010-09-14 05:18 73,638 a------- c:\windows\system32\perfc009.dat
2010-09-14 05:15 297,256 a------- c:\windows\system32\FNTCACHE.DAT
2010-09-14 04:59 23,428 a------- c:\windows\system32\emptyregdb.dat
2010-09-13 00:58 155,648 a--shr-- c:\windows\system32\nlhtml7.dll
2010-08-23 05:45 4,650 a------- c:\windows\pchealth\helpctr\packagestore\SkuStore.bin
2007-04-03 16:36 1,863 ac------ c:\program files\INSTALL.LOG
2006-08-18 18:53 262,144 a------- c:\documents and settings\all users\NTUSER.DAT
2003-12-18 11:33 20,102 ac------ c:\program files\Readme.txt
2003-09-03 07:46 10,960 ac------ c:\program files\EULA.txt
============= FINISH: 22:32:22.15 ===============

:up:

GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-10-22 22:47:55
Windows 5.1.2600 Service Pack 2
Running: 733s5ne4.exe; Driver: C:\DOCUME~1\Scotty\LOCALS~1\Temp\pxtdipob.sys

---- System - GMER 1.0.15 ----
SSDT A616354E ZwCreateKey
SSDT A6163544 ZwCreateThread
SSDT A6163553 ZwDeleteKey
SSDT A616355D ZwDeleteValueKey
SSDT A6163562 ZwLoadKey
SSDT A6163530 ZwOpenProcess
SSDT A6163535 ZwOpenThread
SSDT A616356C ZwReplaceKey
SSDT A6163567 ZwRestoreKey
SSDT A6163558 ZwSetValueKey
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 008E000A 
.text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 008F000A 
.text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!KiUserExceptionDispatcher 7C90EAEC 5 Bytes JMP 008D000C 
.text C:\WINDOWS\System32\svchost.exe[1180] USER32.dll!GetCursorPos 77D4C566 5 Bytes JMP 012B000A 
.text C:\WINDOWS\System32\svchost.exe[1180] ole32.dll!CoCreateInstance 77526009 5 Bytes JMP 00AC000A 
.text C:\WINDOWS\Explorer.EXE[1644] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 00C7000A 
.text C:\WINDOWS\Explorer.EXE[1644] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 00C8000A 
.text C:\WINDOWS\Explorer.EXE[1644] ntdll.dll!KiUserExceptionDispatcher  7C90EAEC 5 Bytes JMP 00A1000C 
.text C:\WINDOWS\Explorer.EXE[1644] kernel32.dll!VirtualFreeEx + 44 7C809B76 1 Byte [40]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[2328] kernel32.dll!VirtualFreeEx + 44 7C809B76 1 Byte [40]
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2432] kernel32.dll!VirtualFreeEx + 44 7C809B76 1 Byte [40]
.text C:\WINDOWS\system32\wscntfy.exe[14120] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 1232124E 
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \FileSystem\Fastfat \Fat 87529C8A
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskTOSHIBA_MK1032GSX_______________________AS022D__#5&19c84639&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0xC5 0x45 0x63 0xBD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x6F 0x39 0x9D 0xA6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected]  0x87 0x97 0x0F 0x71 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x4B 0x6A 0x81 0x4A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0xC5 0x45 0x63 0xBD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0x6F 0x39 0x9D 0xA6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x87 0x97 0x0F 0x71 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x4B 0x6A 0x81 0x4A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0xC5 0x45 0x63 0xBD ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0x6F 0x39 0x9D 0xA6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x87 0x97 0x0F 0x71 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x1F 0xAE 0xFB 0x79 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] 0xC5 0x45 0x63 0xBD ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] 0x6F 0x39 0x9D 0xA6 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x87 0x97 0x0F 0x71 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x4B 0x6A 0x81 0x4A ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\[email protected] 1
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\[email protected] 0xC5 0x45 0x63 0xBD ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\[email protected] 0x6F 0x39 0x9D 0xA6 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x87 0x97 0x0F 0x71 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x4B 0x6A 0x81 0x4A ...
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior; 
Disk \Device\Harddisk0\DR0 sector 03: rootkit-like behavior; 
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior; 
Disk \Device\Harddisk0\DR0 sector 11: rootkit-like behavior; 
Disk \Device\Harddisk0\DR0 sector 12: rootkit-like behavior; 
Disk \Device\Harddisk0\DR0 sector 57: rootkit-like behavior; 
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; 
Disk \Device\Harddisk0\DR0 sectors 192426314 (+255): rootkit-like behavior; 
---- EOF - GMER 1.0.15 ----


----------



## oldman960 (Apr 8, 2010)

Hi DokiDoki, welcome to the forum.

To make cleaning this machine easier

Please* do not* uninstall/install any programs unless asked to
It is more difficult when files/programs are appearing in/disappearing from the logs.
Please* do not* run any scans other than those requested
Please follow all instructions in the order posted
All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
Do not attach any logs/reports, etc.. unless specifically requested to do so.
If you have problems with or do not understand the instructions, Please ask *before* continuing.
Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.
Open your Internet Explorer:

At the top click *Tools,* click* Internet Options*
On the* Connections* Tab click *Lan Settings*
*Uncheck* use a proxy server
Open *hijackthis*, do a system scan only and checkmark these lines, if present

*R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522*
*F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\appconf32.exe ,*

Close *ALL* other windows/browsers and click *Fix Checked*. Answer *Yes* if prompted. Close HJT.

*NEXT*

Please download *DeFogger* to your *desktop*.


The application window will appear
Click the *Disable* button to disable your CD Emulation drivers
Click *Yes* to continue
A *'Finished!'* message will appear
Click *OK*
DeFogger will now ask to reboot the machine - click *OK*
*IMPORTANT!* If you receive an error message while running DeFogger, please post the log *defogger_disable* which will appear on your desktop.
*Do not* re-enable these drivers until otherwise instructed.

*Next*

Please download *MBR.exe* and save it to your *desktop*

Double click on the *MBR.exe* file to run it.
A log will be produced, *MBR.log* on your desktop.
Please open this log in Notepad and post its contents in your next reply.

*Next*

Download *OTL* to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click on *Minimal Output* at the top
Download the following file *scan.txt* to your *Desktop*. *Click here to download it*. You may need to right click on it and select *"Save"*
Double click inside the Custom Scan box at the bottom
A window will appear saying *"Click OK to load a custom scan from a file or Cancel to cancel"*
Click the OK button and navigate to the file *scan.txt* which we just saved to your desktop
Select *scan.txt* and click Open. Writing will now appear under the Custom Scan box
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic

Please post back with

MBR.log
both OTL logs
Thanks


----------



## DokiDoki (Oct 23, 2010)

Thanks for the reply.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

OTL logfile created on: 10/23/2010 5:34:05 PM - Run 1
OTL by OldTimer - Version 3.2.17.0 Folder = C:\Documents and Settings\Scotty\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 515.00 Mb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66.68 Gb Total Space | 3.65 Gb Free Space | 5.47% Space Free | Partition Type: NTFS
Drive D: | 21.76 Gb Total Space | 21.69 Gb Free Space | 99.66% Space Free | Partition Type: NTFS

Computer Name: HAL | User Name: Scotty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Scotty\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\AIM7\aim.exe (AOL LLC)
PRC - C:\Program Files\Dell Support Center\gs_agent\dsc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Scotty\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll (Logitech Inc.)
MOD - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll (Adobe Systems, Inc.)
MOD - C:\WINDOWS\AppPatch\AcGenral.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msacm32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (Imapi Helper) -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe (Alex Feinman)
SRV - (WLANKEEPER) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)
SRV - (S24EventMonitor) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

========== Driver Services (SafeList) ==========

DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found
DRV - (TfSysMon) -- C:\WINDOWS\System32\drivers\TfSysMon.sys File not found
DRV - (TfNetMon) -- C:\WINDOWS\System32\drivers\TfNetMon.sys File not found
DRV - (TfFsMon) -- C:\WINDOWS\System32\drivers\TfFsMon.sys File not found
DRV - (taskmon.sys) -- C:\WINDOWS\System32\taskmon.sys File not found
DRV - (qcrusoe) -- C:\DOCUME~1\Scotty\LOCALS~1\Temp\qcrusoe.sys File not found
DRV - (pmodem) -- C:\DOCUME~1\Scotty\LOCALS~1\Temp\pmodem.sys File not found
DRV - (jfdcd) -- C:\DOCUME~1\Scotty\LOCALS~1\Temp\jfdcd.sys File not found
DRV - (dfac) -- C:\WINDOWS\System32\dfac.sys File not found
DRV - (catchme) -- C:\DOCUME~1\Scotty\LOCALS~1\Temp\catchme.sys File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (NPF) WinPcap Packet Driver (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (LVcKap) -- C:\WINDOWS\system32\drivers\Lvckap.sys (Logitech Inc.)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) Logitech QuickCam Pro 9000(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\WINDOWS\system32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (SDDMI2) -- C:\WINDOWS\system32\DDMI2.sys (Gteko Ltd.)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
DRV - (SbcpHid) -- C:\WINDOWS\system32\drivers\SbcpHid.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?src=aim&ncid=snsusaimc00000001
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 1039
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\extensions\\{ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}: C:\WINDOWS\system32\5006 [2010/10/13 00:47:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/20 00:23:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/18 00:21:28 | 000,000,000 | ---D | M]

[2010/05/09 02:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scotty\Application Data\Mozilla\Extensions
[2010/09/20 00:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scotty\Application Data\Mozilla\Firefox\Profiles\dx0jryt7.default\extensions
[2010/05/09 02:08:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Scotty\Application Data\Mozilla\Firefox\Profiles\dx0jryt7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/20 00:18:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Scotty\Application Data\Mozilla\Firefox\Profiles\dx0jryt7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/05/09 02:08:23 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Scotty\Application Data\Mozilla\Firefox\Profiles\dx0jryt7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/05/09 02:05:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2007/11/22 01:18:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {F22C37FD-2BCB-40b6-A12E-77DDA1FBDD88} - C:\WINDOWS\system32\AcroIEHelpe021.dll (Adobe Systems, Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [naewcmrxos.tmp] C:\Documents and Settings\Scotty\Local Settings\Temp\naewcmrxos.tmp ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [AIM] C:\Program Files\AIM7\aim.exe (AOL LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: classmates.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: cybersexent.com ([blondesonlyhardcore] https in Trusted sites)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab (CKAVWebScan Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1254648470232 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan/as5free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {BD4C7EDB-A392-11D9-8BFB-0040953018D7} http://www.streamerp2p.com/sfiles/phasex.cab (PhaseCaster Widget)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valueactive.eu/flashax/iefax.cab (Flash Casino Helper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.72,93.188.166.222
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: UserInit - (C:\WINDOWS\system32\vvgeowbv.exe) - C:\WINDOWS\System32\vvgeowbv.exe File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Scotty\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Scotty\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - ff_vfw.dll File not found
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

MsConfig - StartUpReg: *Aim* - hkey= - key= - C:\Program Files\AIM7\aim.exe (AOL LLC)
MsConfig - StartUpReg: *AppleSyncNotifier* - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: *ctfmon.exe* - hkey= - key= - File not found
MsConfig - StartUpReg: *IMEKRMIG6.1* - hkey= - key= - C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
MsConfig - StartUpReg: *MSMSGS* - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: *QuickTime Task* - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: *SunJavaUpdateSched* - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: *TkBellExe* - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: *updateMgr* - hkey= - key= - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: AVG Anti-Spyware Driver - Driver
SafeBootMin: AVG Anti-Spyware Guard - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: AVG Anti-Spyware Driver - Driver
SafeBootNet: AVG Anti-Spyware Guard - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (81641353997451264)

========== Files/Folders - Created Within 30 Days ==========

[2010/10/23 17:19:38 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Scotty\Desktop\OTL.exe
[2010/10/23 17:09:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scotty\My Documents\backups
[2010/10/23 17:05:41 | 000,212,304 | ---- | C] (Adobe Systems, Incorporated) -- C:\WINDOWS\System32\AcroIEHelpe021.dll
[2010/10/22 22:00:52 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2010/10/22 21:50:43 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Scotty\My Documents\HijackThis.exe
[2010/10/13 00:47:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5006
[2010/10/13 00:46:55 | 000,212,304 | ---- | C] (Adobe Systems, Incorporated) -- C:\WINDOWS\System32\AcroIEHelpe.dll
[2010/10/01 03:42:06 | 000,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner
[2010/09/30 22:09:51 | 000,000,000 | ---D | C] -- C:\xmldm
[2010/09/30 22:09:51 | 000,000,000 | ---D | C] -- C:\****
[2010/09/30 21:17:09 | 004,283,672 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Scotty\My Documents\avg_free_stb_all_2011_1120_cnet.exe
[2010/09/30 18:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/09/30 18:52:40 | 004,283,672 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Scotty\My Documents\avg_isct_stb_all_2011_1120_free.exe
[2010/09/30 17:40:37 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Scotty\My Documents\ATF-Cleaner.exe
[2010/09/26 14:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xmldm
[2010/09/26 14:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\****
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Scotty\My Documents\*.tmp files -> C:\Documents and Settings\Scotty\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/23 17:31:00 | 000,000,248 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/10/23 17:30:55 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/10/23 17:23:00 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/10/23 17:17:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/23 17:16:29 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/10/23 17:16:07 | 000,000,308 | -HS- | M] () -- C:\WINDOWS\tasks\Hossoxy.job
[2010/10/23 17:16:02 | 000,000,340 | -HS- | M] () -- C:\WINDOWS\tasks\isjkpyas.job
[2010/10/23 17:15:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/23 17:15:50 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/23 17:13:10 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Scotty\defogger_reenable
[2010/10/23 17:05:41 | 000,212,304 | ---- | M] (Adobe Systems, Incorporated) -- C:\WINDOWS\System32\AcroIEHelpe021.dll
[2010/10/23 17:05:38 | 000,047,616 | ---- | M] () -- C:\WINDOWS\System32\lodupgd.jpg
[2010/10/23 10:39:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scotty\Desktop\OTL.exe
[2010/10/22 22:37:42 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\Scotty\My Documents\733s5ne4.exe
[2010/10/22 21:51:07 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\Scotty\Desktop\Shortcut to HijackThis.lnk
[2010/10/16 04:11:02 | 1063,743,488 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/10/13 00:46:55 | 000,212,304 | ---- | M] (Adobe Systems, Incorporated) -- C:\WINDOWS\System32\AcroIEHelpe.dll
[2010/10/06 23:53:32 | 000,020,875 | ---- | M] () -- C:\Documents and Settings\Scotty\My Documents\[KH]_Cantaloupe_Collector_1-2.torrent
[2010/10/04 17:06:21 | 000,000,212 | RHS- | M] () -- C:\boot.ini
[2010/10/02 01:20:51 | 000,152,064 | ---- | M] () -- C:\Documents and Settings\Scotty\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/02 01:17:34 | 000,013,775 | ---- | M] () -- C:\Documents and Settings\Scotty\My Documents\17.html
[2010/10/01 18:30:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (SCOTT-Scotty).job
[2010/10/01 17:41:23 | 004,661,194 | ---- | M] () -- C:\Documents and Settings\Scotty\My Documents\Ghost in the Shell_ Innocence - Original Theme remastered - synced Music video.mp3
[2010/10/01 03:42:09 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\Scotty\Desktop\Eusing Free Registry Cleaner.lnk
[2010/10/01 03:34:19 | 000,005,120 | ---- | M] () -- C:\WINDOWS\System32\dx0jryt7.default.dat
[2010/09/27 23:08:46 | 000,094,720 | ---- | M] () -- C:\Documents and Settings\Scotty\My Documents\5x5 intermediate.xls
[2010/09/27 17:18:33 | 004,283,672 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Scotty\My Documents\avg_free_stb_all_2011_1120_cnet.exe
[2010/09/27 00:24:01 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/25 06:38:30 | 004,283,672 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Scotty\My Documents\avg_isct_stb_all_2011_1120_free.exe
[2010/09/25 05:57:12 | 003,335,377 | ---- | M] () -- C:\Documents and Settings\Scotty\My Documents\the pillows - happy bivouac.mp3
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Scotty\My Documents\*.tmp files -> C:\Documents and Settings\Scotty\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/23 17:18:23 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Scotty\Desktop\mbr.exe
[2010/10/23 17:12:43 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Scotty\defogger_reenable
[2010/10/23 17:11:44 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Scotty\Desktop\Defogger.exe
[2010/10/22 22:37:39 | 000,294,912 | ---- | C] () -- C:\Documents and Settings\Scotty\My Documents\733s5ne4.exe
[2010/10/22 21:53:12 | 000,361,369 | ---- | C] () -- C:\Documents and Settings\Scotty\My Documents\dds.com
[2010/10/22 21:51:07 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\Scotty\Desktop\Shortcut to HijackThis.lnk
[2010/10/06 23:53:32 | 000,020,875 | ---- | C] () -- C:\Documents and Settings\Scotty\My Documents\[KH]_Cantaloupe_Collector_1-2.torrent
[2010/10/02 01:17:34 | 000,013,775 | ---- | C] () -- C:\Documents and Settings\Scotty\My Documents\17.html
[2010/10/01 23:57:41 | 000,041,770 | ---- | C] () -- C:\Documents and Settings\Scotty\My Documents\EF2103ED04B9171768EFDE40F2E29A5E2B976550.torrent
[2010/10/01 21:31:09 | 000,066,372 | ---- | C] () -- C:\Documents and Settings\Scotty\My Documents\Variable_Geo_Neo_the_animation,_complete.torrent
[2010/10/01 17:28:28 | 004,661,194 | ---- | C] () -- C:\Documents and Settings\Scotty\My Documents\Ghost in the Shell_ Innocence - Original Theme remastered - synced Music video.mp3
[2010/10/01 03:42:09 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\Scotty\Desktop\Eusing Free Registry Cleaner.lnk
[2010/10/01 03:41:51 | 000,963,827 | ---- | C] () -- C:\Documents and Settings\Scotty\My Documents\EFRCSetup.exe
[2010/09/30 21:31:49 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\lodupgd.jpg
[2010/09/27 02:50:47 | 1063,714,816 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/27 00:24:01 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/26 14:31:51 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\dx0jryt7.default.dat
[2010/09/26 00:59:39 | 000,028,840 | ---- | C] () -- C:\Documents and Settings\Scotty\My Documents\M_(Fritz_Lang__1931)_eng_sub_[CiN].3279875.TPB.torrent
[2010/09/25 05:57:01 | 003,335,377 | ---- | C] () -- C:\Documents and Settings\Scotty\My Documents\the pillows - happy bivouac.mp3
[2010/09/13 00:58:32 | 000,155,648 | RHS- | C] () -- C:\WINDOWS\System32\nlhtml7.dll
[2010/08/21 04:12:32 | 000,785,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\izhij.sys
[2010/02/09 22:35:59 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\WMIMPLEX.dll
[2010/02/09 22:35:59 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\maplec.dll
[2010/02/09 22:35:59 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\maplecompat.dll
[2009/04/18 18:55:44 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Scotty\Application Data\PFP120JPR.{PB
[2009/04/18 18:55:44 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Scotty\Application Data\PFP120JCM.{PB
[2009/04/09 22:56:40 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/04/08 00:35:41 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Scotty\Local Settings\Application Data\PUTTY.RND
[2008/12/26 02:59:21 | 000,059,500 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/12/19 06:00:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/12/15 19:41:26 | 000,006,936 | ---- | C] () -- C:\Documents and Settings\Scotty\Application Data\PrimoPDFSet.xml
[2008/11/21 02:20:53 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/06/17 02:55:48 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Scotty\Application Data\WavCodec.wff
[2007/11/23 17:17:31 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2007/11/22 00:10:56 | 000,000,332 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/11/14 03:41:18 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2007/10/25 11:26:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/10/15 20:19:56 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2007/10/15 02:53:24 | 000,000,048 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/10/15 02:25:40 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2007/10/11 19:59:24 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/09/28 12:05:08 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/06/24 03:21:39 | 001,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
[2007/03/30 22:21:44 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/03/30 18:30:31 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2007/03/29 00:17:10 | 000,020,102 | ---- | C] () -- C:\Program Files\Readme.txt
[2007/03/29 00:17:10 | 000,010,960 | ---- | C] () -- C:\Program Files\EULA.txt
[2007/03/29 00:17:10 | 000,001,863 | ---- | C] () -- C:\Program Files\INSTALL.LOG
[2007/03/27 03:55:48 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/12/22 01:22:00 | 000,001,390 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/08 17:22:50 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Worldbuilder.INI
[2006/11/21 14:27:23 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/11/07 13:31:11 | 000,000,075 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/09/02 10:30:53 | 000,007,760 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2006/08/26 17:13:23 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2006/08/26 17:06:28 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/08/26 16:54:49 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/08/19 00:50:17 | 000,152,064 | ---- | C] () -- C:\Documents and Settings\Scotty\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/19 00:06:51 | 000,003,662 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/08/19 00:06:51 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\2B794A0AE8.sys
[2006/08/18 22:44:20 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/08/18 19:35:45 | 000,000,271 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/18 19:35:45 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2006/07/08 14:29:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/08 14:15:50 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/07/08 14:12:42 | 000,000,457 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/07/08 14:04:18 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/07/08 13:38:01 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/07/08 13:36:44 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 11:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/04 06:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 06:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002/10/25 17:29:34 | 000,038,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1996/11/21 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996/11/21 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2004/08/10 14:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/10/04 17:06:21 | 000,000,212 | RHS- | M] () -- C:\boot.ini
[2007/11/24 00:16:54 | 000,021,998 | ---- | M] () -- C:\ComboFix.txt
[2007/11/22 01:21:31 | 000,012,436 | ---- | M] () -- C:\ComboFix2.txt
[2007/11/22 00:10:11 | 000,016,974 | ---- | M] () -- C:\ComboFix3.txt
[2004/08/10 14:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/05/02 01:53:01 | 000,000,081 | ---- | M] () -- C:\CTX.DAT
[2006/07/08 13:44:58 | 000,006,130 | RH-- | M] () -- C:\dell.sdr
[2007/11/25 13:10:45 | 000,004,717 | -HS- | M] () -- C:\ffastun.ffa
[2007/11/25 13:10:45 | 000,630,784 | -HS- | M] () -- C:\ffastun.ffl
[2007/11/25 13:10:45 | 000,176,128 | -H-- | M] () -- C:\ffastun.ffo
[2007/11/25 13:10:45 | 003,637,248 | -HS- | M] () -- C:\ffastun0.ffx
[2010/10/23 17:15:50 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/14 04:46:14 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/10 14:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2009/11/27 05:40:22 | 000,001,190 | -H-- | M] () -- C:\IPH.PH
[2004/08/10 14:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/04/06 13:03:45 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/10/23 17:15:48 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2007/11/20 17:45:00 | 000,001,821 | ---- | M] () -- C:\rapport.txt
[2010/09/27 02:48:46 | 000,000,371 | ---- | M] () -- C:\rkill.log
[2006/07/08 14:12:39 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini
[2007/11/20 17:18:58 | 000,001,188 | ---- | M] () -- C:\VundoFix.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/09/14 05:01:33 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/02/09 15:43:24 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >
[2010/10/23 17:05:38 | 000,047,616 | ---- | M] () -- C:\WINDOWS\system32\lodupgd.jpg
[9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2003/09/03 07:46:54 | 000,010,960 | ---- | M] () -- C:\Program Files\EULA.txt
[2007/04/03 16:36:20 | 000,001,863 | ---- | M] () -- C:\Program Files\INSTALL.LOG
[2003/12/18 11:33:46 | 000,020,102 | ---- | M] () -- C:\Program Files\Readme.txt

