Infected with Google redirect virus

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

3 Pages
1
2
3
→

You cannot start a new topic
This topic is locked

Infected with Google redirect virus Can't remove it!!

#1 shawnhenson

Member

Group: Members
Posts: 15
Joined: 10-July 11

Posted 11 July 2011 - 05:10 PM

I've had this problem for about a month now. I have ran different anti-virus programs including latest version of AVG, latest version of SpyBot search and destroy, StopZilla, and a couple others I can't remember and I also ran eusing free registry cleaner.

The problem I have is when I click on a google or yahoo link it redirects usually to scour.com or shopica.com but occasionally other sites as well. It doesn't affect lycos.com search results.

Also I get this error message every once in awhile that says "the program [C:\WINDOWS\Explorer.EXE] Caused a problem and is going to close. Would you like to save a dump file?"

I have uninstalled all of the malware and anti-virus programs that I installed after running the scans and removing the problems.

Please help.

Please note I was unable to run the DDS program successfully so here is the logs from another program OTL instead. Hope that is OK.

OTL logfile created on: 7/11/2011 11:30:09 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Coffee Nights\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.48 Mb Total Physical Memory | 259.43 Mb Available Physical Memory | 50.92% Memory free
1.22 Gb Paging File | 0.98 Gb Available in Paging File | 80.77% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 54.43 Gb Total Space | 10.56 Gb Free Space | 19.40% Space Free | Partition Type: NTFS
Drive D: | 1.46 Gb Total Space | 0.20 Gb Free Space | 13.47% Space Free | Partition Type: FAT32

Computer Name: LIFEBOOK | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Coffee Nights\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS IMAGING CORP.)
PRC - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe (DataViz, Inc.)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\WINDOWS\system32\libusbd-nt.exe (http://libusb-win32.sourceforge.net)
PRC - C:\WINDOWS\system32\bmwebcfg.exe (Bytemobile, Inc.)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe ()
PRC - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
PRC - C:\WINDOWS\SPMSMON.EXE ()
PRC - C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
PRC - C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
PRC - C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe ()
PRC - C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)

========== Modules (SafeList) ==========

MOD - C:\Coffee Nights\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (McComponentHostService) -- File not found
SRV - (Imdplte) -- File not found
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (libusbd) -- C:\WINDOWS\system32\libusbd-nt.exe (http://libusb-win32.sourceforge.net)
SRV - (bmwebcfg) -- C:\WINDOWS\System32\bmwebcfg.exe (Bytemobile, Inc.)
SRV - (EpsonBidirectionalService) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe ()
SRV - (EPSONStatusAgent2) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)

========== Driver Services (SafeList) ==========

DRV - (MCSTRM) -- C:\WINDOWS\System32\drivers\mcstrm.sys (RealNetworks, Inc.)
DRV - (VNUSB) -- C:\WINDOWS\system32\drivers\VNUSB.sys (OLYMPUS IMAGING CORP.)
DRV - (PCTINDIS5) -- C:\WINDOWS\system32\PCTINDIS5.sys (PCTEL Inc.)
DRV - (libusb0) -- C:\WINDOWS\system32\drivers\libusb0.sys ()
DRV - (SEWModem) -- C:\WINDOWS\system32\drivers\GC75.sys (Broadcom Corporation)
DRV - (SEWWNIC) -- C:\WINDOWS\system32\drivers\GC75Net.sys (Broadcom Corporation)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (BtnHnd) -- C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys (FUJITSU LIMITED)
DRV - (STAC97) Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation )
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (cvspydr2) -- C:\WINDOWS\system32\drivers\cvspydr2.sys (Colorvision Inc)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (FUJ02B1) -- C:\WINDOWS\system32\drivers\fuj02b1.sys (FUJITSU LIMITED)
DRV - (MASPINT) -- C:\WINDOWS\System32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Data = C3 17 11 E0 B2 A4 AC 29 3E F1 D7 B3 41 B1 26 5E 77 7F FB 0D C7 48 7E BE 12 BE E1 AD BE 28 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/home?AF=66666"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=adbartrp&AF=66666&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=66666"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/06/26 15:23:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/20 18:37:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/26 15:19:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 7.0\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2011/02/17 13:30:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 7.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2011/07/10 19:51:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 7.0\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2011/02/17 13:30:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 7.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2011/07/10 19:51:10 | 000,000,000 | ---D | M]

[2009/10/14 18:58:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/03/28 17:18:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vfynw989.default\extensions
[2011/06/26 14:29:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vfynw989.default\extensions\ffxtlbr@babylon.com
[2011/07/10 19:51:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/26 15:14:24 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/01/09 00:42:09 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/03/28 17:53:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/10 19:51:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/01/20 18:37:57 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2007/03/12 05:01:33 | 000,066,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2007/03/12 05:01:34 | 000,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2007/03/12 05:01:36 | 000,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2007/03/12 05:01:38 | 000,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2007/03/12 05:01:40 | 000,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/28 17:18:12 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