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/09/14 00:39:55 | 002,097,152 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/09/13 16:38:00 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2010/09/14 00:39:55 | 037,224,448 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/09/14 00:39:55 | 006,029,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2005/06/09 12:33:42 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\3 Months Free NetZero.exe
[2010/09/14 05:02:18 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >
[2008/02/28 14:01:24 | 000,774,144 | ---- | M] () -- C:\WINDOWS\system32\NEROINSTAEC43759.DB
[9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006/08/18 18:54:11 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Scotty\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/08/10 14:08:38 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Scotty\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/02/23 11:26:25 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Scotty\Desktop\Defogger.exe
[2010/06/17 00:10:52 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Scotty\Desktop\mbam-setup.exe
[2009/10/21 02:27:21 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Scotty\Desktop\mbr.exe
[2010/10/23 10:39:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scotty\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >
[2003/06/13 17:23:00 | 000,004,304 | ---- | M] () -- C:\WINDOWS\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2010/10/22 22:37:42 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\Scotty\My Documents\733s5ne4.exe
[2008/01/31 13:59:45 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Scotty\My Documents\ATF-Cleaner.exe
[2010/09/27 17:18:33 | 004,283,672 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Scotty\My Documents\avg_free_stb_all_2011_1120_cnet.exe
[2010/09/25 06:38:30 | 004,283,672 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Scotty\My Documents\avg_isct_stb_all_2011_1120_free.exe
[2007/11/15 20:22:00 | 000,686,630 | ---- | M] () -- C:\Documents and Settings\Scotty\My Documents\dss.exe
[2010/05/26 08:00:02 | 000,963,827 | ---- | M] () -- C:\Documents and Settings\Scotty\My Documents\EFRCSetup.exe
[2010/05/14 16:08:07 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Scotty\My Documents\HijackThis.exe
[2007/11/15 20:13:41 | 000,315,590 | ---- | M] () -- C:\Documents and Settings\Scotty\My Documents\ie-spyad_zo.exe
[2007/11/15 20:13:01 | 002,566,736 | ---- | M] (Javacool Software LLC ) -- C:\Documents and Settings\Scotty\My Documents\spywareblastersetup351.exe
[1 C:\Documents and Settings\Scotty\My Documents\*.tmp files -> C:\Documents and Settings\Scotty\My Documents\*.tmp -> ]

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/04 06:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2006/08/18 18:54:10 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Scotty\Favorites\Desktop.ini
[2006/08/24 01:37:40 | 000,000,406 | ---- | M] () -- C:\Documents and Settings\Scotty\Favorites\My Documents.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/08/12 23:43:02 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Scotty\Cookies\desktop.ini
[2010/10/23 17:30:55 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Scotty\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >
[2003/06/13 17:23:06 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\AppLoc.exe

< %SYSTEMROOT%\inf\*.exe >
[2005/01/28 14:44:28 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
[2 C:\WINDOWS\inf\*.tmp files -> C:\WINDOWS\inf\*.tmp -> ]

< %SYSTEMROOT%\Installer\*.exe >
[2005/12/27 23:21:06 | 000,552,960 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Installer\iProInst.exe
[6 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.exe >
[2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< %USERPROFILE%\Templates\*.tmp >

< %SYSTEMDRIVE%\explorexxx.exe\*.* >

< %Windir%\Installer\*.tmp >
[6 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

< %systemroot%\System32\*.xco >

< %ProgramFiles%\system32\*.* >

< %systemroot%\System32\windos\*.* >

< %SystemRoot%\system32\sandbox\*.* >

< %SystemRoot%\system32\*.amo >

< %SystemRoot%\system32\Windows Live\*.* >

< %ProgramFiles%\logs\*.* >

< %ProgramFiles%\Bifrost\*.* >

< %SystemRoot%\system32\*.goo >

< %systemroot%\system32\IME\*.* >

< %systemroot%\BackUp\*.* >

< %systemroot%\system32\*.ico >
[2007/11/15 19:26:06 | 000,001,406 | ---- | M] () -- C:\WINDOWS\system32\Help.ico
[2007/11/06 01:39:05 | 000,013,942 | ---- | M] () -- C:\WINDOWS\system32\iphone-011.ico
[2007/11/06 01:40:32 | 000,013,942 | ---- | M] () -- C:\WINDOWS\system32\iphone-012.ico
[2004/08/10 11:11:00 | 000,022,486 | ---- | M] () -- C:\WINDOWS\system32\lrnxp.ico
[2007/11/15 19:26:06 | 000,030,590 | ---- | M] () -- C:\WINDOWS\system32\pavas.ico
[2007/11/15 19:26:07 | 000,002,550 | ---- | M] () -- C:\WINDOWS\system32\Uninstall.ico
[9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system\*.dat >

< %systemroot%\system\*.exe >

< %AppData%\Macromedia\Common\*.* >

< %SYSTEMDRIVE%\dir\*.* /s >

< %systemroot%\system32\ras\*.exe >

< %SYSTEMDRIVE%\MFILES\*.* >

< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >

< %systemroot%\system32\services\*.* >

< %systemroot%\Spooler\*.* >

< %ProgramFiles%\system32\*.* >

< %systemroot%\system32\Setup\*.dll /x >

< %systemroot%\system32\*.mine >

< %SYSTEMDRIVE%\cleansweep.exe\*.* >

< %systemroot%\system32\ras\*.dll >

< %systemroot%\system32\ras\*.drv >

< %systemroot%\*.iq >

< %systemroot%\system32\XP\*.* >

< %SYSTEMDRIVE%\Extracted\*.* >

< %systemroot%\system32\windows\*.* >

< %systemroot%\logs\*.* >

< %SYSTEMDRIVE%\Win.Msi\*.* >

< %systemroot%\regedit\*.* >

< %systemroot%\system32\skype\*.* >

< %AppData%\Adobe\dlluplwin25\*.* >

< %UserProfile%\*.dat >
[2010/10/23 17:14:51 | 012,582,912 | -H-- | M] () -- C:\Documents and Settings\Scotty\NTUSER.DAT

< %UserProfile%\*.dll >

< %systemroot%\system32\*.sxo >

< %SYSTEMDRIVE%\Gazma\*.* /s >

< %systemroot%\system32\spynet\*.* >

< %systemroot%\system32\System\*.* >

< %appdata%\Microsoft\Windows\*.* >

< %systemroot%\system32\WinDir\*.* >

< %systemroot%\_\*.* >

< %systemroot%\system32\windows32\*.* >

< %ProgramFiles%\win\*.* >

< %AppData%\Microsoft\CD Burning\*.* >

< %systemroot%\*.cab >

< %systemroot%\K.Backup\*.* >

< %ProgramFiles%\Massenger\*.* >

< %systemroot%\System32\*.doc >

< %systemroot%\Office12\*.* >

< %systemroot%\System32\Rundl32.exe\*.* >

< %ProgramFiles%\yahoo.net\*.* >

< %systemroot%\system32\*.igo >

< %systemroot%\*.rew >

< %systemroot%\System32\spool\DRIVERS\W32X86\3\*.exe >
[2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE

< %USERPROFILE%\.COMMgr\*.* >

< %USERPROFILE%\Desktop\*.bat >

< %PROGRAMFILES%\Common Files\Real\visualizations\*.* >

< %PROGRAMFILES%\Internet Explorer\*.Jmp >

< %PROGRAMFILES%\Windows NT\system\*.dll >

< %systemroot%\system32\*.ext >

< %systemroot%\system32\Com\*.cfg >

< %systemroot%\system32\btz\*.* >

< %systemroot%\system32\EMP\*.* >

< %systemroot%\system32\expo\*.* >

< %systemroot%\system32\inet2\*.* >

< %systemroot%\system32\xrem\*.* >

< %ProgramFiles%\Microsoft\*.* >

< %systemroot%\usgwmt\*.* >

< %ProgramFiles%\B\*.* >

< %SYSTEMDRIVE%\lspp\*.* >

< %systemroot%\Kral\*.* >

< %SYSTEMDRIVE%\windowsdvd.exe\*.* >

< %systemroot%\system32\*.ipo >

< %SYSTEMDRIVE%\usxxxxxxxx.exe\*.* >

< %systemroot%\system32\*.mof >

< %systemroot%\*.atm >

< %systemroot%\system32\svhost\*.* >

< %ProgramFiles%\system32\*.* >

< %ProgramFiles%\Docmentt\*.* >

< %systemroot%\Help\*.vbs >

< %ProgramFiles%\Windows WinSxs\*.* /s >

< %ProgramFiles%\Outlook Express\IDT\*.* /s >

< %ProgramFiles%\Microsoft Office\365\*.* /s >

< %ProgramFiles%\Windows Live\*.* >

< %systemroot%\system32\win32\*.* >

< %SYSTEMDRIVE%\RECYCLER\*.* >

< %systemroot%\Fresh1\*.* >

< %ProgramFiles%\Kekj\*.* /s >

< %systemroot%\GDU\*.* >

< %systemroot%\KA\*.* >

< %systemroot%\R\*.* >

< %systemroot%\system32\*.fyo >

< %USERPROFILE%\System\*.* >

< %systemroot%\Source\*.* >

< %systemroot%\system32\ac\*.* >

< %ProgramFiles%\MSDN\*.* >

< %AppData%\AdobeUM\winvcldll54\*.* /s >

< %ProgramFiles%\Internet Explorer\*.ico >

< %systemroot%\system32\*.ojo >

< %systemroot%\system32\d323s\*.* >

< %systemroot%\system32\re\*.* >

< %UserProfile%\Microsoft\*.dll >

< %UserProfile%\Microsoft\*.log >

< %systemroot%\Bios\*.* >

< %ProgramFiles%\Spool\*.* >

< %ProgramFiles%\promp3\*.* >

< %SYSTEMDRIVE%\Driver\*.* /s >

< %SYSTEMDRIVE%\inetserver.exe\*.* >

< %systemroot%\java\trustlib\*.* >

< %ProgramFiles%\Common Files\designer\*.exe >

< %ProgramFiles%\*. >
[2007/09/01 16:29:34 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2008/01/31 19:04:27 | 000,000,000 | ---D | M] -- C:\Program Files\a-squared Free
[2008/07/02 00:22:40 | 000,000,000 | ---D | M] -- C:\Program Files\Absolute Poker
[2007/11/05 23:25:43 | 000,000,000 | ---D | M] -- C:\Program Files\Absolute Poker Basic
[2007/08/26 03:46:49 | 000,000,000 | ---D | M] -- C:\Program Files\ACD Systems
[2007/10/15 02:25:34 | 000,000,000 | ---D | M] -- C:\Program Files\activePDF
[2007/12/02 22:44:55 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/03/15 00:33:59 | 000,000,000 | ---D | M] -- C:\Program Files\AIM
[2009/11/27 05:40:16 | 000,000,000 | ---D | M] -- C:\Program Files\AIM7
[2008/11/11 01:35:37 | 000,000,000 | ---D | M] -- C:\Program Files\Alcohol Soft
[2008/11/12 21:36:32 | 000,000,000 | ---D | M] -- C:\Program Files\Alex Feinman
[2007/12/06 03:55:25 | 000,000,000 | ---D | M] -- C:\Program Files\Altova
[2010/05/30 04:59:00 | 000,000,000 | ---D | M] -- C:\Program Files\AmazingMIDI
[2008/08/24 03:46:06 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2008/11/24 18:25:59 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2009/04/23 16:12:48 | 000,000,000 | ---D | M] -- C:\Program Files\Auslogics
[2010/07/10 02:21:21 | 000,000,000 | ---D | M] -- C:\Program Files\Avira
[2008/02/05 02:55:56 | 000,000,000 | ---D | M] -- C:\Program Files\Axon Data
[2006/07/08 14:22:44 | 000,000,000 | ---D | M] -- C:\Program Files\BAE
[2007/03/30 22:32:01 | 000,000,000 | ---D | M] -- C:\Program Files\Big Bang Project
[2009/10/03 20:27:58 | 000,000,000 | ---D | M] -- C:\Program Files\BitPim
[2007/11/05 23:26:43 | 000,000,000 | ---D | M] -- C:\Program Files\BitTorrent
[2008/12/19 19:57:52 | 000,000,000 | ---D | M] -- C:\Program Files\BitZipper
[2008/05/31 17:28:18 | 000,000,000 | ---D | M] -- C:\Program Files\blueMSX
[2009/03/28 17:37:08 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2006/07/08 14:04:49 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2008/10/14 22:31:44 | 000,000,000 | ---D | M] -- C:\Program Files\CDBurnerXP
[2008/07/20 08:51:49 | 000,000,000 | ---D | M] -- C:\Program Files\CDisplay
[2009/11/27 05:40:26 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2004/08/10 14:02:08 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2006/07/08 14:02:38 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2006/07/08 14:18:44 | 000,000,000 | ---D | M] -- C:\Program Files\Corel
[2006/07/08 14:19:14 | 000,000,000 | ---D | M] -- C:\Program Files\Corel Corporation
[2006/07/08 14:06:13 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2007/11/23 17:38:31 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools
[2010/04/30 15:46:45 | 000,000,000 | ---D | M] -- C:\Program Files\DC++
[2007/09/01 08:03:32 | 000,000,000 | ---D | M] -- C:\Program Files\Defcon
[2006/07/08 14:26:39 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2008/01/28 14:03:46 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2007/11/23 17:38:55 | 000,000,000 | ---D | M] -- C:\Program Files\DellSupport
[2007/11/23 17:39:00 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Line Detect
[2007/11/23 17:39:00 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2009/11/20 23:58:51 | 000,000,000 | ---D | M] -- C:\Program Files\ds9
[2009/09/19 00:38:37 | 000,000,000 | ---D | M] -- C:\Program Files\E.M. Youtube Video Download Tool
[2007/09/01 08:04:44 | 000,000,000 | ---D | M] -- C:\Program Files\EA GAMES
[2007/11/23 17:39:11 | 000,000,000 | ---D | M] -- C:\Program Files\EarthLink Setup
[2009/01/04 15:56:39 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2008/05/02 04:47:31 | 000,000,000 | ---D | M] -- C:\Program Files\Emergent Music LLC
[2008/01/31 05:30:32 | 000,000,000 | ---D | M] -- C:\Program Files\eMule
[2010/10/01 05:34:53 | 000,000,000 | ---D | M] -- C:\Program Files\Eusing Free Registry Cleaner
[2009/01/04 15:54:53 | 000,000,000 | ---D | M] -- C:\Program Files\Full Tilt Poker
[2009/04/08 00:56:50 | 000,000,000 | ---D | M] -- C:\Program Files\Ghostgum
[2009/12/25 05:48:16 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2007/11/20 22:49:20 | 000,000,000 | ---D | M] -- C:\Program Files\Grisoft
[2009/04/08 00:55:39 | 000,000,000 | ---D | M] -- C:\Program Files\gs
[2008/11/28 13:43:07 | 000,000,000 | ---D | M] -- C:\Program Files\Hamachi
[2006/08/26 17:08:32 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2010/10/22 22:01:11 | 000,000,000 | ---D | M] -- C:\Program Files\HijackThis
[2007/03/12 17:31:19 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2008/10/14 22:25:10 | 000,000,000 | ---D | M] -- C:\Program Files\InfraRecorder
[2009/01/04 15:54:54 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2006/07/08 14:00:43 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2006/07/08 14:01:23 | 000,000,000 | ---D | M] -- C:\Program Files\Intel, Inc
[2007/11/15 00:55:22 | 000,000,000 | ---D | M] -- C:\Program Files\InterMute
[2010/09/14 05:00:05 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/03/28 17:39:17 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2009/03/28 17:39:49 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/02/11 04:29:15 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/09/26 15:59:45 | 000,000,000 | ---D | M] -- C:\Program Files\Jetcast
[2009/10/03 20:38:21 | 000,000,000 | ---D | M] -- C:\Program Files\Lame for Audacity
[2006/07/08 14:12:24 | 000,000,000 | ---D | M] -- C:\Program Files\Learn2.com
[2008/12/26 02:58:02 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2008/11/11 00:51:39 | 000,000,000 | ---D | M] -- C:\Program Files\LucasArts
[2010/09/27 00:24:04 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/09 22:35:36 | 000,000,000 | ---D | M] -- C:\Program Files\Maple 12
[2006/07/08 14:22:07 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2007/01/16 19:06:31 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee.com
[2009/04/06 13:15:15 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/01/21 12:15:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2004/08/10 14:04:18 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2006/08/20 03:00:25 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2007/11/23 17:44:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Digital Media Edition
[2007/11/23 17:44:49 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Photo Story 2 LE
[2010/06/05 03:06:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2007/11/23 17:44:52 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Helper
[2010/09/14 05:00:12 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/09/20 00:22:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/01/09 00:08:22 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2007/11/19 18:13:41 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2007/11/14 04:50:59 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/11/16 05:44:19 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/08/24 01:19:56 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2009/09/19 00:42:30 | 000,000,000 | ---D | M] -- C:\Program Files\MUSICMATCH
[2010/05/30 04:24:44 | 000,000,000 | ---D | M] -- C:\Program Files\NaturalSoft
[2008/06/17 02:50:29 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Software
[2008/06/17 02:43:08 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Swift Sound
[2008/11/12 22:08:57 | 000,000,000 | ---D | M] -- C:\Program Files\NeroInstall.bak
[2010/08/22 05:02:51 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2007/11/23 17:45:42 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2007/11/23 17:45:43 | 000,000,000 | ---D | M] -- C:\Program Files\NetZeroInstallers
[2009/07/16 02:50:08 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2010/09/13 00:58:32 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/09/14 05:00:09 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/07/03 21:50:11 | 000,000,000 | ---D | M] -- C:\Program Files\Paint.NET
[2007/03/30 18:48:44 | 000,000,000 | ---D | M] -- C:\Program Files\PC Drivers HeadQuarters
[2007/11/05 23:29:37 | 000,000,000 | ---D | M] -- C:\Program Files\PDF Editor 2
[2007/10/15 02:45:44 | 000,000,000 | ---D | M] -- C:\Program Files\pdf995
[2009/07/03 22:26:42 | 000,000,000 | ---D | M] -- C:\Program Files\PhotoScape
[2007/10/15 20:08:45 | 000,000,000 | ---D | M] -- C:\Program Files\PlotSoft
[2009/01/04 15:55:33 | 000,000,000 | ---D | M] -- C:\Program Files\PokerStars
[2009/03/28 17:36:25 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2006/11/07 13:29:12 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2010/01/09 00:08:09 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2007/11/14 01:27:32 | 000,000,000 | ---D | M] -- C:\Program Files\RegCleaner
[2007/09/01 08:06:18 | 000,000,000 | ---D | M] -- C:\Program Files\Replay Converter
[2010/09/20 00:33:19 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2010/03/09 22:43:11 | 000,000,000 | ---D | M] -- C:\Program Files\Scratch
[2006/07/08 14:22:45 | 000,000,000 | ---D | M] -- C:\Program Files\SearchAssist
[2008/11/20 22:12:18 | 000,000,000 | ---D | M] -- C:\Program Files\SEGA
[2006/07/08 14:02:30 | 000,000,000 | ---D | M] -- C:\Program Files\Sigmatel
[2008/12/26 21:53:17 | 000,000,000 | ---D | M] -- C:\Program Files\Skype
[2006/09/24 22:14:14 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2007/11/14 02:25:43 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2007/11/25 14:49:24 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster
[2009/11/16 22:48:22 | 000,000,000 | ---D | M] -- C:\Program Files\Starcraft
[2006/07/08 14:14:27 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2006/07/08 14:04:23 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2007/11/13 02:14:36 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2004/08/10 14:08:30 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2007/11/23 17:48:12 | 000,000,000 | ---D | M] -- C:\Program Files\utorrent
[2007/11/23 17:48:12 | 000,000,000 | ---D | M] -- C:\Program Files\VeryPDF PDF Editor Download Manager v1.0
[2007/11/05 23:36:54 | 000,000,000 | ---D | M] -- C:\Program Files\VeryPDF PDF Editor v2.2
[2007/03/08 03:25:45 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2006/07/08 14:12:23 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2006/07/08 14:13:48 | 000,000,000 | ---D | M] -- C:\Program Files\WebCyberCoach
[2006/08/18 22:54:10 | 000,000,000 | ---D | M] -- C:\Program Files\WildTangent
[2009/08/27 01:03:16 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp
[2007/11/23 17:48:52 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/09/14 05:03:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/08/18 19:34:19 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Messaging
[2010/08/22 05:00:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2004/08/10 14:02:52 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2007/11/23 17:49:00 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2006/07/08 14:07:01 | 000,000,000 | ---D | M] -- C:\Program Files\WordPerfect Office 12
[2004/08/10 14:04:18 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/04/08 01:23:44 | 000,000,000 | ---D | M] -- C:\Program Files\Xming
[2010/02/09 21:46:32 | 000,000,000 | -H-D | M] -- C:\Program Files\Zero G Registry
[2008/07/02 00:15:24 | 000,000,000 | ---D | M] -- C:\Program Files\_uninstallation_info