O1 HOSTS File: ([2005/03/31 14:19:31 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {3CE12596-5B96-4029-8082-FB85447D9B61} - No CLSID value found.
O2 - BHO: (no name) - {75F02544-2A24-4917-AD66-5649481F15F4} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (no name) - {E8E531CE-2BCE-4A8B-88F1-2A17E9911AF6} - No CLSID value found.
O2 - BHO: (no name) - {F9AA5CA0-D3DF-4D02-965C-D202FEAE2D19} - No CLSID value found.
O2 - BHO: (no name) - SOFTWARE - No CLSID value found.
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - No CLSID value found.
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ChangeICON] C:\WINDOWS\SPMSMON.EXE ()
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk = C:\Program Files\Quicken\billmind.exe (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ColorPlus Startup.lnk = C:\Program Files\PANTONE COLORVISION\ColorPlus\ColorPlus.exe (ColorVision Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe (DataViz, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS IMAGING CORP.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE (Intuit)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Palm Registration.lnk = C:\Program Files\Palm\register.exe (Palm/Leader Technologies)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109191808329 (WUWebControl Class)
O16 - DPF: {7CEEAB76-D59E-11D3-8394-00C04F7BDF10} https://www.tradestation.com/tscom/ClientPlugIn/tsTemp.cab (Application Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Pristine RTR Client http://chat.pristine.com/rtr/PristineRTR.CAB (Reg Error: Key error.)
O16 - DPF: Sametime JNI Loader ST30SP1 http://chat.pristine.com/RTR/Packages/Sametime/3.0/STJNILoader.cab (Reg Error: Key error.)
O16 - DPF: Sametime Meeting Toolkit ST30SP1 http://chat.pristine.com/RTR/Packages/Sametime/3.0/STMeeting.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Dominoes http://origin.games.yahoo.net/games/clients/y/dot9_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Hearts http://download2.games.yahoo.com/games/clients/y/ht1_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Pinochle http://download2.games.yahoo.com/games/clients/y/ut2_x.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.20.16.8 172.23.16.8
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/03/28 15:26:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/08/23 12:18:02 | 000,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{c1bd2920-5d28-11de-a532-00e000eb3df2}\Shell - "" = AutoRun
O33 - MountPoints2\{c1bd2920-5d28-11de-a532-00e000eb3df2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c1bd2920-5d28-11de-a532-00e000eb3df2}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/07/11 11:26:32 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Coffee Nights\Desktop\OTL.exe
[2011/07/10 19:51:16 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/07/10 19:51:12 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/07/10 19:51:12 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/07/10 19:51:12 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/07/10 19:26:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2011/07/10 19:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/10 18:23:32 | 000,000,000 | ---D | C] -- C:\Coffee Nights\Desktop\Downloads
[2011/07/10 16:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Free Registry Cleaner
[2011/07/10 16:57:51 | 000,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner
[2011/07/09 22:17:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Google Chrome
[2011/07/08 18:31:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/06/26 15:26:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/26 15:26:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Administrative Tools
[2011/06/26 15:26:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/26 15:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2011/06/26 15:19:11 | 000,000,000 | ---D | C] -- C:\Coffee Nights\Desktop\Unused Desktop Shortcuts
[2011/06/26 15:18:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Recent
[2011/06/20 22:15:42 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/06/20 20:20:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/06/20 16:15:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2011/06/17 11:58:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\PrivacIE
[2011/06/17 11:56:52 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IETldCache
[2011/06/16 22:06:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/06/16 21:59:57 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011/06/16 21:55:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/06/16 20:43:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2011/06/16 10:30:13 | 000,000,000 | ---D | C] -- C:\adfd39d6d29826009d5ed2fc842e
[2011/06/14 21:24:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/06/14 21:05:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/11 11:26:34 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Coffee Nights\Desktop\OTL.exe
[2011/07/11 11:16:29 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/07/11 11:16:14 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/11 11:16:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/11 11:05:20 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1765183899-2242799495-3402959499-1003UA.job
[2011/07/11 10:57:40 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/11 10:56:11 | 000,002,491 | ---- | M] () -- C:\Coffee Nights\Desktop\Microsoft Word 2003.lnk
[2011/07/11 10:54:38 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
[2011/07/11 10:53:58 | 000,050,477 | ---- | M] () -- C:\Coffee Nights\Desktop\Defogger.exe
[2011/07/10 18:05:01 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1765183899-2242799495-3402959499-1003Core.job
[2011/07/10 16:57:54 | 000,000,734 | ---- | M] () -- C:\Coffee Nights\Desktop\Eusing Free Registry Cleaner.lnk
[2011/07/10 16:45:39 | 000,000,496 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/07/09 20:59:34 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/08 18:33:51 | 000,020,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/07/08 18:02:31 | 000,002,348 | ---- | M] () -- C:\Coffee Nights\Desktop\Google Chrome.lnk
[2011/07/08 18:02:31 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/30 20:39:19 | 000,002,489 | ---- | M] () -- C:\Coffee Nights\Desktop\Microsoft Excel 2003.lnk
[2011/06/29 13:45:21 | 000,002,467 | ---- | M] () -- C:\Coffee Nights\Desktop\Microsoft Office FrontPage 2003.lnk
[2011/06/29 12:12:27 | 000,000,750 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Palm Registration.lnk
[2011/06/26 15:30:50 | 000,300,440 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/20 16:16:36 | 000,001,152 | ---- | M] () -- C:\WINDOWS\System32\windrv.sys
[2011/06/17 23:33:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/17 17:59:19 | 000,002,229 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/06/17 11:56:57 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/14 17:22:19 | 000,000,392 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\21290788
[2011/06/14 17:19:31 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~21290788r
[2011/06/14 17:19:31 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~21290788
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/11 10:54:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2011/07/11 10:53:58 | 000,050,477 | ---- | C] () -- C:\Coffee Nights\Desktop\Defogger.exe
[2011/07/10 16:57:54 | 000,000,734 | ---- | C] () -- C:\Coffee Nights\Desktop\Eusing Free Registry Cleaner.lnk
[2011/07/10 16:45:33 | 000,000,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/07/08 18:33:51 | 000,020,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/07/08 18:02:31 | 000,002,348 | ---- | C] () -- C:\Coffee Nights\Desktop\Google Chrome.lnk
[2011/07/08 18:02:31 | 000,002,262 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/08 18:00:04 | 000,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1765183899-2242799495-3402959499-1003UA.job
[2011/07/08 18:00:02 | 000,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1765183899-2242799495-3402959499-1003Core.job
[2011/06/20 16:16:36 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys
[2011/06/16 21:44:04 | 000,002,229 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/06/14 17:19:31 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~21290788r
[2011/06/14 17:19:31 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~21290788
[2011/06/14 17:19:27 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\21290788
[2011/01/09 00:44:29 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/09/28 12:20:23 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Automator
[2010/09/28 12:20:23 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\Owner\Application Data\Audio Unit Effect
[2010/09/28 12:20:23 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/09/16 17:53:47 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/09/14 21:59:22 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\OdiOlDVR.dll
[2009/09/14 21:59:22 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\OdiAPI.dll
[2008/11/10 21:06:47 | 000,001,363 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/10/15 21:14:44 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys
[2007/08/17 18:44:03 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/01/31 00:31:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2006/11/24 16:23:48 | 000,002,020 | ---- | C] () -- C:\WINDOWS\TLTitleData.ini
[2006/11/24 16:22:57 | 000,086,870 | ---- | C] () -- C:\WINDOWS\System32\BerlitzSCR.dat
[2006/05/23 10:50:55 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2006/01/22 02:00:38 | 000,000,006 | ---- | C] () -- C:\WINDOWS\check011906.ini
[2005/11/13 19:36:16 | 000,000,043 | ---- | C] () -- C:\WINDOWS\WALLSTRT.INI
[2005/07/29 09:56:47 | 000,000,068 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\tvmcwrd.dll
[2005/07/29 09:39:27 | 000,000,048 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\tvmuknwrd.dll
[2005/07/28 21:00:19 | 000,000,000 | R--- | C] () -- C:\WINDOWS\System32\RCCustomSetup.ini
[2005/05/22 12:21:32 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS71.DLL
[2005/05/18 13:38:53 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\tvmuknwrd.dll
[2005/02/28 03:32:16 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/02/28 01:38:01 | 000,000,000 | R--- | C] () -- C:\WINDOWS\System32\svconfig.ini
[2004/12/27 02:37:04 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll
[2004/12/27 02:37:04 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll
[2004/12/27 02:37:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll
[2004/12/26 17:09:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\dukswiic.exe
[2004/11/06 00:58:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ajol.exe
[2004/11/06 00:58:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\uphnpk.exe
[2004/11/03 23:58:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cscrucu.exe
[2004/11/03 23:55:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ruxw.exe
[2004/11/01 03:34:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\aclsto.exe
[2004/11/01 03:34:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\lhqemxy.exe
[2004/11/01 03:13:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cerykbkt.exe
[2004/11/01 03:13:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\bwtq.exe
[2004/11/01 02:50:25 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2004/10/24 20:54:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\jqxkmzx.exe
[2004/10/24 20:54:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\gqrklil.exe
[2004/10/23 16:02:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\vravrnt.exe
[2004/10/20 21:53:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sybhfq.exe
[2004/09/01 00:07:28 | 000,000,045 | ---- | C] () -- C:\WINDOWS\EDJJJIGK.ini
[2004/08/09 22:56:11 | 000,005,460 | ---- | C] () -- C:\WINDOWS\kwv2.dat
[2004/08/01 20:08:08 | 000,407,974 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\tvmknwrd.dll
[2004/03/03 21:41:38 | 000,335,999 | ---- | C] () -- C:\WINDOWS\mxtarget.ini
[2003/12/26 13:05:42 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2003/12/26 13:05:42 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2003/12/26 12:55:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2003/12/20 20:44:59 | 000,247,808 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2003/12/20 20:43:07 | 000,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/12/17 23:30:54 | 000,000,399 | ---- | C] () -- C:\WINDOWS\Belt.ini
[2003/12/02 02:40:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2003/12/02 01:56:57 | 000,001,890 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2003/12/02 01:56:57 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\C4C110696B.sys
[2003/10/21 18:37:08 | 000,055,296 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/09/16 19:33:18 | 000,000,036 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2003/08/24 18:47:39 | 000,000,032 | ---- | C] () -- C:\WINDOWS\album.ini
[2003/08/24 18:42:48 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
[2003/08/24 18:41:31 | 000,000,021 | ---- | C] () -- C:\WINDOWS\pp4_setup.ini
[2003/08/24 18:39:15 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI4_setup.ini
[2003/08/24 18:23:38 | 000,000,021 | ---- | C] () -- C:\WINDOWS\VI2_SETUP.ini
[2003/08/24 18:18:24 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2003/07/19 13:08:00 | 000,073,728 | ---- | C] () -- C:\WINDOWS\SPMSMON.EXE
[2003/07/19 13:08:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\SP5602Setup2K.exe
[2003/07/19 13:08:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\Move2k.exe
[2003/07/19 13:08:00 | 000,000,377 | ---- | C] () -- C:\WINDOWS\SP5602Setup2K.ini
[2003/07/19 13:08:00 | 000,000,243 | ---- | C] () -- C:\WINDOWS\SPMSMON.INI
[2003/07/16 19:31:47 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2003/06/23 21:27:59 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2003/03/31 23:42:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/03/28 20:18:54 | 000,090,832 | ---- | C] () -- C:\WINDOWS\NSUninst.exe
[2003/03/28 20:18:36 | 000,009,395 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2003/03/28 20:12:58 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/03/28 20:10:57 | 000,000,661 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/03/28 19:37:48 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/03/28 19:30:57 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/03/28 19:23:08 | 000,000,936 | ---- | C] () -- C:\WINDOWS\System32\2_ssetup.ini
[2003/03/28 19:23:08 | 000,000,927 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/03/28 19:23:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2003/03/28 15:30:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/03/28 15:22:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/03/28 15:20:29 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/03/28 14:07:41 | 000,000,410 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/03/28 14:03:33 | 000,437,386 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/28 14:03:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/28 14:03:33 | 000,069,340 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/28 14:03:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/28 14:03:21 | 000,004,555 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/28 14:03:06 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/28 14:02:45 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/03/28 14:01:49 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/28 14:01:48 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/28 14:00:53 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/28 14:00:34 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/28 07:14:31 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/03/28 07:13:11 | 000,300,440 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/02/25 23:29:14 | 000,000,731 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/20 09:35:22 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/24 05:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2002/05/24 05:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2000/09/13 22:03:00 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[1997/07/11 04:00:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
[1997/07/11 04:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/07/11 04:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 04:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 302 bytes -> C:\WINDOWS\702:C=ev.ini

< End of report >

Extras.Txt (46.28K)
Number of downloads: 0OTL Extras logfile created on: 7/11/2011 11:30:09 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Coffee Nights\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.48 Mb Total Physical Memory | 259.43 Mb Available Physical Memory | 50.92% Memory free
1.22 Gb Paging File | 0.98 Gb Available in Paging File | 80.77% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 54.43 Gb Total Space | 10.56 Gb Free Space | 19.40% Space Free | Partition Type: NTFS
Drive D: | 1.46 Gb Total Space | 0.20 Gb Free Space | 13.47% Space Free | Partition Type: FAT32

Computer Name: LIFEBOOK | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Disabled:TrueVector Service
"C:\WINDOWS\Temp\~os3.tmp\ossproxy.exe" = C:\WINDOWS\Temp\~os3.tmp\ossproxy.exe:*:Enabled:ossproxy.exe
"C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Disabled:avgnsx.exe
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Disabled:avgupd.exe

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{095659A2-739F-4D9A-A916-66C7CAD16F9E}" = Canon Camera WIA Driver
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = VERITAS RecordNow DX Update Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B4AA674-F5CA-4BB5-831A-CD37B4021959}" = ImageMixer for Sony
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1EC4CE9D-EAEE-4DA1-AB8D-9E6B7FED6742}" = Samsung Music Studio
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 26
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B65B12C-961B-4A4B-AE39-118C85C9F10B}" = Kingdom Hall Schedules
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ABB4D92-0682-4887-A0BC-CE5F920DDD23}" = Watchtower Library 2009 - English
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}" = Image Transfer
"{57729BE1-DE2C-45DB-9FFA-5C1949679B3E}" = Watchtower Library 2010 - English
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{60E80B13-8649-4A69-85E2-1AE99E061F43}" = ShowBiz DVD
"{6127AEB9-A3AF-4CB6-8B6A-55957BA14E81}" = Cingular Communication Manager
"{6247A653-067B-4117-A88B-764B16329DC5}" = Quicken 2003 New User Edition
"{6645FC20-C4CD-11D5-B5A0-0050DA208A93}" = ArcSoft PhotoPrinter 4.0
"{66D256D7-D9B5-475C-9FD7-9DA2036BE67F}" = Berlitz Learning System - Spanish
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{735D7AC9-BC7B-4491-9D06-7F4642849E7C}" = P.I.M. II Plug-In
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{77150433-FD18-406C-B1CC-DB9F289A9007}" = ArcSoft VideoImpression 2
"{7CF31609-270B-11D6-9445-000102308676}" = Java 2 Runtime Environment, SE v1.4.0_01
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8855FF30-19CE-4CB1-A654-87B38369CCE1}" = VERITAS RecordNow DX
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A217AF09-1689-11D6-B5A0-0050DA208A93}" = ArcSoft PhotoBase 3
"{A7E3366C-C3C5-4662-BD30-D71341FD1E80}" = T-Mobile Connection Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB8C3502-1033-4B94-98DD-087D19BF72A3}" = Portable Media Center
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0.7
"{ACD08241-AB05-4764-9B7E-FDAAB95203E1}" = Berlitz Before You Know It Flash Cards
"{B2518A8B-FACA-11D6-B1F2-00000E5F1C10}" = LifeBook Application Panel
"{B651B3EC-1827-4CF5-8398-397B789E3151}" = File Viewer Utility 1.2.1
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BC5F5E3F-6B24-4A9F-9052-0A3EDFC5FF67}" = Watchtower Library 2010 - español
"{C25C952D-0F61-11D6-B5A0-0050DA208A93}" = ArcSoft PhotoStudio 5
"{CF6E4D8E-F6F3-40DF-B6C9-BA379F4E9FA3}" = RemoteCapture 2.7.1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{DA4BE7BA-E80B-11D6-A812-0050BA17BA4B}" = SPGT5602 Mass Storage Controller
"{DE5BFF9C-84D1-4B09-9C20-54633044CB85}" = Watchtower Library 2008 - English
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EAF598EE-CB88-4F85-AE2B-227DC99F8520}" = ArcSoft PhotoImpression
"{EB807EB6-5179-48B7-98D4-7B4934A57A81}" = Documents To Go
"{EC0496AF-7FFA-4376-A3AC-1E54494D2E21}" = TradeStation 8.1 (Build 2826)
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{ED9C7B9B-E694-416A-A0F6-E1D786A6BE99}" = Fujitsu Hotkey Utility
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F1BA3CD5-89DC-4273-8603-A75F33E9B335}" = Nokia Connectivity Adapter Cable DKU-5
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
"{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}" = Byki
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"ArcSoft PhotoStudio 4.0" = ArcSoft PhotoStudio 4.0
"ATI Display Driver" = ATI Display Driver
"Avery Wizard 1.1 MSW97" = Avery Wizard 1.1 for Microsoft Word 97
"Broadcom BCM4306 Wireless LAN Adapter" = Broadcom BCM4306 Wireless LAN Adapter
"Byki Express" = Byki Express
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Canon iP90 Setup Utility" = Canon iP90 Setup Utility
"CANONBJ_Deinstall_CNMCP71.DLL" = Canon iP90
"ColorPlus" = ColorPlus
"DivX Codec" = Remove DivX Pro Codec
"DivX Player" = DivX Player
"Dr. DivX 1.0.4" = Dr. DivX 1.0.4
"DV MPEG4 Maker" = DV MPEG4 Maker
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Printer and Utilities" = EPSON Printer Software
"eTrust EZ Armor" = eTrust EZ Armor
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.8.0
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Google Updater" = Google Updater
"IC Card Reader Driver" = IC Card Reader Driver v1.9e2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{095659A2-739F-4D9A-A916-66C7CAD16F9E}" = Canon EOS 10D WIA Driver
"InstallShield_{6247A653-067B-4117-A88B-764B16329DC5}" = Quicken 2003 New User Edition
"InstallShield_{B651B3EC-1827-4CF5-8398-397B789E3151}" = Canon Utilities File Viewer Utility 1.2
"InstallShield_{CF6E4D8E-F6F3-40DF-B6C9-BA379F4E9FA3}" = Canon Utilities RemoteCapture 2.7
"InstallShield_{EC0496AF-7FFA-4376-A3AC-1E54494D2E21}" = TradeStation 8.1 (Build 2826)
"InterActual Player" = InterActual Player
"Java Web Start" = Java Web Start
"Lemonade Tycoon 2" = Lemonade Tycoon 2
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"MLB.com Shuffle" = MLB.com Shuffle (remove only)
"Monopoly Here & Now Edition" = Monopoly Here & Now Edition
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (2.0.0.3)" = Mozilla Firefox (2.0.0.3)
"MP3MyMP3_is1" = MP3MyMP3 3.0
"MWASPI" = MicroStaff WINASPI
"Netscape (7.0)" = Netscape (7.0)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoStitch" = Canon Utilities PhotoStitch
"Public Talks_is1" = Public Talks 2.02
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Samsung Multimedia Studio_is1" = Samsung Multimedia Studio 1.0
"The Palace Builder" = The Palace Builder (remove only)
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"WinAce Archiver" = WinAce Archiver
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 2
"Zen Portable Media Center User's Guide English" = Zen Portable Media Center User's Guide
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/10/2011 5:13:27 PM | Computer Name = LIFEBOOK | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18928, fault address 0x001728e5.

Error - 7/10/2011 5:47:03 PM | Computer Name = LIFEBOOK | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
avgnpss.dll, version 10.0.0.1374, fault address 0x000d65ac.

Error - 7/10/2011 6:00:41 PM | Computer Name = LIFEBOOK | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18928, fault address 0x002407dc.

Error - 7/10/2011 7:32:23 PM | Computer Name = LIFEBOOK | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
avgnpss.dll, version 10.0.0.1374, fault address 0x000d65ac.

Error - 7/11/2011 10:16:54 AM | Computer Name = LIFEBOOK | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/11/2011 10:16:54 AM | Computer Name = LIFEBOOK | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/11/2011 10:17:09 AM | Computer Name = LIFEBOOK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 7/11/2011 10:17:09 AM | Computer Name = LIFEBOOK | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/11/2011 10:17:09 AM | Computer Name = LIFEBOOK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 7/11/2011 11:28:51 AM | Computer Name = LIFEBOOK | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.26.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 7/10/2011 5:13:27 PM | Computer Name = LIFEBOOK | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18928, fault address 0x001728e5.

Error - 7/10/2011 5:47:03 PM | Computer Name = LIFEBOOK | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
avgnpss.dll, version 10.0.0.1374, fault address 0x000d65ac.

Error - 7/10/2011 6:00:41 PM | Computer Name = LIFEBOOK | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18928, fault address 0x002407dc.

Error - 7/10/2011 7:32:23 PM | Computer Name = LIFEBOOK | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
avgnpss.dll, version 10.0.0.1374, fault address 0x000d65ac.