< %systemroot%\system32\*.tso >

< %ALLUSERSPROFILE%\Documents\Server\*.* >
[2004/08/04 06:00:00 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Server\admin.txt
[2004/08/04 06:00:00 | 000,036,523 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Server\hlp.dat
[2010/09/13 00:57:36 | 000,047,104 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Server\server.dat

< %systemroot%\*.pif >
[2009/09/11 19:12:00 | 000,000,967 | ---- | M] () -- C:\WINDOWS\ScUnin.pif
[2004/08/04 06:00:00 | 000,000,707 | ---- | M] () -- C:\WINDOWS\_default.pif
[14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\system32\n7533\*.* >

< %systemroot%\Us18336\*.* >

< %systemroot%\system32\*.zip >

< %systemroot%\system32\*.wgo >

< %systemroot%\system32\dllcache\*.com >

< %systemroot%\system32\dllchache\*.* >

< %systemroot%\system32\038840\*.* >

< %systemroot%\system32\13E92A\*.* >

< %systemroot%\system32\1CB5AD\*.* >

< %systemroot%\system32\52682A\*.* >

< %USERPROFILE%\My Documents\*.htm >
[2010/10/02 01:17:34 | 000,013,775 | ---- | M] () -- C:\Documents and Settings\Scotty\My Documents\17.html
[1 C:\Documents and Settings\Scotty\My Documents\*.tmp files -> C:\Documents and Settings\Scotty\My Documents\*.tmp -> ]

< %SYSTEMDRIVE%\Mr_CF\*.* >

< %USERPROFILE%\My Documents\*.dll >

< %USERPROFILE%\My Documents\*.ccc >

< %systemroot%\system32\Sis\*.* >

< %systemroot%\Microsft\*.* >

< %SYSTEMDRIVE%\driverwinx.exe\*.* >

< %systemroot%\BifroXx\*.* >

< %SYSTEMDRIVE%\TSTP\*.* >

< %systemroot%\winsn\*.* >

< %ProgramFiles%\windata\*.* >

< %SYSTEMDRIVE%\msixxxxxxx.exe\*.* >

< %systemroot%\system32\*.sao >

< %systemroot%\system32\*.iem >

< %systemroot%\system32\*.mdd >

< %systemroot%\system32\*.wlo >

< %systemroot%\system32\*.skn >

< %SYSTEMDRIVE%\Winup\*.* >

< %SYSTEMDRIVE%\test\*.* >

< %systemroot%\system32\med\*.* >

< %systemroot%\Bifrost\*.* >

< %systemroot%\system32\explorer.exe\*.* >

< %UserProfile%\UserData\*.dat /x >

< %SYSTEMDRIVE%\Arquivo de programas\*.* >

< %ProgramFiles%\tcpview\*.* >

< %systemroot%\system32\*.lyo >

< %ProgramFiles%\huanbang2\*.* >

< %systemroot%\winhuanbang\*.* >

< %systemroot%\minrsv.ini\*.* >

< %systemroot%\assembly\GAC\*.* >

< %AppData%\Adobe\crtmswin91\*.* >

< %ProgramFiles%\Windows NT\Accessories\*.exe >
[2004/08/04 06:00:00 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe

< %systemroot%\system32\*.pdo >

< %SYSTEMDRIVE%\APPDATASH\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-25 05:59:52

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
< End of report >

OTL Extras logfile created on: 10/23/2010 5:34:05 PM - Run 1
OTL by OldTimer - Version 3.2.17.0 Folder = C:\Documents and Settings\Scotty\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 515.00 Mb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66.68 Gb Total Space | 3.65 Gb Free Space | 5.47% Space Free | Partition Type: NTFS
Drive D: | 21.76 Gb Total Space | 21.69 Gb Free Space | 99.66% Space Free | Partition Type: NTFS

Computer Name: HAL | User Name: Scotty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = SafariHTML] -- C:\Program Files\Safari\Safari.exe (Apple Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"2799:UDP" = 2799:UDP:*:Enabled:Altova License Metering Port (UDP)
"2799:TCP" = 2799:TCP:*:Enabled:Altova License Metering Port (TCP)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\utorrent\utorrent.exe" = C:\Program Files\utorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Ruckus Player\Ruckus.exe" = C:\Program Files\Ruckus Player\Ruckus.exe:*:Enabled:Ruckus -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\DC++\DCPlusPlus.exe" = C:\Program Files\DC++\DCPlusPlus.exe:*:EnabledC++ -- ()
"C:\Program Files\LucasArts\Star Wars Rebellion\REBEXE.EXE" = C:\Program Files\LucasArts\Star Wars Rebellion\REBEXE.EXE:*:Enabled:STAR WARS Rebellion -- (LucasArts Entertainment Company LLC)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\game.dat" = C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\game.dat:*:Enabled:The Battle for Middle-earth (tm) -- File not found
"C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\patchget.dat" = C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\patchget.dat:*:Enabledatchgrabber -- File not found
"C:\Program Files\Hamachi\hamachi.exe" = C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client -- (LogMeIn Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Xming\Xming.exe" = C:\Program Files\Xming\Xming.exe:*:Enabled:Xming X Server -- ()
"C:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe" = C:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\Scotty\Local Settings\Temp\streamer\streamer.exe" = C:\Documents and Settings\Scotty\Local Settings\Temp\streamer\streamer.exe:*:Enabled:streamer -- ()
"C:\Program Files\ds9\ds9.exe" = C:\Program Files\ds9\ds9.exe:*:Enabled:SAOImage DS9 5.6.3 -- (Smithsonian Astrophysical Observatory)
"C:\Program Files\AIM7\aim.exe" = C:\Program Files\AIM7\aim.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Maple 13\jre\bin\maple.exe" = C:\Program Files\Maple 13\jre\bin\maple.exe:*:Enabled:Maple 13 -- File not found
"C:\Program Files\Maple 12\jre\bin\maple.exe" = C:\Program Files\Maple 12\jre\bin\maple.exe:*:Enabled:Maple 12 -- (Maplesoft)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:explorer -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{174170E5-AB31-46E3-8FE9-E4B71F0D78E8}" = blueMSX
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F2DF2C6-08F7-40BD-8E85-D16CB436E7F0}" = Free NaturalReader
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 18
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{3763A2B4-B07A-4E4D-994D-7D2C6AF0CF9E}" = Safari
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56DF5C9E-6392-46D3-B366-297B14E1DAAF}" = Bonjour Core for Windows
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype 3.8
"{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = MobileMe Control Panel
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CE0803C-CA6A-4D7A-8FB8-055EBB4AF141}" = The Typing of The Dead US
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}" = HP Photosmart and Deskjet 7.0.A
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}" = Consumer Complete Care Services Agreement
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100
"{EBBE2FB2-FBED-44F6-B95F-230AB5A65B28}" = Goombah Partner COM Server
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.6
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"3C48F877-A164-45E9-B9DA-26A049FFC207" = Tradewinds
"6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA" = SCRABBLE
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AFPL Ghostscript 8.53" = AFPL Ghostscript 8.53
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"AIM_7" = AIM 7
"AmazingMIDI" = AmazingMIDI
"AOL Instant Messenger" = AOL Instant Messenger
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.6 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AxCrypt" = AxCrypt (Remove Only)
"CDisplay_is1" = CDisplay 1.8
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"DC++" = DC++ 0.674
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Google Updater" = Google Updater
"GPL Ghostscript 8.63" = GPL Ghostscript 8.63
"GSview 4.9" = GSview 4.9
"Hamachi" = Hamachi 1.0.3.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"InfraRecorder" = InfraRecorder
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"Jetcast" = Jetcast 3.0.2
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"LucasArts' Star Wars Rebellion" = LucasArts' Star Wars Rebellion
"lvdrivers_11.50" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maple 12" = Maple 12
"mgs4_ss_1600_1200_1" = mgs4_ss_1600_1200_1 ?????????
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MSNINST" = MSN
"Office8.0" = Microsoft Office 97, Standard Edition
"Panda ActiveScan" = Panda ActiveScan
"PhotoScape" = PhotoScape
"ProInst" = Intel(R) PROSet/Wireless Software
"Signature995" = Signature995
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpywareBlaster_is1" = SpywareBlaster v3.5.1
"Starcraft" = Starcraft
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.5
"WavePad" = WavePad Uninstall
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WildTangent CDA" = WildTangent Web Driver
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Xming_is1" = Xming 6.9.0.31

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Absolute Poker" = Absolute Poker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/13/2010 1:09:15 AM | Computer Name = HAL | Source = Application Error | ID = 1000
Description = Faulting application safari.exe, version 5.33.18.5, faulting module
ntdll.dll, version 5.1.2600.2180, fault address 0x00001230.

Error - 10/13/2010 1:24:02 AM | Computer Name = HAL | Source = Application Error | ID = 1000
Description = Faulting application safari.exe, version 5.33.18.5, faulting module
ntdll.dll, version 5.1.2600.2180, fault address 0x00001230.

Error - 10/13/2010 1:24:57 AM | Computer Name = HAL | Source = Application Hang | ID = 1002
Description = Hanging application Safari.exe, version 5.33.18.5, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/13/2010 1:28:29 AM | Computer Name = HAL | Source = Application Error | ID = 1000
Description = Faulting application safari.exe, version 5.33.18.5, faulting module
ntdll.dll, version 5.1.2600.2180, fault address 0x00001230.

Error - 10/14/2010 5:03:32 PM | Computer Name = HAL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 10/14/2010 5:03:35 PM | Computer Name = HAL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 10/14/2010 5:11:32 PM | Computer Name = HAL | Source = Application Error | ID = 1000
Description = Faulting application safari.exe, version 5.33.18.5, faulting module
ntdll.dll, version 5.1.2600.2180, fault address 0x00001230.

Error - 10/14/2010 5:14:36 PM | Computer Name = HAL | Source = Application Hang | ID = 1002
Description = Hanging application Safari.exe, version 5.33.18.5, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/14/2010 5:16:05 PM | Computer Name = HAL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 10/14/2010 5:16:09 PM | Computer Name = HAL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 10/23/2010 4:27:43 PM | Computer Name = HAL | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 10/23/2010 4:27:51 PM | Computer Name = HAL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd TfFsMon TfSysMon

Error - 10/23/2010 4:30:43 PM | Computer Name = HAL | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 10/23/2010 4:30:56 PM | Computer Name = HAL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd TfFsMon TfSysMon

Error - 10/23/2010 4:31:21 PM | Computer Name = HAL | Source = DCOM | ID = 10010
Description = The server {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C} did not register
with DCOM within the required timeout.

Error - 10/23/2010 4:31:44 PM | Computer Name = HAL | Source = DCOM | ID = 10010
Description = The server {7160A13D-73DA-4CEA-95B9-37356478588A} did not register
with DCOM within the required timeout.

Error - 10/23/2010 5:14:42 PM | Computer Name = HAL | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,time.nist.gov'. NtpClient will try the
DNS lookup again in 15 minutes. The error was: A socket operation was attempted to
an unreachable host. (0x80072751)

Error - 10/23/2010 5:14:42 PM | Computer Name = HAL | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 10/23/2010 5:16:43 PM | Computer Name = HAL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon

Error - 10/23/2010 5:18:44 PM | Computer Name = HAL | Source = DCOM | ID = 10010
Description = The server {03CA98D6-FF5D-49B8-ABC6-03DD84127020} did not register
with DCOM within the required timeout.

< End of report >


----------



## oldman960 (Apr 8, 2010)

Hi DokiDoki,

Your system has been infected by one or more *Backdoor Trojans* and a variant of Banker.
This allows hackers to remotely control your computer, steal critical system information and Download and Execute files
More information on Remote Access Trojans can be found *here*.

*I strongly suggest you do the following immediately:*

Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of *identity theft* and to put a watch on your accounts or change all your account numbers.
From a clean computer, change **all** your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
*DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.*
Here are a few related articles that i suggest you read:

Danger: Remote Access Trojans.
When should I re-format? How should I reinstall?
How Do I Handle Possible Identify Theft, Internet Fraud and Credit Card Fraud?
Should you have any questions, please feel free to ask.

I can help you clean this computer to the best of my abilities but keep in mind a format and reinstall may also be an option you wish to explore.

Should you decide to clean this machine please continue.

Did you place these in the Trusted Zone?
*classmates.com ([www] https in Trusted sites)*
*cybersexent.com ([blondesonlyhardcore] https in Trusted sites)*

There are some suspicious looking folders created at the same time as some known malware ones. I don't think I'll be able to look at them with a tool as they use wildcards for a name. I'll need you to have a look at them.

Open windows explorer (right click your start button amd select explore)

Navigate to the *C:\* directory and click the + sign.
Look in the list of folders for a folder named ******
Click on it
please post a couple of the file names from the right hand panel.
Next in the left hand panel

Navigate to the *C:\Windows\System32* directory and click the + sign.
Look in the list of folders for a folder named ******
Click on it
please post a couple of the file names from the right hand panel.

We need some file informantion

Make sure to use Internet Explorer for this
Please go to VirSCAN.org FREE on-line scan service
Copy and paste the following file path, one at a time if more than file is listed, into the *"Suspicious files to scan"* box on the top of the page:
*C:\WINDOWS\System32\drivers\izhij.sys*
*C:\WINDOWS\System32\nlhtml7.dll*

*C:\WINDOWS\system32\AcroIEHelpe021.dll*

Click on the *Upload* button
Please ensure the scan is complete and the results saved before submitting the next.
If a pop-up appears saying the file has been scanned already, please select the *ReScan* button.
Once the Scan is completed, click on the "*Copy to Clipboard*" button. This will copy the link of the report into the Clipboard.
Paste the contents of the Clipboard in your next reply.

*Next*, Double click on *OTL.exe* 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following
*Do Not *copy the word* CODE*
please note the fix starts with the *:*


```
:service
:OTL
DRV - (taskmon.sys) -- C:\WINDOWS\System32\taskmon.sys File not found
qcrusoe) -- C:\DOCUME~1\Scotty\LOCALS~1\Temp\qcrusoe.sys File not found
DRV - (jfdcd) -- C:\DOCUME~1\Scotty\LOCALS~1\Temp\jfdcd.sys File not found
DRV - (dfac) -- C:\WINDOWS\System32\dfac.sys File not found
O4 - HKLM..\Run: [naewcmrxos.tmp] C:\Documents and Settings\Scotty\Local Settings\Temp\naewcmrxos.tmp ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.72,93.188.166.222
O20 - HKCU Winlogon: UserInit - (C:\WINDOWS\system32\vvgeowbv.exe) - C:\WINDOWS\System32\vvgeowbv.exe File not found
[2010/09/30 22:09:51 | 000,000,000 | ---D | C] -- C:\xmldm
[2010/09/26 14:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xmldm
O2 - BHO: (Adobe PDF Reader Link Helper) - {F22C37FD-2BCB-40b6-A12E-77DDA1FBDD88} - C:\WINDOWS\system32\AcroIEHelpe021.dll (Adobe Systems, Incorporated)
[2010/10/23 17:31:00 | 000,000,248 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
2010/10/23 17:16:07 | 000,000,308 | -HS- | M] () -- C:\WINDOWS\tasks\Hossoxy.job
[2010/10/23 17:16:02 | 000,000,340 | -HS- | M] () -- C:\WINDOWS\tasks\isjkpyas.job
[2010/10/13 00:46:55 | 000,212,304 | ---- | M] (Adobe Systems, Incorporated) -- C:\WINDOWS\System32\AcroIEHelpe.dll
[2003/06/13 17:23:00 | 000,004,304 | ---- | M] () -- C:\WINDOWS\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
 
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"
 
:Commands
[emptytemp]
[Reboot]
```
Then click the* Run Fix* button at the top

Let the program run unhindered
Please save the resulting log to be posted in your next reply.
Please post the *OTL fix* log

Please post back with

sample filenames from the folders
VirScan results
OTL fix log
How's the computer?
Thanks


----------



## DokiDoki (Oct 23, 2010)

Okay, I'll go down the list.

No, I did not put those sites in the trusted site list.