Error - 7/11/2011 10:16:54 AM | Computer Name = LIFEBOOK | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/11/2011 10:16:54 AM | Computer Name = LIFEBOOK | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/11/2011 10:17:09 AM | Computer Name = LIFEBOOK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 7/11/2011 10:17:09 AM | Computer Name = LIFEBOOK | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/11/2011 10:17:09 AM | Computer Name = LIFEBOOK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 7/11/2011 11:28:51 AM | Computer Name = LIFEBOOK | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.26.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 7/10/2011 8:01:24 PM | Computer Name = LIFEBOOK | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 7/10/2011 8:01:27 PM | Computer Name = LIFEBOOK | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
szkg5 szkgfs

Error - 7/10/2011 8:01:30 PM | Computer Name = LIFEBOOK | Source = Service Control Manager | ID = 7000
Description = The MBAMProtector service failed to start due to the following error:
%%2

Error - 7/10/2011 8:01:30 PM | Computer Name = LIFEBOOK | Source = Service Control Manager | ID = 7001
Description = The MBAMService service depends on the MBAMProtector service which
failed to start because of the following error: %%2

Error - 7/11/2011 10:12:07 AM | Computer Name = LIFEBOOK | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 7/11/2011 10:12:12 AM | Computer Name = LIFEBOOK | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
szkg5 szkgfs

Error - 7/11/2011 11:04:18 AM | Computer Name = LIFEBOOK | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 7/11/2011 11:04:22 AM | Computer Name = LIFEBOOK | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
szkg5 szkgfs

Error - 7/11/2011 11:16:23 AM | Computer Name = LIFEBOOK | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 7/11/2011 11:16:32 AM | Computer Name = LIFEBOOK | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
szkg5 szkgfs

< End of report >

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-11 18:06:07
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK6021GAS rev.GA025F
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kxroapow.sys

---- Kernel code sections - GMER 1.0.15 ----

INITc VolSnap.sys F85C3BD0 4 Bytes [36, 9A, 4D, 80]
INITc VolSnap.sys F85C3BF8 4 Bytes [8C, 87, 4E, 80]
INITc VolSnap.sys F85C3C20 4 Bytes [A0, C1, 4D, 80]
INITc VolSnap.sys F85C3C48 4 Bytes [B0, C8, 4D, 80]
INITc VolSnap.sys F85C3C70 4 Bytes [09, BF, 4D, 80]
INITc ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1480] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1480] USER32.dll!CallNextHookEx 7E41F85B 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1480] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1480] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1480] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1480] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1480] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1480] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1480] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1480] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1480] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1480] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1480] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1480] ole32.dll!OleLoadFromStream 7752A257 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1480] wininet.dll!HttpAddRequestHeadersA 3D94CF46 5 Bytes JMP 00F36811
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1480] wininet.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00F36A1C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1480] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 0130000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1480] WS2_32.dll!connect 71AB406A 5 Bytes JMP 0057000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1480] WS2_32.dll!send 71AB428A 5 Bytes JMP 0059000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1480] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 012F000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1480] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0056000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1480] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0058000A
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 0194000A
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] WS2_32.dll!connect 71AB406A 5 Bytes JMP 005C000A
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] WS2_32.dll!send 71AB428A 5 Bytes JMP 005E000A
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 005B000A
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 005F000A
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 005A000A
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2116] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 005D000A
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3128] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3128] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3128] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3128] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3128] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3128] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3128] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3128] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3128] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3128] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3128] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3128] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3128] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3128] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3128] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3128] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3128] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3128] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3128] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3128] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3128] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3128] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3128] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3128] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3128] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3128] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3128] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3128] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3128] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3128] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 005B000A
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] WS2_32.dll!connect 71AB406A 5 Bytes JMP 0057000A
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] WS2_32.dll!send 71AB428A 5 Bytes JMP 0059000A
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 0056000A
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 005A000A
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0055000A
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0058000A
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3648] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

---- Threads - GMER 1.0.15 ----

Thread System [4:120] 82ADFE7A
Thread System [4:124] 82AE2008

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C2BSLSSX\block_message[7].htm 1985 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C2BSLSSX\banner[10] 1834 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C2BSLSSX\adholder[1].htm 0 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C2BSLSSX\logCANS8GWL.txt 0 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C2BSLSSX\26270-15[7].js 2531 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C2BSLSSX\26270-15[8].js 0 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C2BSLSSX\logCAXU92FA.txt 0 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C2BSLSSX\logCAZR399M.txt 0 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C2BSLSSX\logCAE3CAUR.txt 0 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C2BSLSSX\logCAHS74AY.txt 0 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\SZ9OGLNL\26271-15CAT36VNY.js 2531 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\SZ9OGLNL\26271-2CA9CGF0K.js 2213 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\SZ9OGLNL\bannerCAGLLQ62 1834 bytes
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\SZ9OGLNL\555502804@Bottom3[1].htm 0 bytes

---- EOF - GMER 1.0.15 ----

#2 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 16 July 2011 - 01:19 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you.

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
Because of this, you must reply within three days failure to reply will result in the topic being closed!
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.

Link 1 (.exe file)

Link 2 (zipped file)

Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.
Click the Report tab, then click Scan.
Check Drivers, Stealth Code, and uncheck the rest.
Click OK.
Wait until it's finished and then go to File > Save Report.
Save the report to your Desktop.
Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

NEXT:

Running OTL

We need to create a FULL OTL Report

Please download OTL from here:
- Main Mirror
- Mirror
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Change the "Extra Registry" option to "SafeList"
Push the button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extras.txt <-- Will be minimized

NEXT:

Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here

The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#3 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 22 July 2011 - 05:32 PM

Due to lack of feedback this thread will now be closed. If you still require assistance, and would like to have your thread re-opened, please feel free to send me a Private Message (PM) being sure to include a link to your topic, and I'd be happy to re-open it.

#4 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 22 July 2011 - 05:56 PM

This topic has been re-opened at the request of the person who originally posted.

#5 shawnhenson

Member

Group: Members
Posts: 15
Joined: 10-July 11

Posted 22 July 2011 - 06:08 PM

Thanks for reopening. My internet browser is running very slow when connected to the internet and temporarily freezes some times. It's still redirecting google search results to different websites. Here are the three log files you asked for.

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2181376 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2181376 bytes
0x804D7000 RAW 2181376 bytes
0x804D7000 WMIxWDM 2181376 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF7B89000 C:\WINDOWS\System32\DRIVERS\AGRSM.sys 1167360 bytes (Agere Systems, SoftModem Device Driver)
0xBF054000 C:\WINDOWS\System32\ati3d2ag.dll 1146880 bytes (ATI Technologies Inc. , ati3d2ag.dll)
0xF83ED000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF7CDD000 C:\WINDOWS\System32\DRIVERS\ati2mtag.sys 573440 bytes (ATI Technologies Inc., ATI Radeon Miniport Driver)
0xB2F9E000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF7A93000 C:\WINDOWS\System32\DRIVERS\update.sys 364544 bytes (Microsoft Corporation, Update Driver)
0xB3082000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB2963000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 270336 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xB2AD2000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF8529000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF7B5B000 C:\WINDOWS\system32\drivers\STAC97.sys 188416 bytes (SigmaTel, Inc., SigmaTel Audio Driver (WDM))
0xF83C0000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB2BDB000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB2028000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB300D000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB305A000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF7B37000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB2F5A000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 143360 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF7CA6000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF7B14000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB3038000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xB2F7D000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0xF84A3000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF84DB000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF84FA000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF83A5000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF84C3000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB2F42000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF847A000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF7AFD000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB2EB5000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF7CC9000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0x806EC000 ACPI_HAL 81280 bytes
0x806EC000 C:\WINDOWS\system32\hal.dll 81280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB30DA000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF8491000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF8518000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF7AEC000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB446B000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7DD9000 C:\WINDOWS\System32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xB448B000 C:\WINDOWS\System32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF7D99000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF8588000 ohci1394.sys 61440 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF7DA9000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB447B000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF8698000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7D69000 C:\WINDOWS\System32\DRIVERS\Apfiltr.sys 57344 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0xF86C8000 C:\WINDOWS\system32\drivers\libusb0.sys 57344 bytes
0xF8598000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 53248 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF7DB9000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF85D8000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7D79000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF87B8000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF85B8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7D89000 C:\WINDOWS\System32\DRIVERS\R8139n51.SYS 49152 bytes (Realtek Semiconductor Corporation , Realtek RTL8139/810x Family NDIS 5.1 Drv)
0xF86F8000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7DC9000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF85A8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF86E8000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF8748000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF8718000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB20B3000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF85C8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB44AB000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7DE9000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF8578000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF8708000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB502B000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB449B000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF8928000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xB3F9B000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF8920000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF87F8000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF8810000 sisagp.sys 28672 bytes (Silicon Integrated Systems Corporation, SiS NT AGP Filter)
0xF8938000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF8940000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF8948000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB3FAB000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF88B8000 C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys 20480 bytes (FUJITSU LIMITED, Button handler driver (SYS))
0xF8858000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xB3FA3000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF8800000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF8958000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF8808000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF8960000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF8950000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF8930000 C:\WINDOWS\System32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xB8C67000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF8990000 C:\WINDOWS\System32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF808A000 C:\WINDOWS\System32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF8A24000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB5A52000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF8994000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xF8988000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF898C000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xECC61000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF807E000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 12288 bytes (GEAR Software Inc., CD DVD Filter)
0xF8076000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF8082000 C:\WINDOWS\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus® ASPI Shell)
0xB3EC9000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB3EC1000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xB58F0000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xB4719000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xB58F2000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF8AF0000 C:\WINDOWS\System32\DRIVERS\FUJ02B1.sys 8192 bytes (FUJITSU LIMITED, WDM driver for FUJ02B1 PnP device)
0xF8A78000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xB55BB000 C:\WINDOWS\System32\Drivers\MASPINT.SYS 8192 bytes (MicroStaff Co.,Ltd., Aspi32 Driver)
0xB55B9000 C:\WINDOWS\System32\Drivers\MCSTRM.SYS 8192 bytes (RealNetworks, Inc., RealNetworks Virtual Path Manager®)
0xB58EE000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xB58EC000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF8AF6000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF8B28000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF8A7A000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8B65000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB6A18000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xB581B000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF8B41000 C:\WINDOWS\System32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF8B40000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
0x82AD8A91 Unknown page with executable code, 1391 bytes
0x82ADB860 Unknown page with executable code, 1952 bytes
0x82ADB781 Unknown page with executable code, 2175 bytes
0x82ADD718 Unknown page with executable code, 2280 bytes
0x82ADD5B1 Unknown page with executable code, 2639 bytes
0x82AD7288 Unknown page with executable code, 3448 bytes
0x82AD9191 Unknown page with executable code, 3695 bytes
0xF85B8000 WARNING: Virus alike driver modification [VolSnap.sys], 53248 bytes
0x82ADBE7A Unknown thread object [ ETHREAD 0x82B8E348 ] TID: 120, 600 bytes
0x82ADE008 Unknown thread object [ ETHREAD 0x82B74DA8 ] TID: 124, 600 bytes
0x82ADDCDC Unknown page with executable code, 804 bytes

OTL.txt file

OTL logfile created on: 7/22/2011 6:56:05 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.48 Mb Total Physical Memory | 130.49 Mb Available Physical Memory | 25.61% Memory free
1.22 Gb Paging File | 0.75 Gb Available in Paging File | 61.83% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 54.43 Gb Total Space | 11.99 Gb Free Space | 22.03% Space Free | Partition Type: NTFS
Drive D: | 1.46 Gb Total Space | 0.20 Gb Free Space | 13.47% Space Free | Partition Type: FAT32
Drive E: | 403.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LIFEBOOK | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS IMAGING CORP.)
PRC - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe (DataViz, Inc.)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\WINDOWS\system32\libusbd-nt.exe (http://libusb-win32.sourceforge.net)
PRC - C:\WINDOWS\system32\bmwebcfg.exe (Bytemobile, Inc.)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe ()
PRC - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
PRC - C:\WINDOWS\SPMSMON.EXE ()
PRC - C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
PRC - C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
PRC - C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe ()
PRC - C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (McComponentHostService) -- File not found
SRV - (Imdplte) -- File not found
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (libusbd) -- C:\WINDOWS\system32\libusbd-nt.exe (http://libusb-win32.sourceforge.net)
SRV - (bmwebcfg) -- C:\WINDOWS\System32\bmwebcfg.exe (Bytemobile, Inc.)
SRV - (EpsonBidirectionalService) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe ()
SRV - (EPSONStatusAgent2) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)

========== Driver Services (SafeList) ==========

DRV - (MCSTRM) -- C:\WINDOWS\System32\drivers\mcstrm.sys (RealNetworks, Inc.)
DRV - (VNUSB) -- C:\WINDOWS\system32\drivers\VNUSB.sys (OLYMPUS IMAGING CORP.)
DRV - (PCTINDIS5) -- C:\WINDOWS\system32\PCTINDIS5.sys (PCTEL Inc.)
DRV - (libusb0) -- C:\WINDOWS\system32\drivers\libusb0.sys ()
DRV - (SEWModem) -- C:\WINDOWS\system32\drivers\GC75.sys (Broadcom Corporation)
DRV - (SEWWNIC) -- C:\WINDOWS\system32\drivers\GC75Net.sys (Broadcom Corporation)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (BtnHnd) -- C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys (FUJITSU LIMITED)
DRV - (STAC97) Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation )
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (cvspydr2) -- C:\WINDOWS\system32\drivers\cvspydr2.sys (Colorvision Inc)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (FUJ02B1) -- C:\WINDOWS\system32\drivers\fuj02b1.sys (FUJITSU LIMITED)
DRV - (MASPINT) -- C:\WINDOWS\System32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.fujitsupc.com/
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.fujitsupc.com/
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.fujitsupc.com/
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.fujitsupc.com/
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1765183899-2242799495-3402959499-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKU\S-1-5-21-1765183899-2242799495-3402959499-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Data = C3 17 11 E0 B2 A4 AC 29 3E F1 D7 B3 41 B1 26 5E 77 7F FB 0D C7 48 7E BE 12 BE E1 AD BE 28 [binary data]
IE - HKU\S-1-5-21-1765183899-2242799495-3402959499-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1765183899-2242799495-3402959499-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/home?AF=66666"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=adbartrp&AF=66666&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=66666"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/06/26 15:23:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/20 18:37:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/26 15:19:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 7.0\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2011/02/17 13:30:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 7.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2011/07/10 19:51:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 7.0\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2011/02/17 13:30:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 7.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2011/07/10 19:51:10 | 000,000,000 | ---D | M]

[2009/10/14 18:58:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/03/28 17:18:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vfynw989.default\extensions
[2011/06/26 14:29:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vfynw989.default\extensions\ffxtlbr@babylon.com
[2011/07/10 19:51:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/26 15:14:24 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/01/09 00:42:09 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/03/28 17:53:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/10 19:51:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/01/20 18:37:57 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2007/03/12 05:01:33 | 000,066,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2007/03/12 05:01:34 | 000,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2007/03/12 05:01:36 | 000,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2007/03/12 05:01:38 | 000,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2007/03/12 05:01:40 | 000,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/28 17:18:12 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