I'm assuming **** was referring to a certain part of the male anatomy. I took a look in those two folders. The one in C:\ was empty. The one in system32 had just one txt file:

[email protected][1]

Here's the first file log:

VirSCAN.org Scanned Report :
Scanned time : 2010/10/24 16:41:12 (EDT)
Scanner results: 56% Scanner(s) (20/36) found malware!
File Name : izhij.sys
File Size : 785920 byte
File Type : PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5 : 915e97f0941a66239a0b36854d6fd4dc
SHA1 : eb60b2c6753b2660e54a5c12cbd77146abb881e1
Online report : http://virscan.org/report/5da5456e1e18c95bd03700a15f2ad809.html
Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.0.0.20 20101024144149 2010-10-24 4.93 Virus.Win32.Bubak!IK
AhnLab V3 2010.10.19.02 2010.10.19 2010-10-19 1.58 Win-Trojan/Bubnix.Gen
AntiVir 8.2.4.84 7.10.13.28 2010-10-24 0.28 TR/Rootkit.Gen2
Antiy 2.0.18 20101022.5482262 2010-10-22 0.12 Trojan/Win32.Bubnix.arr[Rootkit]
Arcavir 2010 201010250206 2010-10-25 0.15 -
Authentium 5.1.1 201010231759 2010-10-23 1.35 -
AVAST! 4.7.4 101024-0 2010-10-24 0.03 Win32:Bubak [Rtk]
AVG 8.5.850 271.1.1/3216 2010-10-24 0.26 -
BitDefender 7.90123.6388058 7.34408 2010-10-25 8.79 Gen:Variant.Bubnix.1
ClamAV 0.96.3 12171 2010-10-23 0.09 BC.Heuristics.Rootkit.B-8.SDT
Comodo 4.0 6495 2010-10-24 1.44 -
CP Secure 1.3.0.5 2010.10.24 2010-10-24 0.10 -
Dr.Web 5.0.2.3300 2010.10.25 2010-10-25 10.18 -
F-Prot 4.4.4.56 20101024 2010-10-24 1.37 -
F-Secure 7.02.73807 2010.10.24.03 2010-10-24 11.20 Rootkit.Win32.Bubnix.arr [AVP]
Fortinet 4.2.249 12.488 2010-10-24 0.14 W32/Dx.TOP!tr
GData 21.1010/21.427 20101024 2010-10-24 12.65 Rootkit.Win32.Bubnix.arr [Engine:A]
ViRobot 20101023 2010.10.23 2010-10-23 0.38 -
Ikarus T3.1.32.15.0 2010.10.24.77007 2010-10-24 5.08 Virus.Win32.Bubak
JiangMin 13.0.900 2010.10.24 2010-10-24 1.39 -
Kaspersky 5.5.10 2010.10.24 2010-10-24 0.08 Rootkit.Win32.Bubnix.arr
KingSoft 2009.2.5.15 2010.10.24.15 2010-10-24 0.78 -
McAfee 5400.1158 6146 2010-10-24 18.49 Generic.dx!top
Microsoft 1.6301 2010.10.24 2010-10-24 14.26 Trojan:WinNT/Bubnix.gen!A
Norman 6.06.10 6.06.00 2010-10-24 10.01 W32/Suspicious_Gen2.BZKZQ
Panda 9.05.01 2010.10.24 2010-10-24 2.33 Rootkit/Bubnix.D 
Trend Micro 9.120-1004 7.566.05 2010-10-24 0.08 -
Quick Heal 11.00 2010.10.22 2010-10-22 2.46 -
Rising 20.0 22.70.05.00 2010-10-23 1.72 -
Sophos 3.12.1 4.58 2010-10-25 4.20 Mal/Bubnix-B
Sunbelt 3.9.2455.2 7131 2010-10-24 16.72 Trojan.Win32.Generic!BT
Symantec 1.3.0.24 20101023.004 2010-10-23 0.12 -
nProtect 20101022.01 9190900 2010-10-22 12.52 Gen:Variant.Bubnix.1
The Hacker 6.7.0.1 v00065 2010-10-24 0.55 -
VBA32 3.12.14.1 20101022.0846 2010-10-22 3.41 -
VirusBuster 4.5.11.10 10.130.1/2035640 2010-10-24 2.41 Rootkit.Bubnix.ADK

The second file was not found. Indeed I took a look in Explorer and the closest file was " " nlhtml.dll

VirSCAN.org Scanned Report :
Scanned time : 2010/10/24 16:54:12 (EDT)
Scanner results: Scanners did not find malware!
File Name : nlhtml.dll
File Size : 103936 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 11fd75354aa280800aa152f9e57e341f
SHA1 : f6ab284782c9e22e7ddfd29c8e217d1fb1ce2cbd
Online report : http://virscan.org/report/e772348dd1b7ab888f941a66e61720ba.html
Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.0.0.20 20101024144149 2010-10-24 5.14 -
AhnLab V3 2010.10.19.02 2010.10.19 2010-10-19 1.30 -
AntiVir 8.2.4.84 7.10.13.28 2010-10-24 0.26 -
Antiy 2.0.18 20101022.5482262 2010-10-22 0.12 -
Arcavir 2010 201010250206 2010-10-25 0.07 -
Authentium 5.1.1 201010231759 2010-10-23 1.47 -
AVAST! 4.7.4 101024-0 2010-10-24 0.01 -
AVG 8.5.850 271.1.1/3216 2010-10-24 0.28 -
BitDefender 7.90123.6388058 7.34408 2010-10-25 4.76 -
ClamAV 0.96.3 12171 2010-10-23 0.03 -
Comodo 4.0 6495 2010-10-24 0.81 -
CP Secure 1.3.0.5 2010.10.24 2010-10-24 0.06 -
Dr.Web 5.0.2.3300 2010.10.25 2010-10-25 9.46 -
F-Prot 4.4.4.56 20101024 2010-10-24 1.45 -
F-Secure 7.02.73807 2010.10.24.03 2010-10-24 11.10 -
Fortinet 4.2.249 12.488 2010-10-24 0.16 -
GData 21.1010/21.427 20101024 2010-10-24 7.48 -
ViRobot 20101023 2010.10.23 2010-10-23 0.39 -
Ikarus T3.1.32.15.0 2010.10.24.77007 2010-10-24 5.11 -
JiangMin 13.0.900 2010.10.24 2010-10-24 1.44 -
Kaspersky 5.5.10 2010.10.24 2010-10-24 0.09 -
KingSoft 2009.2.5.15 2010.10.24.15 2010-10-24 0.84 -
McAfee 5400.1158 6146 2010-10-24 18.74 -
Microsoft 1.6301 2010.10.24 2010-10-24 6.83 -
Norman 6.06.10 6.06.00 2010-10-24 8.01 -
Panda 9.05.01 2010.10.24 2010-10-24 2.72 -
Trend Micro 9.120-1004 7.566.05 2010-10-24 0.03 -
Quick Heal 11.00 2010.10.22 2010-10-22 2.31 -
Rising 20.0 22.70.05.00 2010-10-23 1.92 -
Sophos 3.12.1 4.58 2010-10-25 4.20 -
Sunbelt 3.9.2455.2 7131 2010-10-24 17.48 -
Symantec 1.3.0.24 20101023.004 2010-10-23 0.05 -
nProtect 20101022.01 9190900 2010-10-22 9.34 -
The Hacker 6.7.0.1 v00065 2010-10-24 0.41 -
VBA32 3.12.14.1 20101022.0846 2010-10-22 4.20 -
VirusBuster 4.5.11.10 10.130.1/2035640 2010-10-24 2.53 -

And the third file.

VirSCAN.org Scanned Report :
Scanned time : 2010/10/24 16:49:07 (EDT)
Scanner results: Scanners did not find malware!
File Name : AcroIEHelpe021.dll
File Size : 212304 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 96865b2c63d913f08222d4db650d63b6
SHA1 : d637264dca174cefb518a0f1c1355fc7e2d04d55
Online report : http://virscan.org/report/84d9446e0d8fb393acdb53f0a4a149ee.html
Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.0.0.20 20101024144149 2010-10-24 5.06 -
AhnLab V3 2010.10.19.02 2010.10.19 2010-10-19 1.42 -
AntiVir 8.2.4.84 7.10.13.28 2010-10-24 0.27 -
Antiy 2.0.18 20101022.5482262 2010-10-22 0.12 -
Arcavir 2010 201010250206 2010-10-25 0.11 -
Authentium 5.1.1 201010231759 2010-10-23 1.85 -
AVAST! 4.7.4 101024-0 2010-10-24 0.02 -
AVG 8.5.850 271.1.1/3216 2010-10-24 0.27 -
BitDefender 7.90123.6388058 7.34408 2010-10-25 4.76 -
ClamAV 0.96.3 12171 2010-10-23 0.06 -
Comodo 4.0 6495  2010-10-24 0.89 -
CP Secure 1.3.0.5 2010.10.24 2010-10-24 0.08 -
Dr.Web 5.0.2.3300 2010.10.25 2010-10-25 9.48 -
F-Prot 4.4.4.56 20101024 2010-10-24 2.08 -
F-Secure 7.02.73807 2010.10.24.03 2010-10-24 11.34 -
Fortinet 4.2.249 12.488 2010-10-24 0.17 -
GData 21.1010/21.427 20101024 2010-10-24 7.34 -
ViRobot 20101023 2010.10.23 2010-10-23 0.38 -
Ikarus T3.1.32.15.0 2010.10.24.77007 2010-10-24 5.16 -
JiangMin 13.0.900 2010.10.24 2010-10-24 1.34 -
Kaspersky 5.5.10 2010.10.24 2010-10-24 0.14 -
KingSoft 2009.2.5.15 2010.10.24.15 2010-10-24 0.75 -
McAfee 5400.1158 6146 2010-10-24 18.62 -
Microsoft 1.6301 2010.10.24 2010-10-24 3.81 -
Norman 6.06.10 6.06.00 2010-10-24 8.01 -
Panda 9.05.01 2010.10.24 2010-10-24 2.16 -
Trend Micro 9.120-1004 7.566.05 2010-10-24 0.03 -
Quick Heal 11.00 2010.10.22 2010-10-22 2.28 -
Rising 20.0 22.70.05.00 2010-10-23 1.77 -
Sophos 3.12.1 4.58 2010-10-25 4.19 -
Sunbelt 3.9.2455.2 7131 2010-10-24 13.70 -
Symantec 1.3.0.24 20101023.004 2010-10-23 0.05 -
nProtect 20101022.01 9190900 2010-10-22 9.31 -
The Hacker 6.7.0.1 v00065 2010-10-24 0.39 -
VBA32 3.12.14.1 20101022.0846 2010-10-22 3.86 -
VirusBuster 4.5.11.10 10.130.1/2035640 2010-10-24 2.55 -

And here's the fix log:

All processes killed
Error: Unable to interpret <:service> in the current context!
========== OTL ==========
Service taskmon.sys stopped successfully!
Service taskmon.sys deleted successfully!
File C:\WINDOWS\System32\taskmon.sys File not found not found.
Service jfdcd stopped successfully!
Service jfdcd deleted successfully!
File C:\DOCUME~1\Scotty\LOCALS~1\Temp\jfdcd.sys File not found not found.
Service dfac stopped successfully!
Service dfac deleted successfully!
File C:\WINDOWS\System32\dfac.sys File not found not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\naewcmrxos.tmp deleted successfully.
C:\Documents and Settings\Scotty\Local Settings\Temp\naewcmrxos.tmp moved successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\vvgeowbv.exe deleted successfully.
C:\xmldm folder moved successfully.
C:\WINDOWS\System32\xmldm folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F22C37FD-2BCB-40b6-A12E-77DDA1FBDD88}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F22C37FD-2BCB-40b6-A12E-77DDA1FBDD88}\ deleted successfully.
C:\WINDOWS\system32\AcroIEHelpe021.dll moved successfully.
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully.
C:\WINDOWS\tasks\isjkpyas.job moved successfully.
C:\WINDOWS\system32\AcroIEHelpe.dll moved successfully.
C:\WINDOWS\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Userinit"|"C:\\Windows\\system32\\userinit.exe," /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.HAL
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 122574 bytes
->Flash cache emptied: 609 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 83 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 540806 bytes
->Java cache emptied: 9066 bytes
->Flash cache emptied: 3233 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 1106927 bytes
->Flash cache emptied: 52239 bytes

User: Owner
->Temp folder emptied: 0 bytes

User: Scotty
->Temp folder emptied: 1790853752 bytes
->Temporary Internet Files folder emptied: 427356 bytes
->Java cache emptied: 64018908 bytes
->FireFox cache emptied: 39929759 bytes
->Apple Safari cache emptied: 131251200 bytes
->Flash cache emptied: 516184 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4370793 bytes
%systemroot%\System32 .tmp files removed: 21651401 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 725888 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 91637166 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 41331451 bytes
RecycleBin emptied: 153958 bytes

Total Files Cleaned = 2,087.00 mb

OTL by OldTimer - Version 3.2.17.0 log created on 10242010_165902
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...

The 0xc0000005 errors stopped after I followed the instructions in your original reply, but I would still get browser redirected to random sites (though very infrequently). I have not had any redirects as of the kill but I also have not been on a browser for very long.


----------



## oldman960 (Apr 8, 2010)

Hi DokiDoki,

I can now guess at the folders' name. The forum softeware censor must have changed the names to ****. Go ahead and delete both folders.

*Next*, Double click on *OTL.exe* 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following
*Do Not *copy the word* CODE*
please note the fix starts with the *:*


```
:Services
:OTL
O15 - HKCU\..Trusted Domains: classmates.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: cybersexent.com ([blondesonlyhardcore] https in Trusted sites)
:Files
C:\WINDOWS\system32\appconf32.exe
ipconfig /flushdns /c
C:\WINDOWS\System32\drivers\izhij.sys
```
Then click the* Run Fix* button at the top

Let the program run unhindered
Please save the resulting log to be posted in your next reply.


Please read through these instructions to familarize yourself with what to expect when this tool runs

Download ComboFix from one of these locations:
*Link 1*
*Link 2*


** IMPORTANT !!! Save ComboFix.exe to your Desktop*

*Disable your AntiVirus and AntiSpyware applications*, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. *Note*: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : *How to Disable your Security Programs*
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
 
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.










​Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on *Yes*, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

*Notes:*
1.*Do not mouse-click Combofix's window while it is running. That may cause it to stall.*
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of *ALL* CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper. 
4. *CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.*

Please post back with

OTL fix log
combofix log
Thanks


----------



## DokiDoki (Oct 23, 2010)

Sure thing.

========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\classmates.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cybersexent.com\blondesonlyhardcore\ deleted successfully.
========== FILES ==========
C:\WINDOWS\system32\appconf32.exe moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Scotty\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Scotty\Desktop\cmd.txt deleted successfully.
C:\WINDOWS\System32\drivers\izhij.sys moved successfully.

OTL by OldTimer - Version 3.2.17.0 log created on 10252010_040909

ComboFix 10-10-23.02 - Scotty 10/25/2010 4:36.7.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.613 [GMT -4:00]
Running from: c:\documents and settings\Scotty\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Documents\Server\admin.txt
c:\documents and settings\All Users\Documents\Server\server.dat
c:\documents and settings\Scotty\Local Settings\Application Data\Windows Server
c:\documents and settings\Scotty\Local Settings\Application Data\Windows Server\admin.txt
c:\documents and settings\Scotty\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\Scotty\Local Settings\Application Data\Windows Server\server.dat
c:\documents and settings\Scotty\Local Settings\Application Data\Windows Server\uses32.dat
c:\program files\INSTALL.LOG
c:\windows\$NtUninstallMTF1011$
c:\windows\$NtUninstallMTF1011$\apUninstall.exe
c:\windows\$NtUninstallMTF1011$\mmx.dll
c:\windows\$NtUninstallMTF1011$\zrpt.xml
c:\windows\system32\drivers\npf.sys
c:\windows\system32\lodupgd.jpg
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\tmp.reg
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2010-09-25 to 2010-10-25 )))))))))))))))))))))))))))))))
.
2010-10-24 20:59 . 2010-10-24 20:59 -------- d-----w- C:\_OTL
2010-10-13 04:47 . 2010-10-13 04:47 -------- d-----w- c:\windows\system32\5006
2010-10-01 07:42 . 2010-10-01 09:34 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2010-09-30 22:57 . 2010-10-01 01:19 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\program files\AIM7\aim.exe" [2009-10-01 3634024]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2009-10-01 20:20 3634024 ----a-w- c:\program files\AIM7\aim.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-09-04 00:12 111936 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 10:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
2004-08-04 10:00 44032 -c--a-w- c:\windows\ime\imkr6_1\imekrmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 20:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-03-06 02:50 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 20:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\utorrent\\utorrent.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Rebellion\\REBEXE.EXE"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Xming\\Xming.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\ds9\\ds9.exe"=
"c:\\Program Files\\AIM7\\aim.exe"=
"c:\\Program Files\\Maple 12\\jre\\bin\\maple.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/10/2010 2:21 AM 135336]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 pmodem;pmodem;\??\c:\docume~1\Scotty\LOCALS~1\Temp\pmodem.sys --> c:\docume~1\Scotty\LOCALS~1\Temp\pmodem.sys [?]
S3 qcrusoe;qcrusoe;\??\c:\docume~1\Scotty\LOCALS~1\Temp\qcrusoe.sys --> c:\docume~1\Scotty\LOCALS~1\Temp\qcrusoe.sys [?]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/7/2006 8:53 PM 715248]
.
Contents of the 'Scheduled Tasks' folder
2010-09-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2010-10-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-19 04:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001
uInternet Connection Wizard,ShellNext = iexplore
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {BD4C7EDB-A392-11D9-8BFB-0040953018D7} - hxxp://www.streamerp2p.com/sfiles/phasex.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath - c:\documents and settings\Scotty\Application Data\Mozilla\Firefox\Profiles\dx0jryt7.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 1039
FF - prefs.js: network.proxy.type - 0
FF - component: c:\windows\system32\5006\components\AcroFF.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-25 04:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ... 
scanning hidden autostart entries ... 
scanning hidden files ... 
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x864D8C76]<< 
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7621fc3
\Driver\ACPI -> ACPI.sys @ 0xf7494cb8
\Driver\atapi -> atapi.sys @ 0xf744c7b4
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: Intel(R) PRO/Wireless 3945ABG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf732bba0
PacketIndicateHandler -> NDIS.sys @ 0xf7338b21
SendHandler -> NDIS.sys @ 0xf731687b
user & kernel MBR OK 
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\è*}*0 ]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\¬ *5*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(5344)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\stsystra.exe
.
**************************************************************************
.
Completion time: 2010-10-25 04:58:33 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-25 08:58
ComboFix2.txt 2007-11-24 04:16
Pre-Run: 5,760,208,896 bytes free
Post-Run: 5,671,452,672 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptOut
Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - B54D61D0BEF5183B071502D583688D9F


----------



## oldman960 (Apr 8, 2010)

Hi DokiDoki,

*uTorrent*
Looks like uTorrent, a P2P/file sharing program was installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it if it's still there.
References for the risk of these programs can be found in these links:
http://www.microsoft.com/windows/ie/commun...protection.mspx
http://www.internetworldstats.com/articles/art053.htm://http://www.techweb.com/wire/1605005...cles/art053.htm
I would recommend that you uninstall *uTorrent *if you haven't already done so, however that choice is up to you. If you choose to remove this program, you can do so via *Control Panel >> Add or Remove Programs.*
*Please do not use these types of programs until your computer is cleaned.*

Did you at one time have *ThreatFire* installed?

*Please follow all previous instructions regarding security programs. *

Open a new Notepad session 

Click the *Start *button, click *run*
in the run box type *notepad*
click* ok*
In the notepad, Click "Format" and be certain that Word Wrap is *not checked*.
Copy and paste *all* the text in the code box below into the Notepad. *Do Not *copy the word *CODE*


```
File::
c:\docume~1\Scotty\LOCALS~1\Temp\qcrusoe.sys
FireFox:
FF - ProfilePath - c:\documents and settings\Scotty\Application Data\Mozilla\Firefox\Profiles\dx0jryt7.default\
FF - prefs.js: network.proxy.http_port - 1039
Dirlook:
c:\windows\system32\5006
Driver::
qcrusoe
```
In the notepad 

Click *File*, *Save as*..., and set the *Save in* to your *Desktop*
In the *filename* box, type (including quotation marks) as the filename: *"CFScript.txt"*
Click *save*
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first. 
***Note: Do not mouseclick combofix's window while it's running. That may cause it to stall***









Download this *file* & extract *TDSSKiller.exe* onto your *Desktop*
Then create this batch file to be placed next to TDSSKiller

----

Open a new Notepad session 

Click the *Start *button, click *run*
in the run box type *notepad*
click* ok*
In the notepad, Click "Format" and be certain that Word Wrap is *not checked*.
Copy and paste *all* the text in the code box below into the Notepad. *Do Not *copy the word *CODE*



```
@ECHO OFF
START /WAIT TDSSKILLER.exe -l Logit.txt -v
START Logit.txt
del %0
```
In the notepad 

Click *File*, *Save as*..., and set the *Save in* to your *Desktop*
In the *filename* box, type (including quotation marks) as the filename: *"fix.bat"*
Click *save*
It should look like this:








Double click on fix.bat & allow it to run
Post back with the *Logit.txt*.

Please post back with

combofix log
Logit.txt
How's the computer?

Thanks


----------



## DokiDoki (Oct 23, 2010)

When I double-click on fix.bat on the desktop I get the error message: Windows cannot find "Login.txt" along with a list of command line parameters.