O1 HOSTS File: ([2005/03/31 14:19:31 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {3CE12596-5B96-4029-8082-FB85447D9B61} - No CLSID value found.
O2 - BHO: (no name) - {75F02544-2A24-4917-AD66-5649481F15F4} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (no name) - {E8E531CE-2BCE-4A8B-88F1-2A17E9911AF6} - No CLSID value found.
O2 - BHO: (no name) - {F9AA5CA0-D3DF-4D02-965C-D202FEAE2D19} - No CLSID value found.
O2 - BHO: (no name) - SOFTWARE - No CLSID value found.
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKU\S-1-5-21-1765183899-2242799495-3402959499-1003\..\Toolbar\WebBrowser: (no name) - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - No CLSID value found.
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ChangeICON] C:\WINDOWS\SPMSMON.EXE ()
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk = C:\Program Files\Quicken\billmind.exe (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ColorPlus Startup.lnk = C:\Program Files\PANTONE COLORVISION\ColorPlus\ColorPlus.exe (ColorVision Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe (DataViz, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS IMAGING CORP.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE (Intuit)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Palm Registration.lnk = C:\Program Files\Palm\register.exe (Palm/Leader Technologies)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1765183899-2242799495-3402959499-1003\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1765183899-2242799495-3402959499-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1765183899-2242799495-3402959499-1003\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-1765183899-2242799495-3402959499-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109191808329 (WUWebControl Class)
O16 - DPF: {7CEEAB76-D59E-11D3-8394-00C04F7BDF10} https://www.tradestation.com/tscom/ClientPlugIn/tsTemp.cab (Application Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Pristine RTR Client http://chat.pristine.com/rtr/PristineRTR.CAB (Reg Error: Key error.)
O16 - DPF: Sametime JNI Loader ST30SP1 http://chat.pristine.com/RTR/Packages/Sametime/3.0/STJNILoader.cab (Reg Error: Key error.)
O16 - DPF: Sametime Meeting Toolkit ST30SP1 http://chat.pristine.com/RTR/Packages/Sametime/3.0/STMeeting.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Dominoes http://origin.games.yahoo.net/games/clients/y/dot9_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Hearts http://download2.games.yahoo.com/games/clients/y/ht1_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Pinochle http://download2.games.yahoo.com/games/clients/y/ut2_x.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.20.16.8 172.23.16.8
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/03/28 15:26:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/08/23 12:18:02 | 000,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2010/10/22 11:16:59 | 000,068,608 | R--- | M] (Watchtower Bible and Tract Society of New York, Inc.) - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2010/10/17 21:07:11 | 000,000,068 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{c1bd2920-5d28-11de-a532-00e000eb3df2}\Shell - "" = AutoRun
O33 - MountPoints2\{c1bd2920-5d28-11de-a532-00e000eb3df2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c1bd2920-5d28-11de-a532-00e000eb3df2}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1765183899-2242799495-3402959499-1003\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/07/15 19:25:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Watchtower Library 2010
[2011/07/15 19:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\Watchtower
[2011/07/11 11:26:32 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Coffee Nights\Desktop\OTL.exe
[2011/07/10 19:51:16 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/07/10 19:51:12 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/07/10 19:51:12 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/07/10 19:51:12 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/07/10 19:26:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2011/07/10 19:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/10 18:23:32 | 000,000,000 | ---D | C] -- C:\Coffee Nights\Desktop\Downloads
[2011/07/10 16:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Free Registry Cleaner
[2011/07/10 16:57:51 | 000,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner
[2011/07/09 22:17:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Google Chrome
[2011/07/08 18:31:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/06/26 15:26:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/26 15:26:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Administrative Tools
[2011/06/26 15:26:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/26 15:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2011/06/26 15:19:11 | 000,000,000 | ---D | C] -- C:\Coffee Nights\Desktop\Unused Desktop Shortcuts
[2011/06/26 15:18:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Recent
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/22 18:57:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/22 18:11:30 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/07/22 18:11:14 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/22 18:11:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/22 17:05:03 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1765183899-2242799495-3402959499-1003UA.job
[2011/07/22 15:58:29 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/17 18:05:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1765183899-2242799495-3402959499-1003Core.job
[2011/07/15 22:16:15 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/15 22:16:13 | 000,002,348 | ---- | M] () -- C:\Coffee Nights\Desktop\Google Chrome.lnk
[2011/07/15 19:25:35 | 000,000,945 | ---- | M] () -- C:\Coffee Nights\Desktop\Watchtower Library 2010 - English.lnk
[2011/07/15 19:05:08 | 000,000,750 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Palm Registration.lnk
[2011/07/13 11:54:56 | 000,002,491 | ---- | M] () -- C:\Coffee Nights\Desktop\Microsoft Word 2003.lnk
[2011/07/11 11:26:34 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Coffee Nights\Desktop\OTL.exe
[2011/07/11 10:54:38 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
[2011/07/11 10:53:58 | 000,050,477 | ---- | M] () -- C:\Coffee Nights\Desktop\Defogger.exe
[2011/07/10 16:57:54 | 000,000,734 | ---- | M] () -- C:\Coffee Nights\Desktop\Eusing Free Registry Cleaner.lnk
[2011/07/10 16:45:39 | 000,000,496 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/07/08 18:33:51 | 000,020,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/06/30 20:39:19 | 000,002,489 | ---- | M] () -- C:\Coffee Nights\Desktop\Microsoft Excel 2003.lnk
[2011/06/29 13:45:21 | 000,002,467 | ---- | M] () -- C:\Coffee Nights\Desktop\Microsoft Office FrontPage 2003.lnk
[2011/06/26 15:30:50 | 000,300,440 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/15 19:25:35 | 000,000,945 | ---- | C] () -- C:\Coffee Nights\Desktop\Watchtower Library 2010 - English.lnk
[2011/07/11 10:54:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2011/07/11 10:53:58 | 000,050,477 | ---- | C] () -- C:\Coffee Nights\Desktop\Defogger.exe
[2011/07/10 16:57:54 | 000,000,734 | ---- | C] () -- C:\Coffee Nights\Desktop\Eusing Free Registry Cleaner.lnk
[2011/07/10 16:45:33 | 000,000,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/07/08 18:33:51 | 000,020,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/07/08 18:02:31 | 000,002,348 | ---- | C] () -- C:\Coffee Nights\Desktop\Google Chrome.lnk
[2011/07/08 18:02:31 | 000,002,262 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/08 18:00:04 | 000,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1765183899-2242799495-3402959499-1003UA.job
[2011/07/08 18:00:02 | 000,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1765183899-2242799495-3402959499-1003Core.job
[2011/06/20 16:16:36 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys
[2011/06/14 17:19:31 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~21290788r
[2011/06/14 17:19:31 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~21290788
[2011/06/14 17:19:27 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\21290788
[2011/01/09 00:44:29 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/09/28 12:20:23 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Automator
[2010/09/28 12:20:23 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\Owner\Application Data\Audio Unit Effect
[2010/09/28 12:20:23 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/09/16 17:53:47 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/09/14 21:59:22 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\OdiOlDVR.dll
[2009/09/14 21:59:22 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\OdiAPI.dll
[2008/11/10 21:06:47 | 000,001,363 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/10/15 21:14:44 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys
[2007/08/17 18:44:03 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/01/31 00:31:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2006/11/24 16:23:48 | 000,002,020 | ---- | C] () -- C:\WINDOWS\TLTitleData.ini
[2006/11/24 16:22:57 | 000,086,870 | ---- | C] () -- C:\WINDOWS\System32\BerlitzSCR.dat
[2006/05/23 10:50:55 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2006/01/22 02:00:38 | 000,000,006 | ---- | C] () -- C:\WINDOWS\check011906.ini
[2005/11/13 19:36:16 | 000,000,043 | ---- | C] () -- C:\WINDOWS\WALLSTRT.INI
[2005/07/29 09:56:47 | 000,000,068 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\tvmcwrd.dll
[2005/07/29 09:39:27 | 000,000,048 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\tvmuknwrd.dll
[2005/07/28 21:00:19 | 000,000,000 | R--- | C] () -- C:\WINDOWS\System32\RCCustomSetup.ini
[2005/05/22 12:21:32 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS71.DLL
[2005/05/18 13:38:53 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\tvmuknwrd.dll
[2005/02/28 03:32:16 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/02/28 01:38:01 | 000,000,000 | R--- | C] () -- C:\WINDOWS\System32\svconfig.ini
[2004/12/27 02:37:04 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll
[2004/12/27 02:37:04 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll
[2004/12/27 02:37:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll
[2004/12/26 17:09:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\dukswiic.exe
[2004/11/06 00:58:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ajol.exe
[2004/11/06 00:58:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\uphnpk.exe
[2004/11/03 23:58:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cscrucu.exe
[2004/11/03 23:55:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ruxw.exe
[2004/11/01 03:34:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\aclsto.exe
[2004/11/01 03:34:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\lhqemxy.exe
[2004/11/01 03:13:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cerykbkt.exe
[2004/11/01 03:13:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\bwtq.exe
[2004/11/01 02:50:25 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2004/10/24 20:54:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\jqxkmzx.exe
[2004/10/24 20:54:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\gqrklil.exe
[2004/10/23 16:02:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\vravrnt.exe
[2004/10/20 21:53:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sybhfq.exe
[2004/09/01 00:07:28 | 000,000,045 | ---- | C] () -- C:\WINDOWS\EDJJJIGK.ini
[2004/08/09 22:56:11 | 000,005,460 | ---- | C] () -- C:\WINDOWS\kwv2.dat
[2004/08/01 20:08:08 | 000,407,974 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\tvmknwrd.dll
[2004/03/03 21:41:38 | 000,335,999 | ---- | C] () -- C:\WINDOWS\mxtarget.ini
[2003/12/26 13:05:42 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2003/12/26 13:05:42 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2003/12/26 12:55:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2003/12/20 20:44:59 | 000,247,808 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2003/12/20 20:43:07 | 000,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/12/17 23:30:54 | 000,000,399 | ---- | C] () -- C:\WINDOWS\Belt.ini
[2003/12/02 02:40:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2003/12/02 01:56:57 | 000,001,890 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2003/12/02 01:56:57 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\C4C110696B.sys
[2003/10/21 18:37:08 | 000,055,296 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/09/16 19:33:18 | 000,000,036 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2003/08/24 18:47:39 | 000,000,032 | ---- | C] () -- C:\WINDOWS\album.ini
[2003/08/24 18:42:48 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
[2003/08/24 18:41:31 | 000,000,021 | ---- | C] () -- C:\WINDOWS\pp4_setup.ini
[2003/08/24 18:39:15 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI4_setup.ini
[2003/08/24 18:23:38 | 000,000,021 | ---- | C] () -- C:\WINDOWS\VI2_SETUP.ini
[2003/08/24 18:18:24 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2003/07/19 13:08:00 | 000,073,728 | ---- | C] () -- C:\WINDOWS\SPMSMON.EXE
[2003/07/19 13:08:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\SP5602Setup2K.exe
[2003/07/19 13:08:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\Move2k.exe
[2003/07/19 13:08:00 | 000,000,377 | ---- | C] () -- C:\WINDOWS\SP5602Setup2K.ini
[2003/07/19 13:08:00 | 000,000,243 | ---- | C] () -- C:\WINDOWS\SPMSMON.INI
[2003/07/16 19:31:47 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2003/06/23 21:27:59 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2003/03/31 23:42:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/03/28 20:18:54 | 000,090,832 | ---- | C] () -- C:\WINDOWS\NSUninst.exe
[2003/03/28 20:18:36 | 000,009,395 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2003/03/28 20:12:58 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/03/28 20:10:57 | 000,000,661 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/03/28 19:37:48 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/03/28 19:30:57 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/03/28 19:23:08 | 000,000,936 | ---- | C] () -- C:\WINDOWS\System32\2_ssetup.ini
[2003/03/28 19:23:08 | 000,000,927 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/03/28 19:23:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2003/03/28 15:30:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/03/28 15:22:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/03/28 15:20:29 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/03/28 14:07:41 | 000,000,410 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/03/28 14:03:33 | 000,437,386 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/28 14:03:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/28 14:03:33 | 000,069,340 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/28 14:03:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/28 14:03:21 | 000,004,555 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/28 14:03:06 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/28 14:02:45 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/03/28 14:01:49 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/28 14:01:48 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/28 14:00:53 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/28 14:00:34 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/28 07:14:31 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/03/28 07:13:11 | 000,300,440 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/02/25 23:29:14 | 000,000,731 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/20 09:35:22 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/24 05:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2002/05/24 05:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2000/09/13 22:03:00 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[1997/07/11 04:00:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
[1997/07/11 04:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/07/11 04:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 04:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 302 bytes -> C:\WINDOWS\702:C=ev.ini

< End of report >

Extras.txt
OTL Extras logfile created on: 7/22/2011 6:56:05 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.48 Mb Total Physical Memory | 130.49 Mb Available Physical Memory | 25.61% Memory free
1.22 Gb Paging File | 0.75 Gb Available in Paging File | 61.83% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 54.43 Gb Total Space | 11.99 Gb Free Space | 22.03% Space Free | Partition Type: NTFS
Drive D: | 1.46 Gb Total Space | 0.20 Gb Free Space | 13.47% Space Free | Partition Type: FAT32
Drive E: | 403.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LIFEBOOK | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1765183899-2242799495-3402959499-1003\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Disabled:TrueVector Service
"C:\WINDOWS\Temp\~os3.tmp\ossproxy.exe" = C:\WINDOWS\Temp\~os3.tmp\ossproxy.exe:*:Enabled:ossproxy.exe
"C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Disabled:avgnsx.exe
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Disabled:avgupd.exe

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{095659A2-739F-4D9A-A916-66C7CAD16F9E}" = Canon Camera WIA Driver
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = VERITAS RecordNow DX Update Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B4AA674-F5CA-4BB5-831A-CD37B4021959}" = ImageMixer for Sony
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1EC4CE9D-EAEE-4DA1-AB8D-9E6B7FED6742}" = Samsung Music Studio
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 26
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B65B12C-961B-4A4B-AE39-118C85C9F10B}" = Kingdom Hall Schedules
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}" = Image Transfer
"{57729BE1-DE2C-45DB-9FFA-5C1949679B3E}" = Watchtower Library 2010 - English
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{60E80B13-8649-4A69-85E2-1AE99E061F43}" = ShowBiz DVD
"{6127AEB9-A3AF-4CB6-8B6A-55957BA14E81}" = Cingular Communication Manager
"{6247A653-067B-4117-A88B-764B16329DC5}" = Quicken 2003 New User Edition
"{6645FC20-C4CD-11D5-B5A0-0050DA208A93}" = ArcSoft PhotoPrinter 4.0
"{66D256D7-D9B5-475C-9FD7-9DA2036BE67F}" = Berlitz Learning System - Spanish
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{735D7AC9-BC7B-4491-9D06-7F4642849E7C}" = P.I.M. II Plug-In
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{77150433-FD18-406C-B1CC-DB9F289A9007}" = ArcSoft VideoImpression 2
"{7CF31609-270B-11D6-9445-000102308676}" = Java 2 Runtime Environment, SE v1.4.0_01
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8855FF30-19CE-4CB1-A654-87B38369CCE1}" = VERITAS RecordNow DX
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A217AF09-1689-11D6-B5A0-0050DA208A93}" = ArcSoft PhotoBase 3
"{A7E3366C-C3C5-4662-BD30-D71341FD1E80}" = T-Mobile Connection Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB8C3502-1033-4B94-98DD-087D19BF72A3}" = Portable Media Center
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0.7
"{ACD08241-AB05-4764-9B7E-FDAAB95203E1}" = Berlitz Before You Know It Flash Cards
"{B2518A8B-FACA-11D6-B1F2-00000E5F1C10}" = LifeBook Application Panel
"{B651B3EC-1827-4CF5-8398-397B789E3151}" = File Viewer Utility 1.2.1
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C25C952D-0F61-11D6-B5A0-0050DA208A93}" = ArcSoft PhotoStudio 5
"{CF6E4D8E-F6F3-40DF-B6C9-BA379F4E9FA3}" = RemoteCapture 2.7.1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{DA4BE7BA-E80B-11D6-A812-0050BA17BA4B}" = SPGT5602 Mass Storage Controller
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EAF598EE-CB88-4F85-AE2B-227DC99F8520}" = ArcSoft PhotoImpression
"{EB807EB6-5179-48B7-98D4-7B4934A57A81}" = Documents To Go
"{EC0496AF-7FFA-4376-A3AC-1E54494D2E21}" = TradeStation 8.1 (Build 2826)
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{ED9C7B9B-E694-416A-A0F6-E1D786A6BE99}" = Fujitsu Hotkey Utility
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F1BA3CD5-89DC-4273-8603-A75F33E9B335}" = Nokia Connectivity Adapter Cable DKU-5
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
"{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}" = Byki
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"ArcSoft PhotoStudio 4.0" = ArcSoft PhotoStudio 4.0
"ATI Display Driver" = ATI Display Driver
"Avery Wizard 1.1 MSW97" = Avery Wizard 1.1 for Microsoft Word 97
"Broadcom BCM4306 Wireless LAN Adapter" = Broadcom BCM4306 Wireless LAN Adapter
"Byki Express" = Byki Express
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Canon iP90 Setup Utility" = Canon iP90 Setup Utility
"CANONBJ_Deinstall_CNMCP71.DLL" = Canon iP90
"ColorPlus" = ColorPlus
"DivX Codec" = Remove DivX Pro Codec
"DivX Player" = DivX Player
"Dr. DivX 1.0.4" = Dr. DivX 1.0.4
"DV MPEG4 Maker" = DV MPEG4 Maker
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Printer and Utilities" = EPSON Printer Software
"eTrust EZ Armor" = eTrust EZ Armor
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.8.0
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Google Updater" = Google Updater
"IC Card Reader Driver" = IC Card Reader Driver v1.9e2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{095659A2-739F-4D9A-A916-66C7CAD16F9E}" = Canon EOS 10D WIA Driver
"InstallShield_{6247A653-067B-4117-A88B-764B16329DC5}" = Quicken 2003 New User Edition
"InstallShield_{B651B3EC-1827-4CF5-8398-397B789E3151}" = Canon Utilities File Viewer Utility 1.2
"InstallShield_{CF6E4D8E-F6F3-40DF-B6C9-BA379F4E9FA3}" = Canon Utilities RemoteCapture 2.7
"InstallShield_{EC0496AF-7FFA-4376-A3AC-1E54494D2E21}" = TradeStation 8.1 (Build 2826)
"InterActual Player" = InterActual Player
"Java Web Start" = Java Web Start
"Lemonade Tycoon 2" = Lemonade Tycoon 2
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"MLB.com Shuffle" = MLB.com Shuffle (remove only)
"Monopoly Here & Now Edition" = Monopoly Here & Now Edition
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (2.0.0.3)" = Mozilla Firefox (2.0.0.3)
"MP3MyMP3_is1" = MP3MyMP3 3.0
"MWASPI" = MicroStaff WINASPI
"Netscape (7.0)" = Netscape (7.0)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoStitch" = Canon Utilities PhotoStitch
"Public Talks_is1" = Public Talks 2.02
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Samsung Multimedia Studio_is1" = Samsung Multimedia Studio 1.0
"The Palace Builder" = The Palace Builder (remove only)
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"WinAce Archiver" = WinAce Archiver
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 2
"Zen Portable Media Center User's Guide English" = Zen Portable Media Center User's Guide
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1765183899-2242799495-3402959499-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/13/2011 12:04:25 PM | Computer Name = LIFEBOOK | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/13/2011 12:04:25 PM | Computer Name = LIFEBOOK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 7/13/2011 12:04:25 PM | Computer Name = LIFEBOOK | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/13/2011 12:04:25 PM | Computer Name = LIFEBOOK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 7/13/2011 12:04:25 PM | Computer Name = LIFEBOOK | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/13/2011 12:04:25 PM | Computer Name = LIFEBOOK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 7/13/2011 12:04:25 PM | Computer Name = LIFEBOOK | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/13/2011 12:04:25 PM | Computer Name = LIFEBOOK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 7/15/2011 7:17:07 PM | Computer Name = LIFEBOOK | Source = Application Hang | ID = 1002
Description = Hanging application mmc.exe, version 5.1.2600.2180, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/22/2011 4:25:00 PM | Computer Name = LIFEBOOK | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x000294e7.