----------



## oldman960 (Apr 8, 2010)

Hi DokiDoki,

Ok just double click TDSSKiller.exe

Once completed it will create a log in your *C:\* drive called TDSSKiller*_** _(*** denotes version & date)_

You can post the combofix log now if you have it.

Thanks


----------



## DokiDoki (Oct 23, 2010)

Sorry for the delay.

ComboFix 10-10-24.06 - Scotty 10/25/2010 17:12:03.8.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.609 [GMT -4:00]
Running from: c:\documents and settings\Scotty\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Scotty\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\docume~1\Scotty\LOCALS~1\Temp\qcrusoe.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_qcrusoe

((((((((((((((((((((((((( Files Created from 2010-09-25 to 2010-10-25 )))))))))))))))))))))))))))))))
.

2010-10-24 20:59 . 2010-10-24 20:59	--------	d-----w-	C:\_OTL
2010-10-13 04:47 . 2010-10-13 04:47	--------	d-----w-	c:\windows\system32\5006
2010-10-01 07:42 . 2010-10-01 09:34	--------	d-----w-	c:\program files\Eusing Free Registry Cleaner
2010-09-30 22:57 . 2010-10-01 01:19	--------	d-----w-	c:\documents and settings\All Users\Application Data\MFAData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\system32\5006 ----

2010-10-13 04:47 . 2010-10-13 04:47	539	----a-w-	c:\windows\system32\5006\install.rdf
2010-10-13 04:47 . 2010-10-13 04:47	77	----a-w-	c:\windows\system32\5006\components\AcroFF.txt
2010-10-13 04:47 . 2010-10-13 04:47	195920	----a-w-	c:\windows\system32\5006\components\AcroFF.dll

------- Sigcheck -------

[-] 2010-05-06 . 9BE28F749A7FE7F8F177C6AA2E9DA609 . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
[-] 2010-04-16 . 6B930309A4A246D133A49EADE11E5773 . 3073024 . . [6.00.2900.5969] . . c:\windows\$hf_mig$\KB982381\SP3GDR\mshtml.dll
[-] 2010-04-16 . 9574D5B0C784DA0FD8F6A9BB37936A52 . 3073536 . . [6.00.2900.5969] . . c:\windows\$hf_mig$\KB982381\SP3QFE\mshtml.dll
[-] 2010-04-16 . 149F37C9702F24A50741E56FBC7AE56B . 3073024 . . [6.00.2900.3698] . . c:\windows\$hf_mig$\KB982381\SP2QFE\mshtml.dll
[-] 2010-02-25 . 7054F6ADC9B670887659F1561603B0D0 . 5944832 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB982381-IE8\mshtml.dll
[-] 2010-02-25 . 974772C74DA7C7A8E7C813A9908A845F . 5946880 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
[-] 2009-12-21 . BE6EEBEF636773A8E7A82214E81C563A . 5942784 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\mshtml.dll
[-] 2009-12-21 . E6B64C6C729BBC38AB7CC92CE33F97A5 . 5945856 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
[-] 2009-10-29 . C0F9AC6FAB2C788FFEE3E69585A0E93F . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[-] 2009-10-29 . CBB1EF54B86EDB78649909DD1699E5CA . 5940736 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\mshtml.dll
[-] 2009-10-22 . CDA69BC1C23B0EA033B989F67CB722FF . 5939712 . . [8.00.6001.18852] . . c:\windows\ie8updates\KB976325-IE8\mshtml.dll
[-] 2009-10-22 . A6CF28C6E0B6D10098AB601D85EE55E8 . 5943296 . . [8.00.6001.22942] . . c:\windows\$hf_mig$\KB976749-IE8\SP3QFE\mshtml.dll
[-] 2009-08-29 . 0E49677EE57A928765FC47FFBACD5326 . 5940224 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976749-IE8\mshtml.dll
[-] 2009-08-29 . B68F6E6C66D17D9EDABF3D5DA71046DA . 5942272 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\mshtml.dll
[-] 2009-07-19 . 5A32B43A48D6DCA339BF24105D9A028F . 5937152 . . [8.00.6001.18812] . . c:\windows\ie8updates\KB974455-IE8\mshtml.dll
[-] 2009-07-19 . F25D866DD486AD30E05E5596CB363C3E . 5938176 . . [8.00.6001.22902] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
[-] 2009-05-13 . EEAADAA744B20E68CF5EB4FBB4F8AFA9 . 5936128 . . [8.00.6001.18783] . . c:\windows\ie8updates\KB972260-IE8\mshtml.dll
[-] 2009-05-13 . EEAADAA744B20E68CF5EB4FBB4F8AFA9 . 5936128 . . [8.00.6001.18783] . . c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\mshtml.dll
[-] 2009-05-13 . 1290E417BF806185CC7B2845E78A104E . 5936128 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll
[-] 2009-05-13 . 1290E417BF806185CC7B2845E78A104E . 5936128 . . [8.00.6001.22873] . . c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\mshtml.dll
[-] 2009-04-29 . 2B4315EC9E3124408A2A5074C4B97700 . 3596288 . . [7.00.6000.16850] . . c:\windows\system32\mshtml.dll
[-] 2009-04-29 . 2B4315EC9E3124408A2A5074C4B97700 . 3596288 . . [7.00.6000.16850] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2009-04-29 . C6FD770D518FB024245A0EE217D72BC1 . 3598336 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB969897-IE8\mshtml.dll
[-] 2009-02-21 . 1BB754AB47B327DE8DBF2FA18C36357C . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
[-] 2009-02-20 . C7C3E41CC2F6EB4A629FE2184136C098 . 3595264 . . [7.00.6000.16825] . . c:\windows\ie7updates\KB969897-IE7\mshtml.dll
[-] 2009-01-17 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll
[-] 2009-01-16 . CC9D001B7370B292C35B366CA05B12B4 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[-] 2008-12-13 . 121EC39A64D64205A88C2C45B034B455 . 3593216 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[-] 2008-12-13 . C79FAD61CD4A26ED5AA8C16D991C6FBD . 3594752 . . [7.00.6000.20973] . . c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[-] 2008-10-17 . EACAEDEF6FA2A969DE5B36190D45396F . 3593216 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[-] 2008-10-16 . B74F31A4BD83797D7A083F922169287D . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[-] 2008-08-27 . 1AD035E04A7068EC2820B055A3131ED8 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[-] 2008-08-26 . 25CC085720EE3617FD1F8AB9E2F7CAB2 . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[-] 2008-06-24 . EC936148284F557F19C333178768109B . 3592192 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[-] 2008-06-23 . 28B8231CA8D55FC85E027A57C90F5C88 . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[-] 2008-04-24 . 8976CAB317105F7431B08EA32AB73C65 . 3591680 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll
[-] 2008-04-23 . 4D612FF5D3B7EEF200595AE6F95D5E68 . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mshtml.dll
[-] 2008-03-01 . AB2C88167D78D71D93558ACECB24CC7A . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[-] 2008-03-01 . 4EE273E2B09317C1217EF0DB91F93534 . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[-] 2007-12-08 . A097C36412455F0C7E42377FAF8809B7 . 3592192 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\mshtml.dll
[-] 2007-12-07 . 976C46ED4A75FC66D9C596778898CE1E . 3593216 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 . 54D8B404F17AA74C666F7F3AEF2AE459 . 3593216 . . [7.00.6000.20710] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 . 8AB7ECF59D6EBBE986277B65ED4A40A1 . 3590656 . . [7.00.6000.16587] . . c:\windows\ie7updates\KB944533-IE7\mshtml.dll
[-] 2007-08-20 . E267EE248CDA7667C19001C069DE867B . 3584512 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\mshtml.dll
[-] 2007-08-20 . AA8A4BD78D24FCDB96DDAEE3756AA372 . 3592192 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
[-] 2007-07-19 . BD609A26B683332A0E0E1445C5724851 . 3583488 . . [7.00.6000.16525] . . c:\windows\ie7updates\KB939653-IE7\mshtml.dll
[-] 2007-07-18 . 7CE243CFD47AD0DC431586CB8C542A11 . 3584000 . . [7.00.6000.20641] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll
[-] 2007-05-08 . 1D4E3B86C601A2497C99790CC4D7DF26 . 3584000 . . [7.00.6000.20591] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\mshtml.dll
[-] 2007-05-08 . 5D90A7200F72DACE663EE78DE234FCC7 . 3583488 . . [7.00.6000.16481] . . c:\windows\ie7updates\KB937143-IE7\mshtml.dll
[-] 2007-03-07 . 190E1AE9B973049B12A67BAD478C770C . 3581952 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\mshtml.dll
[-] 2007-03-07 . DA297A862E5F093A07D37C05F608C686 . 3582976 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\mshtml.dll
[-] 2007-01-12 . 5D45318804A30CE9D6EA83066E84B4A7 . 3580416 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\mshtml.dll
[-] 2006-11-08 . CBF04597F9CF7739E572276A2698FDD3 . 3577856 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\mshtml.dll
[-] 2006-10-23 . 88E1C15BB1A9ED3CBA4D6F2F408D5010 . 3061248 . . [6.00.2900.3020] . . c:\windows\ie7\mshtml.dll
[-] 2006-09-14 . CEFEA1C301139A817931BE132F0359FE . 3058688 . . [6.00.2900.2995] . . c:\windows\$NtUninstallKB925454$\mshtml.dll
[-] 2006-07-28 . D251679BD9EF0250201FB899EC40FD32 . 3058176 . . [6.00.2900.2963] . . c:\windows\$NtUninstallKB922760$\mshtml.dll
[7] 2006-03-23 . ABCD123F888E4E97C8751378CCCC4F26 . 3055616 . . [6.00.2900.2873] . . c:\windows\$hf_mig$\KB912812\SP2QFE\mshtml.dll
[7] 2006-03-23 . ABCD123F888E4E97C8751378CCCC4F26 . 3055616 . . [6.00.2900.2873] . . c:\windows\$NtUninstallKB918899$\mshtml.dll
[-] 2006-02-01 . 51C91AC189321A320FC4BC90B56255A3 . 3073024 . . [6.00.2900.2838] . . c:\windows\$hf_mig$\KB912945\SP2QFE\mshtml.dll
[-] 2006-01-31 . 568A97E2B959FDD99557AD953702FC8C . 3070464 . . [6.00.2900.2838] . . c:\windows\$NtUninstallKB912945$\mshtml.dll

[-] 2010-05-06 . C1490F68B44AF8B781F52F12F564625D . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[-] 2010-04-16 . B43B18FB0EB577856883E5A0708AB9EF . 667136 . . [6.00.2900.5969] . . c:\windows\$hf_mig$\KB982381\SP3GDR\wininet.dll
[-] 2010-04-16 . C3052A99A24F462B418632A05328BB38 . 668672 . . [6.00.2900.5969] . . c:\windows\$hf_mig$\KB982381\SP3QFE\wininet.dll
[-] 2010-04-16 . 9CE5DEF97E55E52C23201098DB755280 . 668672 . . [6.00.2900.3698] . . c:\windows\$hf_mig$\KB982381\SP2QFE\wininet.dll
[-] 2010-02-25 . 7A42CFED96CDA7F2FB1A26D1F9F65775 . 916480 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll
[-] 2010-02-25 . 4458D59F2B0369F4D3B137541D284041 . 919040 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
[-] 2009-12-21 . FF4241C74E0C0A5AFFFE05F584213ECB . 916480 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\wininet.dll
[-] 2009-12-21 . 5E1F666B8955FD77E65D65C4C4D882A3 . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[-] 2009-10-29 . 6AF52998B90F72FF2325D84D90EDA1CC . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[-] 2009-10-29 . 75240F6EDBCE7B85DF66874407D38A4F . 916480 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\wininet.dll
[-] 2009-08-29 . CF0A5FE05BF614C24950D8FAEC1BC309 . 916480 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976325-IE8\wininet.dll
[-] 2009-08-29 . 972B226BDAD71C55F3CC9A72BBF8F1C1 . 916480 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll
[-] 2009-07-03 . 7E8A47A2E6561274B83E257CE74803FD . 915456 . . [8.00.6001.18806] . . c:\windows\ie8updates\KB974455-IE8\wininet.dll
[-] 2009-07-03 . 38114DAB42FB2EB84D1726C42B8D80C5 . 915456 . . [8.00.6001.22896] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[-] 2009-05-13 . 366C72AF6970DB7BB39AB0142BF09DB5 . 915456 . . [8.00.6001.18783] . . c:\windows\ie8updates\KB972260-IE8\wininet.dll
[-] 2009-05-13 . 366C72AF6970DB7BB39AB0142BF09DB5 . 915456 . . [8.00.6001.18783] . . c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\wininet.dll
[-] 2009-05-13 . C0EB6850C8A02A154281749DC61FAF22 . 915456 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[-] 2009-05-13 . C0EB6850C8A02A154281749DC61FAF22 . 915456 . . [8.00.6001.22873] . . c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\wininet.dll
[-] 2009-04-29 . 8E2D471157B0DF329D8D0EA5D83B0DDB . 827392 . . [7.00.6000.16850] . . c:\windows\system32\wininet.dll
[-] 2009-04-29 . 8E2D471157B0DF329D8D0EA5D83B0DDB . 827392 . . [7.00.6000.16850] . . c:\windows\system32\dllcache\wininet.dll
[-] 2009-04-29 . 62CCA075F44015147B8971DAFFBCFF76 . 828928 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB969897-IE8\wininet.dll
[-] 2009-03-03 . 28775945CCD53DEE280EF58DEA1A94C4 . 826368 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB969897-IE7\wininet.dll
[-] 2009-03-03 . C8667854873938CA13C986F16B0CD183 . 828416 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[-] 2008-12-20 . 044E0A4E9FE97C0FB9AFE9C89E2A82E6 . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] 2008-12-20 . A82935D32D0672E8FF4E91AE398E901C . 826368 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\wininet.dll
[-] 2008-10-16 . 6741EAF7B7F110E803A6E38F6E5FA6B0 . 826368 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] 2008-10-16 . 0D5B75171FF51775B630A431B6C667E8 . 827904 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . 77C192FE56A70D7FA0247BA0A6201C32 . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . EF8EBA98145BFA44E80D17A3B3453300 . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 2008-06-23 . 8C13D4A7479FA0A026EDA8ABCE82C0ED . 826368 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2008-06-23 . C66402A06B83B036C195242C0C8CF83C . 827904 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2008-04-23 . F6589BE784647CFDBC22EA51CCB1A57A . 826368 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 2008-04-23 . 41546B396A526918DA7995A02EA04E51 . 827392 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wininet.dll
[-] 2008-03-01 . AD21461AEF8244EDEC2EF18E55E1DCF3 . 826368 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2008-03-01 . 6316C2F0C61271C8ABDFF7429174879E . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2007-12-07 . 806D274C9A6C3AAEA5EAE8E4AF841E04 . 824832 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\wininet.dll
[-] 2007-12-07 . B5B411BB229AE6EAD7652A32ED47BFB9 . 825344 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[-] 2007-10-10 . 30C1E0F34AD2972C72A01DB5C74AB065 . 824832 . . [7.00.6000.16574] . . c:\windows\ie7updates\KB944533-IE7\wininet.dll
[-] 2007-10-10 . 0E5D918F87EFA7D2424D66B499C7EB04 . 825344 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[-] 2007-08-20 . 774435E499D8E9643EC961A6103C361F . 824832 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\wininet.dll
[-] 2007-08-20 . 357D54BF94FE9D6D8505A96B5C2A3BCA . 825344 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 . D6ED5E042C5207553E7F5E842918137F . 824320 . . [7.00.6000.20627] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 . 8068CBB58FE60CC95AEB2CFF70178208 . 823808 . . [7.00.6000.16512] . . c:\windows\ie7updates\KB939653-IE7\wininet.dll
[-] 2007-04-25 . 431DEFBB4A3D7B0DC062C1B064623A2F . 823808 . . [7.00.6000.20583] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
[-] 2007-04-25 . 0586A7F0B2FDB94D624F399D4728E7C8 . 822784 . . [7.00.6000.16473] . . c:\windows\ie7updates\KB937143-IE7\wininet.dll
[-] 2007-03-07 . 5B35DAE6E4886F64D1DA58C4E3E01EB9 . 822784 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\wininet.dll
[-] 2007-03-07 . B8F4DB39CA7353752F245379D285C80E . 823296 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
[-] 2007-01-12 . BE43D00D802C92F01C8CC952C6F483F8 . 822784 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\wininet.dll
[-] 2006-11-08 . 92995334F993E6E49C25C6D02EC04401 . 818688 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\wininet.dll
[-] 2006-10-23 . 231EF4179ACABE486376B5CA893F1076 . 664576 . . [6.00.2900.3020] . . c:\windows\ie7\wininet.dll
[-] 2006-09-14 . D207370287CF769AEBEBF03837784963 . 664576 . . [6.00.2900.2995] . . c:\windows\$NtUninstallKB925454$\wininet.dll
[-] 2006-06-23 . 64CE26DB72810B30F7855EA51E1DF836 . 664576 . . [6.00.2900.2937] . . c:\windows\$NtUninstallKB922760$\wininet.dll
[7] 2006-03-04 . C0845ECBF4F9164E618EE381B79C9032 . 663552 . . [6.00.2900.2861] . . c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[7] 2006-03-04 . C0845ECBF4F9164E618EE381B79C9032 . 663552 . . [6.00.2900.2861] . . c:\windows\$NtUninstallKB918899$\wininet.dll
[-] 2006-01-09 . D9E3F8440D208698B3F0E5CFAC26DAA1 . 658432 . . [6.00.2900.2823] . . c:\windows\$NtUninstallKB912945$\wininet.dll
[-] 2006-01-09 . DDE9597A3311748C1519444E2BC147BD . 662016 . . [6.00.2900.2823] . . c:\windows\$hf_mig$\KB912945\SP2QFE\wininet.dll
.
((((((((((((((((((((((((((((( [email protected]_08.50.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-25 21:23 . 2010-10-25 21:23	16384 c:\windows\TEMP\Perflib_Perfdata_670.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\program files\AIM7\aim.exe" [2009-10-01 3634024]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2009-10-01 20:20	3634024	----a-w-	c:\program files\AIM7\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-09-04 00:12	111936	----a-w-	c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 10:00	15360	----a-w-	c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
2004-08-04 10:00	44032	-c--a-w-	c:\windows\ime\imkr6_1\imekrmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12	1695232	------w-	c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 20:18	413696	----a-w-	c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 20:21	246504	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-03-06 02:50	185896	----a-w-	c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 20:45	313472	----a-r-	c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\utorrent\\utorrent.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Rebellion\\REBEXE.EXE"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Xming\\Xming.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\ds9\\ds9.exe"=
"c:\\Program Files\\AIM7\\aim.exe"=
"c:\\Program Files\\Maple 12\\jre\\bin\\maple.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/10/2010 2:21 AM 135336]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 pmodem;pmodem;\??\c:\docume~1\Scotty\LOCALS~1\Temp\pmodem.sys --> c:\docume~1\Scotty\LOCALS~1\Temp\pmodem.sys [?]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/7/2006 8:53 PM 715248]
.
Contents of the 'Scheduled Tasks' folder

2010-09-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-10-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-19 04:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001
uInternet Connection Wizard,ShellNext = iexplore
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {BD4C7EDB-A392-11D9-8BFB-0040953018D7} - hxxp://www.streamerp2p.com/sfiles/phasex.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath - c:\documents and settings\Scotty\Application Data\Mozilla\Firefox\Profiles\dx0jryt7.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 1039
FF - prefs.js: network.proxy.type - 0
FF - component: c:\windows\system32\5006\components\AcroFF.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-25 17:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.0 by Gmer, http://www.gmer.net
Windows 5.1.2600

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x864C5C76]<< 
1 ntkrnlpa!IofCallDriver[0x804EEECC] -> \Device\Harddisk0\DR0[0x86567AB8]
2 ntkrnlpa[0x804EEECC] -> CLASSPNP.SYS[0xF761E05B] -> \Device\Harddisk0\DR0[0x86567AB8]
3 CLASSPNP[0xF761E05B] -> ntkrnlpa!IofCallDriver[0x804EEECC] -> [0x86566D80]
\Driver\atapi[0x864C0B60] -> IRP_MJ_CREATE -> 0x864C5C76
4 ntkrnlpa[0x804EEECC] -> UNKNOWN[0x864C5C79] -> [0x86566D80]
kernel: MBR read successfully
detected hooks:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskTOSHIBA_MK1032GSX_______________________AS022D__#5&19c84639&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
\Driver\Disk -> CLASSPNP.SYS @ 0xf7621fc3
\Driver\ACPI -> ACPI.sys @ 0xf7494cb8
\Driver\atapi DriverStartIo -> 0x864C5ABF
\Driver\atapi -> atapi.sys @ 0xf744c7b4
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582368
SecurityProcedure -> ntkrnlpa.exe @ 0x80582a0a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582368
SecurityProcedure -> ntkrnlpa.exe @ 0x80582a0a
NDIS: Intel(R) PRO/Wireless 3945ABG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf732bba0
PacketIndicateHandler -> NDIS.sys @ 0xf7338b21
SendHandler -> NDIS.sys @ 0xf731687b
user != kernel MBR !!! 
sectors 192426314 (+255): user != kernel

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\è*}*0 ]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\¬ *5*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(788)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\stsystra.exe
.
**************************************************************************
.
Completion time: 2010-10-25 17:41:24 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-25 21:41
ComboFix2.txt 2010-10-25 08:58
ComboFix3.txt 2007-11-24 04:16

Pre-Run: 5,667,483,648 bytes free
Post-Run: 5,630,877,696 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 1C2EE6C01341309A8D78BFDDBCA7509B

2010/10/26 01:28:02.0312	TDSS rootkit removing tool 2.4.5.0 Oct 25 2010 09:49:04
2010/10/26 01:28:02.0312	================================================================================
2010/10/26 01:28:02.0312	SystemInfo:
2010/10/26 01:28:02.0312	
2010/10/26 01:28:02.0312	OS Version: 5.1.2600 ServicePack: 2.0
2010/10/26 01:28:02.0312	Product type: Workstation
2010/10/26 01:28:02.0312	ComputerName: HAL
2010/10/26 01:28:02.0312	UserName: Scotty
2010/10/26 01:28:02.0312	Windows directory: C:\WINDOWS
2010/10/26 01:28:02.0312	System windows directory: C:\WINDOWS
2010/10/26 01:28:02.0312	Processor architecture: Intel x86
2010/10/26 01:28:02.0312	Number of processors: 2
2010/10/26 01:28:02.0312	Page size: 0x1000
2010/10/26 01:28:02.0312	Boot type: Normal boot
2010/10/26 01:28:02.0312	================================================================================
2010/10/26 01:28:02.0828	Initialize success
2010/10/26 01:28:06.0140	================================================================================
2010/10/26 01:28:06.0140	Scan started
2010/10/26 01:28:06.0140	Mode: Manual; 
2010/10/26 01:28:06.0140	================================================================================
2010/10/26 01:28:08.0187	abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/10/26 01:28:08.0265	ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/26 01:28:08.0312	ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/26 01:28:08.0421	adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/10/26 01:28:08.0484	aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2010/10/26 01:28:08.0531	AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/10/26 01:28:08.0640	AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2010/10/26 01:28:08.0687	agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/10/26 01:28:08.0734	agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/10/26 01:28:08.0781	Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/10/26 01:28:08.0843	aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/10/26 01:28:08.0953	aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/10/26 01:28:09.0015	AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/10/26 01:28:09.0062	alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/10/26 01:28:09.0125	amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/10/26 01:28:09.0171	amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/10/26 01:28:09.0250	APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2010/10/26 01:28:09.0312	Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/10/26 01:28:09.0359	asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/10/26 01:28:09.0421	asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/10/26 01:28:09.0468	asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/10/26 01:28:09.0578	AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/26 01:28:09.0625	atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/26 01:28:09.0734	Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/26 01:28:09.0781	audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/26 01:28:09.0921	avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2010/10/26 01:28:10.0046	avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2010/10/26 01:28:10.0093	avipbb (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2010/10/26 01:28:10.0171	bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2010/10/26 01:28:10.0234	Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/26 01:28:10.0343	cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/10/26 01:28:10.0375	cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/26 01:28:10.0437	CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/10/26 01:28:10.0484	cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/10/26 01:28:10.0531	Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/26 01:28:10.0593	Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/26 01:28:10.0640	Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/26 01:28:10.0703	cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2010/10/26 01:28:10.0828	CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/10/26 01:28:10.0859	CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/10/26 01:28:10.0906	Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/10/26 01:28:10.0984	Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/10/26 01:28:11.0046	dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/10/26 01:28:11.0156	dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/10/26 01:28:11.0218	Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/26 01:28:11.0312	dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/26 01:28:11.0421	dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/26 01:28:11.0500	dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/26 01:28:11.0546	DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/26 01:28:11.0609	dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/10/26 01:28:11.0656	drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/26 01:28:11.0718	drvmcdb (96bc8f872f0270c10edc3931f1c03776) C:\WINDOWS\system32\drivers\drvmcdb.sys
2010/10/26 01:28:11.0781	drvnddm (5afbec7a6ac61b211633dfdb1d9e0c89) C:\WINDOWS\system32\drivers\drvnddm.sys
2010/10/26 01:28:11.0890	DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2010/10/26 01:28:11.0937	dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2010/10/26 01:28:12.0015	E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/10/26 01:28:12.0187	Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/26 01:28:12.0281	Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/26 01:28:12.0343	FilterService (bcef16e3aedd1b44bca45f748d975d73) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2010/10/26 01:28:12.0468	Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/26 01:28:12.0515	Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/10/26 01:28:12.0562	FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/26 01:28:12.0625	Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/26 01:28:12.0687	Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/26 01:28:12.0734	GearAspiWDM (df6e37b27a9a1a498c6d9f29995b7a03) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/10/26 01:28:12.0765	Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/26 01:28:12.0843	hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2010/10/26 01:28:12.0890	HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/10/26 01:28:12.0968	HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/26 01:28:13.0031	hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/10/26 01:28:13.0078	HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/10/26 01:28:13.0218	HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/10/26 01:28:13.0281	HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/10/26 01:28:13.0343	HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2010/10/26 01:28:13.0421	HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2010/10/26 01:28:13.0531	HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/26 01:28:13.0625	i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/10/26 01:28:13.0843	i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/10/26 01:28:13.0984	i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/26 01:28:14.0281	ialm (2aae7be67911f4aec9ad28e9cfb9096f) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/10/26 01:28:14.0546	Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/26 01:28:14.0640	ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/10/26 01:28:14.0703	IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/10/26 01:28:14.0765	intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/26 01:28:14.0828	Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/26 01:28:14.0859	IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/26 01:28:14.0906	IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/26 01:28:14.0953	IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/26 01:28:15.0000	IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/26 01:28:15.0062	IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/26 01:28:15.0125	isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/26 01:28:15.0171	Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/26 01:28:15.0234	kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/26 01:28:15.0296	KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/26 01:28:15.0546	LVcKap (8113133ec42dd6c566908008ce913edd) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
2010/10/26 01:28:15.0890	LVMVDrv (0dd5b8af4917a2821047450195c511b3) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
2010/10/26 01:28:16.0109	lvpopflt (e1158b0cb852db0573922c92e6e564de) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
2010/10/26 01:28:16.0203	LVPr2Mon (406b1d186f75b4b4832d6237859e1b00) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2010/10/26 01:28:16.0296	LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\WINDOWS\system32\drivers\LVUSBSta.sys
2010/10/26 01:28:16.0546	LVUVC (eacd1eb2d82ed2adc753afeee1d4d660) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2010/10/26 01:28:16.0718	mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/10/26 01:28:16.0781	mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/26 01:28:16.0859	Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/26 01:28:16.0906	Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/26 01:28:16.0968	mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/26 01:28:17.0015	MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/26 01:28:17.0078	mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/10/26 01:28:17.0140	MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/26 01:28:17.0203	MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/26 01:28:17.0296	Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/26 01:28:17.0359	MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/26 01:28:17.0406	MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/26 01:28:17.0437	MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/26 01:28:17.0484	mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/26 01:28:17.0531	MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/10/26 01:28:17.0562	Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/26 01:28:17.0625	NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/10/26 01:28:17.0718	NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/26 01:28:17.0765	NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/10/26 01:28:17.0812	NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/26 01:28:17.0859	Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/26 01:28:17.0921	NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/26 01:28:17.0953	NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/26 01:28:18.0000	NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/26 01:28:18.0046	NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/26 01:28:18.0140	NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/10/26 01:28:18.0234	Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/26 01:28:18.0328	Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/26 01:28:18.0406	Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/26 01:28:18.0531	nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/10/26 01:28:18.0687	NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/26 01:28:18.0734	NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/26 01:28:18.0796	ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/10/26 01:28:18.0828	omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
2010/10/26 01:28:18.0906	Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/26 01:28:18.0937	PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/26 01:28:18.0984	ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/26 01:28:19.0031	PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/26 01:28:19.0109	PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/26 01:28:19.0171	Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/26 01:28:19.0375	perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/10/26 01:28:19.0421	perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/10/26 01:28:19.0687	PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/26 01:28:19.0750	PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/26 01:28:19.0812	Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/26 01:28:19.0843	PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/10/26 01:28:19.0906	ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/10/26 01:28:19.0953	Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/10/26 01:28:20.0000	ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/10/26 01:28:20.0062	ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/10/26 01:28:20.0109	ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/10/26 01:28:20.0156	RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/26 01:28:20.0234	Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/26 01:28:20.0281	RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/26 01:28:20.0328	Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/26 01:28:20.0406	Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/26 01:28:20.0453	RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/26 01:28:20.0515	rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/26 01:28:20.0640	RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/26 01:28:20.0687	redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/26 01:28:20.0750	rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2010/10/26 01:28:20.0796	rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2010/10/26 01:28:20.0859	rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2010/10/26 01:28:20.0953	s24trans (2e4e912ce95f5ef4d4a5079f6ce367fc) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2010/10/26 01:28:21.0015	SbcpHid (aaf28ab6effd8990bfe20398e92f101e) C:\WINDOWS\system32\Drivers\SbcpHid.sys
2010/10/26 01:28:21.0093	sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/10/26 01:28:21.0140	SDDMI2 (8edd7b9e4a4b4c16e2dab9188caa861b) C:\WINDOWS\system32\DDMI2.sys
2010/10/26 01:28:21.0171	Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/26 01:28:21.0250	serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/26 01:28:21.0546	Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/26 01:28:21.0640	sffdisk (1d9f1bec651815741f088a8fb88e17ee) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2010/10/26 01:28:21.0671	sffp_sd (586499fd312ffd7f78553f408e71682e) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2010/10/26 01:28:21.0750	Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/26 01:28:21.0875	sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/10/26 01:28:21.0921	SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/10/26 01:28:22.0062	Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/10/26 01:28:22.0109	splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/26 01:28:22.0218	sptd (0c1dad75274cb6e31f053ce3e08bf9c3) C:\WINDOWS\System32\Drivers\sptd.sys
2010/10/26 01:28:22.0265	sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/26 01:28:22.0343	Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/26 01:28:22.0390	sscdbhk5 (98625722ad52b40305e74aaa83c93086) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2010/10/26 01:28:22.0453	ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2010/10/26 01:28:22.0515	ssrtln (d79412e3942c8a257253487536d5a994) C:\WINDOWS\system32\drivers\ssrtln.sys
2010/10/26 01:28:22.0625	STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
2010/10/26 01:28:22.0718	streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/10/26 01:28:22.0765	swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/26 01:28:22.0812	swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/26 01:28:22.0937	symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/10/26 01:28:23.0000	symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/10/26 01:28:23.0046	sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/10/26 01:28:23.0109	sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/10/26 01:28:23.0171	SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/10/26 01:28:23.0234	sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/26 01:28:23.0343	Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/26 01:28:23.0468	TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/26 01:28:23.0500	TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/26 01:28:23.0546	TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/26 01:28:23.0734	tfsnboio (d0177776e11b0b3f272eebd262a69661) C:\WINDOWS\system32\dla\tfsnboio.sys
2010/10/26 01:28:23.0828	tfsncofs (599804bc938b8305a5422319774da871) C:\WINDOWS\system32\dla\tfsncofs.sys
2010/10/26 01:28:23.0859	tfsndrct (a1902c00adc11c4d83f8e3ed947a6a32) C:\WINDOWS\system32\dla\tfsndrct.sys
2010/10/26 01:28:23.0890	tfsndres (d8ddb3f2b1bef15cff6728d89c042c61) C:\WINDOWS\system32\dla\tfsndres.sys
2010/10/26 01:28:23.0937	tfsnifs (c4f2dea75300971cdaee311007de138d) C:\WINDOWS\system32\dla\tfsnifs.sys
2010/10/26 01:28:23.0968	tfsnopio (272925be0ea919f08286d2ee6f102b0f) C:\WINDOWS\system32\dla\tfsnopio.sys
2010/10/26 01:28:24.0015	tfsnpool (7b7d955e5cebc2fb88b03ef875d52a2f) C:\WINDOWS\system32\dla\tfsnpool.sys
2010/10/26 01:28:24.0046	tfsnudf (e3d01263109d800c1967c12c10a0b018) C:\WINDOWS\system32\dla\tfsnudf.sys
2010/10/26 01:28:24.0093	tfsnudfa (b9e9c377906e3a65bc74598fff7f7458) C:\WINDOWS\system32\dla\tfsnudfa.sys
2010/10/26 01:28:24.0203	TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/10/26 01:28:24.0281	Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/26 01:28:24.0343	ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/10/26 01:28:24.0421	Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/26 01:28:24.0515	usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/10/26 01:28:24.0578	usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/26 01:28:24.0625	usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/26 01:28:24.0718	usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/26 01:28:24.0781	usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/26 01:28:24.0828	usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/26 01:28:24.0875	USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/26 01:28:24.0921	usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/26 01:28:24.0968	usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/10/26 01:28:25.0031	VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/10/26 01:28:25.0078	viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/10/26 01:28:25.0140	ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/10/26 01:28:25.0187	VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/26 01:28:25.0312	w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2010/10/26 01:28:25.0421	Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/26 01:28:25.0562	wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/26 01:28:25.0671	winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/10/26 01:28:25.0906	WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/10/26 01:28:25.0968	WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/10/26 01:28:26.0031	WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/26 01:28:26.0078	WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/10/26 01:28:26.0203	\HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/10/26 01:28:26.0218	================================================================================
2010/10/26 01:28:26.0218	Scan finished
2010/10/26 01:28:26.0218	================================================================================
2010/10/26 01:28:26.0250	Detected object count: 1
2010/10/26 01:28:38.0906	\HardDisk0\MBR - will be cured after reboot
2010/10/26 01:28:38.0906	Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure
2010/10/26 01:28:53.0625	Deinitialize success

Vast improvement as far as I can tell. Error messages are all gone. Programs are stable. Browsing is back to normal.


----------



## oldman960 (Apr 8, 2010)

Hi DokiDoki,

Looks better.

*Please follow all previous instructions regarding security programs. *

Open a new Notepad session 

Click the *Start *button, click *run*
in the run box type *notepad*
click* ok*
In the notepad, Click "Format" and be certain that Word Wrap is *not checked*.
Copy and paste *all* the text in the code box below into the Notepad. *Do Not *copy the word *CODE*



```
Folder::
c:\windows\system32\5006
 
FireFox::
FF - ProfilePath - c:\documents and settings\Scotty\Application Data\Mozilla\Firefox\Profiles\dx0jryt7.default\
FF - prefs.js: network.proxy.http_port - 1039
FF - component: c:\windows\system32\5006\components\AcroFF.dll
 
Registry::
[HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions]
"{ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}"=- 
 
Driver::
pmodem
TfFsMon
TfSysMon
TfNetMon
```
In the notepad 

Click *File*, *Save as*..., and set the *Save in* to your *Desktop*
In the *filename* box, type (including quotation marks) as the filename: *"CFScript.txt"*
Click *save*
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

***Note: Do not mouseclick combofix's window while it's running. That may cause it to stall***









*Next*

Please download MBRCheck.exe to your desktop.

Be sure to disable your security programs
Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press *N* then press *Enter* twice.
If nothing unusual is found just press *Enter*
A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.

Please post back with

combofix log
MBRCheck log
Thanks


----------



## DokiDoki (Oct 23, 2010)

ComboFix 10-10-26.04 - Scotty 10/27/2010 15:59:01.9.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.505 [GMT -4:00]
Running from: c:\documents and settings\Scotty\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Scotty\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\5006
c:\windows\system32\5006\components\AcroFF.dll
c:\windows\system32\5006\components\AcroFF.txt
c:\windows\system32\5006\install.rdf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TFFSMON
-------\Legacy_TFNETMON
-------\Legacy_TFSYSMON
-------\Service_pmodem
-------\Service_TfFsMon
-------\Service_TfNetMon
-------\Service_TfSysMon

((((((((((((((((((((((((( Files Created from 2010-09-27 to 2010-10-27 )))))))))))))))))))))))))))))))
.

2010-10-24 20:59 . 2010-10-24 20:59	--------	d-----w-	C:\_OTL
2010-10-01 07:42 . 2010-10-01 09:34	--------	d-----w-	c:\program files\Eusing Free Registry Cleaner
2010-09-30 22:57 . 2010-10-01 01:19	--------	d-----w-	c:\documents and settings\All Users\Application Data\MFAData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

------- Sigcheck -------

[-] 2010-05-06 . 9BE28F749A7FE7F8F177C6AA2E9DA609 . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
[-] 2010-05-04 . F247F7AC6713066D4C71721BDC73FC2E . 3600384 . . [7.00.6000.17063] . . c:\windows\SoftwareDistribution\Download\da350b0b03b15d30eb758fde8c0df67a\sp3gdr\mshtml.dll
[-] 2010-05-04 . C466BDCDFAE6F6EFD618F34BA90B1923 . 3603456 . . [7.00.6000.21264] . . c:\windows\SoftwareDistribution\Download\da350b0b03b15d30eb758fde8c0df67a\sp3qfe\mshtml.dll
[-] 2010-04-16 . 6B930309A4A246D133A49EADE11E5773 . 3073024 . . [6.00.2900.5969] . . c:\windows\$hf_mig$\KB982381\SP3GDR\mshtml.dll
[-] 2010-04-16 . 9574D5B0C784DA0FD8F6A9BB37936A52 . 3073536 . . [6.00.2900.5969] . . c:\windows\$hf_mig$\KB982381\SP3QFE\mshtml.dll
[-] 2010-04-16 . 149F37C9702F24A50741E56FBC7AE56B . 3073024 . . [6.00.2900.3698] . . c:\windows\$hf_mig$\KB982381\SP2QFE\mshtml.dll
[-] 2010-02-25 . 7054F6ADC9B670887659F1561603B0D0 . 5944832 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB982381-IE8\mshtml.dll
[-] 2010-02-25 . 974772C74DA7C7A8E7C813A9908A845F . 5946880 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
[-] 2009-12-21 . BE6EEBEF636773A8E7A82214E81C563A . 5942784 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\mshtml.dll
[-] 2009-12-21 . E6B64C6C729BBC38AB7CC92CE33F97A5 . 5945856 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
[-] 2009-10-29 . C0F9AC6FAB2C788FFEE3E69585A0E93F . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[-] 2009-10-29 . CBB1EF54B86EDB78649909DD1699E5CA . 5940736 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\mshtml.dll
[-] 2009-10-22 . CDA69BC1C23B0EA033B989F67CB722FF . 5939712 . . [8.00.6001.18852] . . c:\windows\ie8updates\KB976325-IE8\mshtml.dll
[-] 2009-10-22 . A6CF28C6E0B6D10098AB601D85EE55E8 . 5943296 . . [8.00.6001.22942] . . c:\windows\$hf_mig$\KB976749-IE8\SP3QFE\mshtml.dll
[-] 2009-08-29 . 0E49677EE57A928765FC47FFBACD5326 . 5940224 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976749-IE8\mshtml.dll
[-] 2009-08-29 . B68F6E6C66D17D9EDABF3D5DA71046DA . 5942272 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\mshtml.dll
[-] 2009-07-19 . 5A32B43A48D6DCA339BF24105D9A028F . 5937152 . . [8.00.6001.18812] . . c:\windows\ie8updates\KB974455-IE8\mshtml.dll
[-] 2009-07-19 . F25D866DD486AD30E05E5596CB363C3E . 5938176 . . [8.00.6001.22902] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll
[-] 2009-05-13 . EEAADAA744B20E68CF5EB4FBB4F8AFA9 . 5936128 . . [8.00.6001.18783] . . c:\windows\ie8updates\KB972260-IE8\mshtml.dll
[-] 2009-05-13 . EEAADAA744B20E68CF5EB4FBB4F8AFA9 . 5936128 . . [8.00.6001.18783] . . c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\mshtml.dll
[-] 2009-05-13 . 1290E417BF806185CC7B2845E78A104E . 5936128 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll
[-] 2009-05-13 . 1290E417BF806185CC7B2845E78A104E . 5936128 . . [8.00.6001.22873] . . c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\mshtml.dll
[-] 2009-04-29 . 2B4315EC9E3124408A2A5074C4B97700 . 3596288 . . [7.00.6000.16850] . . c:\windows\system32\mshtml.dll
[-] 2009-04-29 . 2B4315EC9E3124408A2A5074C4B97700 . 3596288 . . [7.00.6000.16850] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2009-04-29 . C6FD770D518FB024245A0EE217D72BC1 . 3598336 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB969897-IE8\mshtml.dll
[-] 2009-02-21 . 1BB754AB47B327DE8DBF2FA18C36357C . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
[-] 2009-02-20 . C7C3E41CC2F6EB4A629FE2184136C098 . 3595264 . . [7.00.6000.16825] . . c:\windows\ie7updates\KB969897-IE7\mshtml.dll
[-] 2009-01-17 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll
[-] 2009-01-16 . CC9D001B7370B292C35B366CA05B12B4 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[-] 2008-12-13 . 121EC39A64D64205A88C2C45B034B455 . 3593216 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[-] 2008-12-13 . C79FAD61CD4A26ED5AA8C16D991C6FBD . 3594752 . . [7.00.6000.20973] . . c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[-] 2008-10-17 . EACAEDEF6FA2A969DE5B36190D45396F . 3593216 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[-] 2008-10-16 . B74F31A4BD83797D7A083F922169287D . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[-] 2008-08-27 . 1AD035E04A7068EC2820B055A3131ED8 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[-] 2008-08-26 . 25CC085720EE3617FD1F8AB9E2F7CAB2 . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[-] 2008-06-24 . EC936148284F557F19C333178768109B . 3592192 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[-] 2008-06-23 . 28B8231CA8D55FC85E027A57C90F5C88 . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[-] 2008-04-24 . 8976CAB317105F7431B08EA32AB73C65 . 3591680 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll
[-] 2008-04-23 . 4D612FF5D3B7EEF200595AE6F95D5E68 . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mshtml.dll
[7] 2008-03-01 . AB2C88167D78D71D93558ACECB24CC7A . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[7] 2008-03-01 . 4EE273E2B09317C1217EF0DB91F93534 . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[7] 2007-12-08 . A097C36412455F0C7E42377FAF8809B7 . 3592192 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\mshtml.dll
[7] 2007-12-07 . 976C46ED4A75FC66D9C596778898CE1E . 3593216 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
[7] 2007-10-30 . 54D8B404F17AA74C666F7F3AEF2AE459 . 3593216 . . [7.00.6000.20710] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
[7] 2007-10-30 . 8AB7ECF59D6EBBE986277B65ED4A40A1 . 3590656 . . [7.00.6000.16587] . . c:\windows\ie7updates\KB944533-IE7\mshtml.dll
[7] 2007-08-20 . E267EE248CDA7667C19001C069DE867B . 3584512 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\mshtml.dll
[7] 2007-08-20 . AA8A4BD78D24FCDB96DDAEE3756AA372 . 3592192 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
[7] 2007-07-19 . BD609A26B683332A0E0E1445C5724851 . 3583488 . . [7.00.6000.16525] . . c:\windows\ie7updates\KB939653-IE7\mshtml.dll
[7] 2007-07-18 . 7CE243CFD47AD0DC431586CB8C542A11 . 3584000 . . [7.00.6000.20641] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll
[7] 2007-05-08 . 1D4E3B86C601A2497C99790CC4D7DF26 . 3584000 . . [7.00.6000.20591] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\mshtml.dll
[7] 2007-05-08 . 5D90A7200F72DACE663EE78DE234FCC7 . 3583488 . . [7.00.6000.16481] . . c:\windows\ie7updates\KB937143-IE7\mshtml.dll
[7] 2007-03-07 . 190E1AE9B973049B12A67BAD478C770C . 3581952 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\mshtml.dll
[7] 2007-03-07 . DA297A862E5F093A07D37C05F608C686 . 3582976 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\mshtml.dll
[-] 2007-01-12 . 5D45318804A30CE9D6EA83066E84B4A7 . 3580416 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\mshtml.dll
[-] 2006-11-08 . CBF04597F9CF7739E572276A2698FDD3 . 3577856 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\mshtml.dll
[7] 2006-10-23 . 88E1C15BB1A9ED3CBA4D6F2F408D5010 . 3061248 . . [6.00.2900.3020] . . c:\windows\ie7\mshtml.dll
[7] 2006-09-14 . CEFEA1C301139A817931BE132F0359FE . 3058688 . . [6.00.2900.2995] . . c:\windows\$NtUninstallKB925454$\mshtml.dll
[-] 2006-07-28 . D251679BD9EF0250201FB899EC40FD32 . 3058176 . . [6.00.2900.2963] . . c:\windows\$NtUninstallKB922760$\mshtml.dll
[7] 2006-03-23 . ABCD123F888E4E97C8751378CCCC4F26 . 3055616 . . [6.00.2900.2873] . . c:\windows\$hf_mig$\KB912812\SP2QFE\mshtml.dll
[7] 2006-03-23 . ABCD123F888E4E97C8751378CCCC4F26 . 3055616 . . [6.00.2900.2873] . . c:\windows\$NtUninstallKB918899$\mshtml.dll
[7] 2006-02-01 . 51C91AC189321A320FC4BC90B56255A3 . 3073024 . . [6.00.2900.2838] . . c:\windows\$hf_mig$\KB912945\SP2QFE\mshtml.dll
[7] 2006-01-31 . 568A97E2B959FDD99557AD953702FC8C . 3070464 . . [6.00.2900.2838] . . c:\windows\$NtUninstallKB912945$\mshtml.dll

[-] 2010-05-06 . C1490F68B44AF8B781F52F12F564625D . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[-] 2010-05-04 . 83306356DE710DA87ED91A6AF6233214 . 832512 . . [7.00.6000.17055] . . c:\windows\SoftwareDistribution\Download\da350b0b03b15d30eb758fde8c0df67a\sp3gdr\wininet.dll
[-] 2010-05-04 . 506B3DCB9C26070072E3047C6910F844 . 841216 . . [7.00.6000.21256] . . c:\windows\SoftwareDistribution\Download\da350b0b03b15d30eb758fde8c0df67a\sp3qfe\wininet.dll
[-] 2010-04-16 . B43B18FB0EB577856883E5A0708AB9EF . 667136 . . [6.00.2900.5969] . . c:\windows\$hf_mig$\KB982381\SP3GDR\wininet.dll
[-] 2010-04-16 . C3052A99A24F462B418632A05328BB38 . 668672 . . [6.00.2900.5969] . . c:\windows\$hf_mig$\KB982381\SP3QFE\wininet.dll
[-] 2010-04-16 . 9CE5DEF97E55E52C23201098DB755280 . 668672 . . [6.00.2900.3698] . . c:\windows\$hf_mig$\KB982381\SP2QFE\wininet.dll
[-] 2010-02-25 . 7A42CFED96CDA7F2FB1A26D1F9F65775 . 916480 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll
[-] 2010-02-25 . 4458D59F2B0369F4D3B137541D284041 . 919040 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
[-] 2009-12-21 . FF4241C74E0C0A5AFFFE05F584213ECB . 916480 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\wininet.dll
[-] 2009-12-21 . 5E1F666B8955FD77E65D65C4C4D882A3 . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[-] 2009-10-29 . 6AF52998B90F72FF2325D84D90EDA1CC . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[-] 2009-10-29 . 75240F6EDBCE7B85DF66874407D38A4F . 916480 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\wininet.dll
[-] 2009-08-29 . CF0A5FE05BF614C24950D8FAEC1BC309 . 916480 . . [8.00.6001.18828] . . c:\windows\ie8updates\KB976325-IE8\wininet.dll
[-] 2009-08-29 . 972B226BDAD71C55F3CC9A72BBF8F1C1 . 916480 . . [8.00.6001.22918] . . c:\windows\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll
[-] 2009-07-03 . 7E8A47A2E6561274B83E257CE74803FD . 915456 . . [8.00.6001.18806] . . c:\windows\ie8updates\KB974455-IE8\wininet.dll
[-] 2009-07-03 . 38114DAB42FB2EB84D1726C42B8D80C5 . 915456 . . [8.00.6001.22896] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[-] 2009-05-13 . 366C72AF6970DB7BB39AB0142BF09DB5 . 915456 . . [8.00.6001.18783] . . c:\windows\ie8updates\KB972260-IE8\wininet.dll
[-] 2009-05-13 . 366C72AF6970DB7BB39AB0142BF09DB5 . 915456 . . [8.00.6001.18783] . . c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\wininet.dll
[-] 2009-05-13 . C0EB6850C8A02A154281749DC61FAF22 . 915456 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[-] 2009-05-13 . C0EB6850C8A02A154281749DC61FAF22 . 915456 . . [8.00.6001.22873] . . c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\wininet.dll
[-] 2009-04-29 . 8E2D471157B0DF329D8D0EA5D83B0DDB . 827392 . . [7.00.6000.16850] . . c:\windows\system32\wininet.dll
[-] 2009-04-29 . 8E2D471157B0DF329D8D0EA5D83B0DDB . 827392 . . [7.00.6000.16850] . . c:\windows\system32\dllcache\wininet.dll
[-] 2009-04-29 . 62CCA075F44015147B8971DAFFBCFF76 . 828928 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB969897-IE8\wininet.dll
[-] 2009-03-03 . 28775945CCD53DEE280EF58DEA1A94C4 . 826368 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB969897-IE7\wininet.dll
[-] 2009-03-03 . C8667854873938CA13C986F16B0CD183 . 828416 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[-] 2008-12-20 . 044E0A4E9FE97C0FB9AFE9C89E2A82E6 . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] 2008-12-20 . A82935D32D0672E8FF4E91AE398E901C . 826368 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\wininet.dll
[-] 2008-10-16 . 6741EAF7B7F110E803A6E38F6E5FA6B0 . 826368 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] 2008-10-16 . 0D5B75171FF51775B630A431B6C667E8 . 827904 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . 77C192FE56A70D7FA0247BA0A6201C32 . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . EF8EBA98145BFA44E80D17A3B3453300 . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 2008-06-23 . 8C13D4A7479FA0A026EDA8ABCE82C0ED . 826368 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2008-06-23 . C66402A06B83B036C195242C0C8CF83C . 827904 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2008-04-23 . F6589BE784647CFDBC22EA51CCB1A57A . 826368 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 2008-04-23 . 41546B396A526918DA7995A02EA04E51 . 827392 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wininet.dll
[7] 2008-03-01 . AD21461AEF8244EDEC2EF18E55E1DCF3 . 826368 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\wininet.dll
[7] 2008-03-01 . 6316C2F0C61271C8ABDFF7429174879E . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[7] 2007-12-07 . 806D274C9A6C3AAEA5EAE8E4AF841E04 . 824832 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\wininet.dll
[7] 2007-12-07 . B5B411BB229AE6EAD7652A32ED47BFB9 . 825344 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[7] 2007-10-10 . 30C1E0F34AD2972C72A01DB5C74AB065 . 824832 . . [7.00.6000.16574] . . c:\windows\ie7updates\KB944533-IE7\wininet.dll
[7] 2007-10-10 . 0E5D918F87EFA7D2424D66B499C7EB04 . 825344 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[7] 2007-08-20 . 774435E499D8E9643EC961A6103C361F . 824832 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\wininet.dll
[7] 2007-08-20 . 357D54BF94FE9D6D8505A96B5C2A3BCA . 825344 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[7] 2007-06-27 . D6ED5E042C5207553E7F5E842918137F . 824320 . . [7.00.6000.20627] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[7] 2007-06-27 . 8068CBB58FE60CC95AEB2CFF70178208 . 823808 . . [7.00.6000.16512] . . c:\windows\ie7updates\KB939653-IE7\wininet.dll
[7] 2007-04-25 . 431DEFBB4A3D7B0DC062C1B064623A2F . 823808 . . [7.00.6000.20583] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
[7] 2007-04-25 . 0586A7F0B2FDB94D624F399D4728E7C8 . 822784 . . [7.00.6000.16473] . . c:\windows\ie7updates\KB937143-IE7\wininet.dll
[7] 2007-03-07 . 5B35DAE6E4886F64D1DA58C4E3E01EB9 . 822784 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\wininet.dll
[7] 2007-03-07 . B8F4DB39CA7353752F245379D285C80E . 823296 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
[-] 2007-01-12 . BE43D00D802C92F01C8CC952C6F483F8 . 822784 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\wininet.dll
[-] 2006-11-08 . 92995334F993E6E49C25C6D02EC04401 . 818688 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\wininet.dll
[7] 2006-10-23 . 231EF4179ACABE486376B5CA893F1076 . 664576 . . [6.00.2900.3020] . . c:\windows\ie7\wininet.dll
[7] 2006-09-14 . D207370287CF769AEBEBF03837784963 . 664576 . . [6.00.2900.2995] . . c:\windows\$NtUninstallKB925454$\wininet.dll
[7] 2006-06-23 . 64CE26DB72810B30F7855EA51E1DF836 . 664576 . . [6.00.2900.2937] . . c:\windows\$NtUninstallKB922760$\wininet.dll
[7] 2006-03-04 . C0845ECBF4F9164E618EE381B79C9032 . 663552 . . [6.00.2900.2861] . . c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[7] 2006-03-04 . C0845ECBF4F9164E618EE381B79C9032 . 663552 . . [6.00.2900.2861] . . c:\windows\$NtUninstallKB918899$\wininet.dll
[7] 2006-01-09 . D9E3F8440D208698B3F0E5CFAC26DAA1 . 658432 . . [6.00.2900.2823] . . c:\windows\$NtUninstallKB912945$\wininet.dll
[7] 2006-01-09 . DDE9597A3311748C1519444E2BC147BD . 662016 . . [6.00.2900.2823] . . c:\windows\$hf_mig$\KB912945\SP2QFE\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\program files\AIM7\aim.exe" [2009-10-01 3634024]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2009-10-01 20:20	3634024	----a-w-	c:\program files\AIM7\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-09-04 00:12	111936	----a-w-	c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 10:00	15360	----a-w-	c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
2004-08-04 10:00	44032	-c--a-w-	c:\windows\ime\imkr6_1\imekrmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12	1695232	------w-	c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 20:18	413696	----a-w-	c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 20:21	246504	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-03-06 02:50	185896	----a-w-	c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 20:45	313472	----a-r-	c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\utorrent\\utorrent.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Rebellion\\REBEXE.EXE"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Xming\\Xming.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\ds9\\ds9.exe"=
"c:\\Program Files\\AIM7\\aim.exe"=
"c:\\Program Files\\Maple 12\\jre\\bin\\maple.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/10/2010 2:21 AM 135336]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/7/2006 8:53 PM 715248]
.
Contents of the 'Scheduled Tasks' folder

2010-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-10-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-19 04:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001
uInternet Connection Wizard,ShellNext = iexplore
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {BD4C7EDB-A392-11D9-8BFB-0040953018D7} - hxxp://www.streamerp2p.com/sfiles/phasex.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath - c:\documents and settings\Scotty\Application Data\Mozilla\Firefox\Profiles\dx0jryt7.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-27 16:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\è*}*0 ]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\¬ *5*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(7012)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\msi.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2010-10-27 16:16:14 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-27 20:16
ComboFix2.txt 2010-10-25 21:41
ComboFix3.txt 2010-10-25 08:58
ComboFix4.txt 2007-11-24 04:16

Pre-Run: 5,186,904,064 bytes free
Post-Run: 5,171,757,056 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 26716BAE21101CACECA612748BBE00DD

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line: 
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 148):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E2000 \WINDOWS\system32\hal.dll
0xF7ABD000 \WINDOWS\system32\KDCOM.DLL
0xF79CD000 \WINDOWS\system32\BOOTVID.dll
0xF748E000 ACPI.sys
0xF7ABF000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF747D000 pci.sys
0xF75BD000 isapnp.sys
0xF75CD000 ohci1394.sys
0xF75DD000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF79D1000 compbatt.sys
0xF79D5000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7B85000 pciide.sys
0xF783D000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF75ED000 MountMgr.sys
0xF745E000 ftdisk.sys
0xF7845000 PartMgr.sys
0xF75FD000 VolSnap.sys
0xF7446000 atapi.sys
0xF784D000 cercsr6.sys
0xF742E000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF760D000 disk.sys
0xF761D000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF740F000 fltmgr.sys
0xF73FD000 sr.sys
0xF73E7000 drvmcdb.sys
0xF762D000 PxHelp20.sys
0xF73D0000 KSecDD.sys
0xF7343000 Ntfs.sys
0xF7316000 NDIS.sys
0xF72FB000 Mup.sys
0xF771D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7AB5000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF6189000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF6175000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF614D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF5FF0000 \SystemRoot\system32\DRIVERS\w39n51.sys
0xF7985000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF5FCD000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF798D000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF5FBC000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF7995000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xF772D000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xF5F70000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0xF773D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF5F41000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7AF7000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF799D000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF79A5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF774D000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7AF9000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF775D000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF776D000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF5F1E000 \SystemRoot\system32\DRIVERS\ks.sys
0xF79AD000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF7C51000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF77CD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF72CB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF5EBE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF77DD000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF77ED000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF79B5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF5EAD000 \SystemRoot\system32\DRIVERS\psched.sys
0xF77FD000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF79BD000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF79C5000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF785D000 \SystemRoot\system32\DRIVERS\hamachi.sys
0xF780D000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7AFB000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF5E68000 \SystemRoot\system32\DRIVERS\update.sys
0xF72BF000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7875000 \SystemRoot\system32\DRIVERS\omci.sys
0xF781D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAA6B0000 \SystemRoot\system32\drivers\sthda.sys
0xAA68C000 \SystemRoot\system32\drivers\portcls.sys
0xF6762000 \SystemRoot\system32\drivers\drmk.sys
0xAA65A000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xAA55D000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xAA4AD000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF787D000 \SystemRoot\System32\Drivers\Modem.SYS
0xF6752000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B07000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7B09000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7CBC000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B0B000 \SystemRoot\System32\Drivers\Beep.SYS
0xF789D000 \SystemRoot\system32\drivers\ssrtln.sys
0xF78A5000 \SystemRoot\System32\drivers\vga.sys
0xF7B0D000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B0F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF78B5000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF78BD000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7A6D000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA410000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA3B8000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAA390000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAA36F000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7A81000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xAA34D000 \SystemRoot\System32\drivers\afd.sys
0xF6742000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF6732000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF78C5000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xAA321000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAA27E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF6712000 \SystemRoot\System32\Drivers\Fips.SYS
0xAA223000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7B13000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xF7A99000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xF764D000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAA1E3000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B1D000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF790D000 \SystemRoot\System32\watchdog.sys
0xAA48D000 \SystemRoot\System32\drivers\Dxapi.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C90000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
0xBF1CC000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xAA08E000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xF779D000 \SystemRoot\system32\drivers\drvnddm.sys
0xF7CC7000 \SystemRoot\system32\dla\tfsndres.sys
0xAA078000 \SystemRoot\system32\dla\tfsnifs.sys
0xAA117000 \SystemRoot\system32\dla\tfsnopio.sys
0xF7B25000 \SystemRoot\system32\dla\tfsnpool.sys
0xF7925000 \SystemRoot\system32\dla\tfsnboio.sys
0xF77AD000 \SystemRoot\system32\dla\tfsncofs.sys
0xF7CC6000 \SystemRoot\system32\dla\tfsndrct.sys
0xAA05F000 \SystemRoot\system32\dla\tfsnudf.sys
0xAA01E000 \SystemRoot\system32\dla\tfsnudfa.sys
0xF7935000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xAA0BF000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xAA04B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9C31000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7B7F000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xA9AC6000 \SystemRoot\system32\DRIVERS\srv.sys
0xA9C09000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA9B71000 \??\C:\WINDOWS\system32\Drivers\SbcpHid.sys
0xA96F1000 \SystemRoot\system32\drivers\wdmaud.sys
0xA97F6000 \SystemRoot\system32\drivers\sysaudio.sys
0xF78CD000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0xF793D000 \??\C:\DOCUME~1\Scotty\LOCALS~1\Temp\mbr.sys
0xA90BB000 \SystemRoot\System32\Drivers\HTTP.sys
0xA9354000 \??\C:\ComboFix\catchme.sys
0xF7B5B000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xA8ABC000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 53):
0 System Idle Process
4 System
628 C:\WINDOWS\system32\smss.exe
676 csrss.exe
700 C:\WINDOWS\system32\winlogon.exe
744 C:\WINDOWS\system32\services.exe
764 C:\WINDOWS\system32\lsass.exe
964 C:\WINDOWS\system32\svchost.exe
1032 svchost.exe
1176 C:\WINDOWS\system32\svchost.exe
1232 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
1264 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
1292 C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
1344 svchost.exe
1488 svchost.exe
1812 C:\WINDOWS\system32\spoolsv.exe
1860 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
1892 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1148 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1164 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1204 C:\Program Files\Bonjour\mDNSResponder.exe
1476 C:\Program Files\Java\jre6\bin\jqs.exe
1636 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
540 C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
836 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
992 C:\Program Files\CDBurnerXP\NMSAccessU.exe
1068 C:\WINDOWS\system32\HPZipm12.exe
1088 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
1696 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
1736 C:\WINDOWS\system32\svchost.exe
1932 C:\WINDOWS\system32\MsPMSPSv.exe
2380 wmiprvse.exe
3424 alg.exe
3604 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
3744 C:\WINDOWS\system32\wscntfy.exe
536 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
572 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
592 C:\Program Files\Dell\QuickSet\quickset.exe
3572 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
648 C:\Program Files\Dell\Media Experience\PCMService.exe
3664 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
2336 C:\WINDOWS\system32\dla\tfswctrl.exe
3140 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
3092 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2076 C:\WINDOWS\system32\hkcmd.exe
2204 C:\WINDOWS\stsystra.exe
2288 C:\Program Files\AIM7\aim.exe
3452 C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
1404 C:\WINDOWS\system32\ctfmon.exe
3172 C:\WINDOWS\system32\wuauclt.exe
7012 C:\WINDOWS\explorer.exe
4148 C:\Program Files\Safari\Safari.exe
4300 C:\Documents and Settings\Scotty\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000010`af301000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK1032GSX, Rev: AS022D

Size Device Name MBR Status
--------------------------------------------
91 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 86489E3B39BA71CCD7428B67894DE6732DFFF0C8

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!


----------



## oldman960 (Apr 8, 2010)

Hi DokiDoki,

Looks better all the time.

Double click on *MBRCheck.exe* to run it, 

type in *Y* and press* Enter* when asked if you wish to see more options
Type in *1* to "Dump the MBR of a physical disk to file" and press* Enter*
Type in *0* to select your disk and press *Enter*
Type in *dump.txt* as the file name and press *Enter*
Type in *-1* to exit and press *Enter*. 
Please *attach* dump.txt to your next reply for me.

You have this program installed, *Malwarebytes' Anti-Malware* (MBAM). Please update it and run a scan.
Open* MBAM*

Click the *Update* tab
Click *Check for Updates*
If an update is found, it will download and install the latest version.
The program will close to update and reopen.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
*If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.*

Please post back with

dump.txt (it must be attached)
MBAM log
Any problems?

Thanks


----------



## DokiDoki (Oct 23, 2010)

I ran the Malwarebyte's scan. It found one bad file and four bad registry keys. After I "Removed Selected" it said all were successfully removed and asked for a reboot. But upon restarting the log was not saved.

Here is what was found to be malicious:

C:\WINDOWS\saverfx.dll (Trojan.Hiloti)
HKEY_CLASSES_ROOT\linkrdr.aiebho.1 (Trojan.Banker)
HKEY_CURRENT_USER\SOFTWARE\YXE7DXCQ37 (Trojan.FakeAlert)
HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert)
HKEY_CLASSES_ROOT\linkrdr.aiebho (Trojan.Banker)

All are currently sitting in quarantine.


----------



## oldman960 (Apr 8, 2010)

Hi DokiDoki,

Was a log saved within MBAM? Open MBAM, click on the logs tab. Locte the one with a timestamp close to when you ran the scan click on it and click Open.

You have some very old vulnable java installed. Go to start > Conrol Panel > Add/Remove programs and uninstall

*J2SE Runtime Environment 5.0 Update 5*
*Java(TM) 6 Update 3*
*Java(TM) 6 Update 5*
*Java(TM) 6 Update 7*

*Do not* uninstall *Java(TM) 6 Update 18*

Click your start button, open Control panel.

Locate the *Java* icon (it looks like a coffee cup)
double click it to open it
click the *Update* tab
Click *update now*
*Next*, clear the java cache

To clear the Java Plug-in cache:

Click Start > Control Panel.
Double-click the Java icon in the control panel.
On the General tab, Click *Settings* under Temporary Internet Files.
On the Temporary Files Settings screen, Click *Delete Files*.
check all boxes
Click *OK*

**Note*
*It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.*
*Please don't go surfing while your resident protection is disabled!*
*Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.*

Please go to *Kaspersky* website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on *Accept* button.
It will start downloading and installing the scanner and virus definitions.
You will be prompted to install an application from Kaspersky. Click* Run.*
When the downloads have finished, click on *Settings*.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the *Save* button
*Spyware, Adware, Dialers, and other potentially dangerous programs
[*]Archives
[*]Mail databases*

Click on *My Computer* under *Scan*.
Once the scan is complete, it will display the results. Click on *View Scan Report*.
You will see a list of infected items there. Click on *Save Report As*....
Change the *Files of type* to *Text file (.txt)*
Set the Save In to *Desktop*
click the Save button.
Please post this log in your next reply.

After the scan please obtain a new OTL log.

Double click on *OTL.exe* to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath *Output* at the top change it to *Minimal Output*
*UNCheck* the boxes beside *LOP Check* and *Purity Check*.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad windows. *OTL.Txt* .

Please post back with

Kaspersky log
OTL.txt
Thanks


----------



## DokiDoki (Oct 23, 2010)

Unfortunetly, no MBAM log was saved. The most recent log in the tab was of a scan I ran back in September.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, October 30, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, October 29, 2010 21:35:38
Records in database: 4193157
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 111858
Threats found: 5
Infected objects found: 6
Suspicious objects found: 0
Scan duration: 04:44:12

File name / Threat / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallMTF1011$\mmx.dll.vir	Infected: Trojan.Win32.BHO.ajvw	1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0016237.exe	Infected: Trojan-Banker.Win32.MultiBanker.zr	1
C:\WINDOWS\system32\drivers\etc\hosts.20071114-020104.backup	Infected: Trojan.Win32.Qhost.mg	1
C:\WINDOWS\system32\drivers\etc\hosts.20071114-020105.backup	Infected: Trojan.Win32.Qhost.mg	1
C:\_OTL\MovedFiles\10242010_165902\C_Documents and Settings\Scotty\Local Settings\Temp\naewcmrxos.tmp	Infected: Trojan.Win32.FraudPack.bkza	1
C:\_OTL\MovedFiles\10252010_040909\C_WINDOWS\system32\drivers\izhij.sys	Infected: Rootkit.Win32.Bubnix.arr	1

Selected area has been scanned.

OTL logfile created on: 10/31/2010 3:54:25 AM - Run 2
OTL by OldTimer - Version 3.2.17.0 Folder = C:\Documents and Settings\Scotty\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 499.00 Mb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66.68 Gb Total Space | 4.09 Gb Free Space | 6.14% Space Free | Partition Type: NTFS
Drive D: | 21.76 Gb Total Space | 21.69 Gb Free Space | 99.66% Space Free | Partition Type: NTFS

Computer Name: HAL | User Name: Scotty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Scotty\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\AIM7\aim.exe (AOL LLC)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\savedump.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Scotty\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll (Logitech Inc.)
MOD - C:\WINDOWS\AppPatch\AcGenral.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msacm32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (Imapi Helper) -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe (Alex Feinman)
SRV - (WLANKEEPER) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)
SRV - (S24EventMonitor) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

========== Driver Services (SafeList) ==========

DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (LVcKap) -- C:\WINDOWS\system32\drivers\Lvckap.sys (Logitech Inc.)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) Logitech QuickCam Pro 9000(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\WINDOWS\system32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (SDDMI2) -- C:\WINDOWS\system32\DDMI2.sys (Gteko Ltd.)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
DRV - (SbcpHid) -- C:\WINDOWS\system32\drivers\SbcpHid.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?src=aim&ncid=snsusaimc00000001
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}:1.0
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/20 00:23:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 22:57:24 | 000,000,000 | ---D | M]

[2010/05/09 02:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scotty\Application Data\Mozilla\Extensions
[2010/09/20 00:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scotty\Application Data\Mozilla\Firefox\Profiles\dx0jryt7.default\extensions
[2010/05/09 02:08:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Scotty\Application Data\Mozilla\Firefox\Profiles\dx0jryt7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/20 00:18:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Scotty\Application Data\Mozilla\Firefox\Profiles\dx0jryt7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/05/09 02:08:23 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Scotty\Application Data\Mozilla\Firefox\Profiles\dx0jryt7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/10/29 22:57:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/29 22:57:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/10/27 16:07:30 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [AIM] C:\Program Files\AIM7\aim.exe (AOL LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab (CKAVWebScan Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1254648470232 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan/as5free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {BD4C7EDB-A392-11D9-8BFB-0040953018D7} http://www.streamerp2p.com/sfiles/phasex.cab (PhaseCaster Widget)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valueactive.eu/flashax/iefax.cab (Flash Casino Helper Control)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Scotty\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Scotty\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/29 22:57:24 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/10/29 22:57:24 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/10/29 22:57:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/10/29 22:57:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/27 00:18:23 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/10/27 00:14:42 | 000,454,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/10/27 00:14:06 | 002,143,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/10/27 00:14:05 | 002,186,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/10/27 00:14:03 | 002,021,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/10/27 00:14:02 | 002,063,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010/10/25 18:51:28 | 001,317,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Scotty\Desktop\TDSSKiller.exe
[2010/10/25 04:27:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/25 04:18:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/25 04:18:12 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/25 04:18:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/25 04:17:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/24 16:59:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/23 17:19:38 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Scotty\Desktop\OTL.exe
[2010/10/23 17:09:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scotty\My Documents\backups
[2010/10/22 22:00:52 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2010/10/22 21:50:43 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Scotty\My Documents\HijackThis.exe
[1 C:\Documents and Settings\Scotty\My Documents\*.tmp files -> C:\Documents and Settings\Scotty\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/31 03:51:50 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/10/31 03:51:45 | 000,445,132 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/31 03:51:45 | 000,073,638 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/31 03:51:19 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/10/31 03:50:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/31 03:49:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/31 03:49:56 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/30 04:25:31 | 001,261,568 | ---- | M] () -- C:\WINDOWS\outlook.pst
[2010/10/29 23:02:25 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/28 03:51:58 | 000,297,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/27 16:07:30 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/27 15:55:01 | 003,887,312 | R--- | M] () -- C:\Documents and Settings\Scotty\Desktop\ComboFix.exe
[2010/10/27 15:50:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/25 22:16:10 | 000,079,872 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/10/25 09:50:38 | 001,317,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Scotty\Desktop\TDSSKiller.exe
[2010/10/25 04:28:53 | 001,207,508 | ---- | M] () -- C:\Documents and Settings\Scotty\Desktop\tdsskiller.zip
[2010/10/25 04:27:41 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2010/10/24 16:32:33 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Scotty\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/23 17:13:10 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Scotty\defogger_reenable
[2010/10/23 10:39:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scotty\Desktop\OTL.exe
[2010/10/22 22:37:42 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\Scotty\My Documents\733s5ne4.exe
[2010/10/22 21:51:07 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\Scotty\Desktop\Shortcut to HijackThis.lnk
[2010/10/16 04:11:02 | 1063,743,488 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/10/04 17:06:21 | 000,000,212 | ---- | M] () -- C:\Boot.bak
[2010/10/02 01:20:51 | 000,152,064 | ---- | M] () -- C:\Documents and Settings\Scotty\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Documents and Settings\Scotty\My Documents\*.tmp files -> C:\Documents and Settings\Scotty\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/27 16:26:18 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Scotty\Desktop\MBRCheck.exe
[2010/10/25 18:50:40 | 001,207,508 | ---- | C] () -- C:\Documents and Settings\Scotty\Desktop\tdsskiller.zip
[2010/10/25 04:27:40 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2010/10/25 04:27:35 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/25 04:18:12 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/25 04:18:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/25 04:18:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/25 04:18:12 | 000,079,872 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/25 04:18:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/25 04:12:19 | 003,887,312 | R--- | C] () -- C:\Documents and Settings\Scotty\Desktop\ComboFix.exe
[2010/10/23 17:18:23 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Scotty\Desktop\mbr.exe
[2010/10/23 17:12:43 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Scotty\defogger_reenable
[2010/10/23 17:11:44 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Scotty\Desktop\Defogger.exe
[2010/10/22 22:37:39 | 000,294,912 | ---- | C] () -- C:\Documents and Settings\Scotty\My Documents\733s5ne4.exe
[2010/10/22 21:53:12 | 000,361,369 | ---- | C] () -- C:\Documents and Settings\Scotty\My Documents\dds.com
[2010/10/22 21:51:07 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\Scotty\Desktop\Shortcut to HijackThis.lnk
[2010/09/13 00:58:32 | 000,155,648 | RHS- | C] () -- C:\WINDOWS\System32\nlhtml7.dll
[2010/02/09 22:35:59 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\WMIMPLEX.dll
[2010/02/09 22:35:59 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\maplec.dll
[2010/02/09 22:35:59 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\maplecompat.dll
[2009/04/18 18:55:44 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Scotty\Application Data\PFP120JPR.{PB
[2009/04/18 18:55:44 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Scotty\Application Data\PFP120JCM.{PB
[2009/04/08 00:35:41 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Scotty\Local Settings\Application Data\PUTTY.RND
[2008/12/26 02:59:21 | 000,059,500 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/12/19 06:00:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/12/15 19:41:26 | 000,006,936 | ---- | C] () -- C:\Documents and Settings\Scotty\Application Data\PrimoPDFSet.xml
[2008/11/21 02:20:53 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/06/17 02:55:48 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Scotty\Application Data\WavCodec.wff
[2007/11/23 17:17:31 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2007/11/22 00:10:56 | 000,000,332 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/11/14 03:41:18 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2007/10/25 11:26:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/10/15 20:19:56 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2007/10/15 02:53:24 | 000,000,048 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/10/15 02:25:40 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2007/10/11 19:59:24 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/09/28 12:05:08 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/06/24 03:21:39 | 001,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
[2007/03/30 22:21:44 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/03/30 18:30:31 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2007/03/29 00:17:10 | 000,020,102 | ---- | C] () -- C:\Program Files\Readme.txt
[2007/03/29 00:17:10 | 000,010,960 | ---- | C] () -- C:\Program Files\EULA.txt
[2007/03/27 03:55:48 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/12/22 01:22:00 | 000,001,390 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/08 17:22:50 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Worldbuilder.INI
[2006/11/21 14:27:23 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/11/07 13:31:11 | 000,000,075 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/09/02 10:30:53 | 000,007,760 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2006/08/26 17:13:23 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2006/08/26 17:06:28 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/08/26 16:54:49 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/08/19 00:50:17 | 000,152,064 | ---- | C] () -- C:\Documents and Settings\Scotty\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/19 00:06:51 | 000,003,662 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/08/19 00:06:51 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\2B794A0AE8.sys
[2006/08/18 22:44:20 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/08/18 19:35:45 | 000,000,271 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/18 19:35:45 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2006/07/08 14:29:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/08 14:15:50 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/07/08 14:12:42 | 000,000,457 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/07/08 14:04:18 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/07/08 13:38:01 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/07/08 13:36:44 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 11:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/04 06:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002/10/25 17:29:34 | 000,038,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1996/11/21 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996/11/21 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29

< End of report >


----------



## oldman960 (Apr 8, 2010)

Hi DokiDoki,

Strange MBAM didn't keep a log. After this little fix please run MBAM again and post the log if one is produced.

Nothing too serious in the Kaspersky log. We'll remove some now, the rest will be automatically removed when we remove the tools.

*Next*, Double click on *OTL.exe* 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following
*Do Not *copy the word* CODE*
please note the fix starts with the *:*


```
:Services
 
:Files
C:\WINDOWS\system32\drivers\etc\hosts.20071114-020104.backup
C:\WINDOWS\system32\drivers\etc\hosts.20071114-020105.backup
```
Then click the* Run Fix* button at the top

Let the program run unhindered
Please save the resulting log to be posted in your next reply.
Please post the *OTL fix* log.

Post back and if there are no remaining problems we'll clean up the tools and send you on your way.

Thanks


----------



## DokiDoki (Oct 23, 2010)

========== SERVICES/DRIVERS ==========
========== FILES ==========
C:\WINDOWS\system32\drivers\etc\hosts.20071114-020104.backup moved successfully.
C:\WINDOWS\system32\drivers\etc\hosts.20071114-020105.backup moved successfully.

OTL by OldTimer - Version 3.2.17.0 log created on 10312010_164142

Indeed, there was an unchecked "auto save log after scan" in the MBAM settings. I updated and rescanned.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5009

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

10/31/2010 6:14:55 PM
mbam-log-2010-10-31 (18-14-55).txt

Scan type: Quick scan
Objects scanned: 167655
Time elapsed: 9 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


----------



## oldman960 (Apr 8, 2010)

Hi DokiDoki,

Keep *Defogger*, we will use it shortly.

From your desktop, please delete, if present

any notepads/logs that we created
DDS.com
TDSSKiller.exe
MBR.exe
GMER (733s5ne4.exe)
MBRCheck.exe
You can also delete from the C:\ drive the file called *TDSSKiller_** (* denotes version & date)

*Next*
Click the *Start* button, click *Run*. Copy and paste the following line into the run box and click *OK*

*Combofix /uninstall*

Open *OTL* then click the *Clean Up* button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click *Yes*. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.

I suggest you keep* MBAM*. Keep it updated and use it regularly.

To re-enable your Emulation drivers, double click *DeFogger* to run the tool.

The application window will appear
Click the *Re-enable* button to re-enable your CD Emulation drivers
Click *Yes* to continue
A *'Finished!'* message will appear
Click *OK*
DeFogger will now ask to reboot the machine - click *OK*
*Your Emulation drivers are now re-enabled.**

IMPORTANT!* If you receive an error message while running DeFogger, please post the log *defogger_enable* which will appear on your desktop.

You can now delete *Defogger*

*Updates and upgrades*

You have an older version of *Adobe Reader*. You can download the current version *HERE*

You may want to consider *Foxit Reader* instead. It may be a bit lighter on resources.

Visit their support forum
*Foxit Forum*

In either case you should uninstall *Adobe Reader 7.1.0* first. Be sure to move any PDF documents to another folder first though.

*Some Recommendations and prevention tips*

Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. You have an antivirus program and an on demand antispyware program.

For resident antispyware I suggest either

*Windows Defender*

*OR*

*Winpatrol*

* If you are behind a router Windows firewall should be fine. Otherwise a 3rd party firewall with outbound monitoring is recommended.

Click *FIREWALL* for links and tutorials to good, free and paid for firewalls. (*Note*: Zone Alarm is becoming bloatware)

You should also use *Spyware Blaster* to help immunize your computer.
- SpywareBlaster will add a large list of programs and sites into your Internet Explorer
settings that will protect you from running and downloading known malicious programs.

*OR*

A guide to understanding and using the hosts file.
Learn how your Hosts file can protect you and how you can protect it.
Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.
*HOSTS*

*Please read the info on disabling the DNS Client before* installing a custom hosts file.

-Secure your *Internet Explorer*

From within Internet Explorer click on the Tools menu and then click on Options.

Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to* Prompt*
Change the Download unsigned ActiveX controls to* Disable*
Change the Initialize and script ActiveX controls not marked as safe to *Disable*
Change the Installation of desktop items to* Prompt*
Change the Launching programs and files in an IFRAME to *Prompt*
Change the Navigate sub-frames across different domains to *Prompt*
When all these settings have been made, click on the *OK* button.
If it prompts you as to whether or not you want to save the settings, press the *Yes* button.
Next press the* Apply* button and then the *OK* to exit the Internet Properties page.

- Keeping your Windows up-to-date is crucial to your computer's security. Please go to the *Windows Update Site *(using Internet Explorer) and download and install all critical updates on a regular basis

- Make sure you have reset Automatic Updates to your chosen optionClick your start button > Control Panel > System

- Keep your antivirus program *updated*, as well as any other security programs you have. BTW, you AV is out of date, please update it *ASAP*.

-More tips and programs can be found *HERE*

- You may also want to read this article By Tony Klein
http://www.freedomlist.com/forum/viewtopic.php?t=22879

Please post back if you have any problems. If you are statisfied, click the *Solved* button at the top.

Take care


----------



## DokiDoki (Oct 23, 2010)

The problem has been solved.

Thanks so much for your patience and expertise. I really appreciate it. You've risen my PC from the grave.

Thanks again.


----------



## oldman960 (Apr 8, 2010)

Hi DokiDoki,

You are welcome. Keep safe.


----------