[ Application Events ]
Error - 7/13/2011 12:04:25 PM | Computer Name = LIFEBOOK | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/13/2011 12:04:25 PM | Computer Name = LIFEBOOK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 7/13/2011 12:04:25 PM | Computer Name = LIFEBOOK | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/13/2011 12:04:25 PM | Computer Name = LIFEBOOK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 7/13/2011 12:04:25 PM | Computer Name = LIFEBOOK | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/13/2011 12:04:25 PM | Computer Name = LIFEBOOK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 7/13/2011 12:04:25 PM | Computer Name = LIFEBOOK | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/13/2011 12:04:25 PM | Computer Name = LIFEBOOK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 7/15/2011 7:17:07 PM | Computer Name = LIFEBOOK | Source = Application Hang | ID = 1002
Description = Hanging application mmc.exe, version 5.1.2600.2180, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/22/2011 4:25:00 PM | Computer Name = LIFEBOOK | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x000294e7.

[ System Events ]
Error - 7/17/2011 3:10:54 PM | Computer Name = LIFEBOOK | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
szkg5 szkgfs

Error - 7/17/2011 7:42:55 PM | Computer Name = LIFEBOOK | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 7/17/2011 7:43:12 PM | Computer Name = LIFEBOOK | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
szkg5 szkgfs

Error - 7/17/2011 7:43:53 PM | Computer Name = LIFEBOOK | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 7/22/2011 3:58:46 PM | Computer Name = LIFEBOOK | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 7/22/2011 3:58:49 PM | Computer Name = LIFEBOOK | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
szkg5 szkgfs

Error - 7/22/2011 4:53:30 PM | Computer Name = LIFEBOOK | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 7/22/2011 4:53:44 PM | Computer Name = LIFEBOOK | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
szkg5 szkgfs

Error - 7/22/2011 6:11:24 PM | Computer Name = LIFEBOOK | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 7/22/2011 6:11:27 PM | Computer Name = LIFEBOOK | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
szkg5 szkgfs

< End of report >

#6 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 23 July 2011 - 03:30 PM

Hi!

It looks like we maybe dealing with a rootkit infection here.

Running TDSSKiller

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

NEXT:

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:Services
:Processes
KILLALLPROCESSES
:OTL
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/home?AF=66666"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=adbartrp&AF=66666&q="
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=66666"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
[2011/03/28 17:53:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/03/28 17:18:12 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {3CE12596-5B96-4029-8082-FB85447D9B61} - No CLSID value found.
O2 - BHO: (no name) - {75F02544-2A24-4917-AD66-5649481F15F4} - No CLSID value found.
O2 - BHO: (no name) - {E8E531CE-2BCE-4A8B-88F1-2A17E9911AF6} - No CLSID value found.
O2 - BHO: (no name) - {F9AA5CA0-D3DF-4D02-965C-D202FEAE2D19} - No CLSID value found.
O2 - BHO: (no name) - SOFTWARE - No CLSID value found.
O3 - HKU\S-1-5-21-1765183899-2242799495-3402959499-1003\..\Toolbar\WebBrowser: (no name) - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - No CLSID value found.
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Pristine RTR Client http://chat.pristine.com/rtr/PristineRTR.CAB (Reg Error: Key error.)
O16 - DPF: Sametime JNI Loader ST30SP1 http://chat.pristine.com/RTR/Packages/Sametime/3.0/STJNILoader.cab (Reg Error: Key error.)
O16 - DPF: Sametime Meeting Toolkit ST30SP1 http://chat.pristine.com/RTR/Packages/Sametime/3.0/STMeeting.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Dominoes http://origin.games.yahoo.net/games/clients/y/dot9_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Hearts http://download2.games.yahoo.com/games/clients/y/ht1_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Pinochle http://download2.games.yahoo.com/games/clients/y/ut2_x.cab (Reg Error: Key error.)
O33 - MountPoints2\{c1bd2920-5d28-11de-a532-00e000eb3df2}\Shell - "" = AutoRun
O33 - MountPoints2\{c1bd2920-5d28-11de-a532-00e000eb3df2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c1bd2920-5d28-11de-a532-00e000eb3df2}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O37 - HKU\S-1-5-21-1765183899-2242799495-3402959499-1003\...exe [@ = exefile] -- Reg Error: Key error. File not found
[2011/06/14 17:19:31 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~21290788r
[2011/06/14 17:19:31 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~21290788
[2011/06/14 17:19:27 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\21290788
[2004/12/26 17:09:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\dukswiic.exe
[2004/11/06 00:58:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ajol.exe
[2004/11/06 00:58:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\uphnpk.exe
[2004/11/03 23:58:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cscrucu.exe
[2004/11/03 23:55:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ruxw.exe
[2004/11/01 03:34:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\aclsto.exe
[2004/11/01 03:34:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\lhqemxy.exe
[2004/11/01 03:13:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cerykbkt.exe
[2004/11/01 03:13:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\bwtq.exe
[2004/10/24 20:54:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\jqxkmzx.exe
[2004/10/24 20:54:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\gqrklil.exe
[2004/10/23 16:02:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\vravrnt.exe
[2004/10/20 21:53:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sybhfq.exe
[2004/09/01 00:07:28 | 000,000,045 | ---- | C] () -- C:\WINDOWS\EDJJJIGK.ini
[2004/08/09 22:56:11 | 000,005,460 | ---- | C] () -- C:\WINDOWS\kwv2.dat
@Alternate Data Stream - 302 bytes -> C:\WINDOWS\702:C=ev.ini

:Reg

:Files
type "C:\ComboFix.txt" /c
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[EMPTYFLASH]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:

Remove Program
We need to remove a program. To do this please do the following:

Click Start
Go to Control Panel
Go to Add/Remove Programs
Find and click Remove for the following (if present):
- J2SE Runtime Environment 5.0 Update 2
- J2SE Runtime Environment 5.0 Update 4
- Java 2 Runtime Environment, SE v1.4.0_01
- Viewpoint Media Player (Remove Only) <== If you don't use it, then I suggest removing it.
- Eusing Free Registry Cleaner <== If you don't use it, then I suggest removing it.
- Ad-Aware SE Personal <== If you don't use it, then I suggest removing it.
- Skype Toolbars <== If you don't use it, then I suggest removing it.
- Google Toolbar for Internet Explorer <== If you don't use it, then I suggest removing it.

#7 shawnhenson

Member

Group: Members
Posts: 15
Joined: 10-July 11

Posted 23 July 2011 - 09:10 PM

Here is the TDSSkiller report below. When I tried to run the OTL custom fix I got the following error message and the program would freeze. "Cannot create file C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vfynw989.default\prefs.js."

I also deleted all of the programs that you suggested.

2011/07/23 21:36:34.0520 2672 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/23 21:36:35.0752 2672 ================================================================================
2011/07/23 21:36:35.0752 2672 SystemInfo:
2011/07/23 21:36:35.0752 2672
2011/07/23 21:36:35.0752 2672 OS Version: 5.1.2600 ServicePack: 2.0
2011/07/23 21:36:35.0752 2672 Product type: Workstation
2011/07/23 21:36:35.0752 2672 ComputerName: LIFEBOOK
2011/07/23 21:36:35.0752 2672 UserName: Owner
2011/07/23 21:36:35.0752 2672 Windows directory: C:\WINDOWS
2011/07/23 21:36:35.0752 2672 System windows directory: C:\WINDOWS
2011/07/23 21:36:35.0752 2672 Processor architecture: Intel x86
2011/07/23 21:36:35.0752 2672 Number of processors: 1
2011/07/23 21:36:35.0752 2672 Page size: 0x1000
2011/07/23 21:36:35.0752 2672 Boot type: Normal boot
2011/07/23 21:36:35.0752 2672 ================================================================================
2011/07/23 21:36:47.0249 2672 Initialize success
2011/07/23 21:37:10.0632 2332 ================================================================================
2011/07/23 21:37:10.0632 2332 Scan started
2011/07/23 21:37:10.0632 2332 Mode: Manual;
2011/07/23 21:37:10.0632 2332 ================================================================================
2011/07/23 21:37:22.0259 2332 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/23 21:37:22.0730 2332 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/07/23 21:37:23.0761 2332 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/07/23 21:37:24.0312 2332 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/07/23 21:37:25.0203 2332 AgereSoftModem (262b19f246418a15c7d4b1250b7f12ac) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/07/23 21:37:28.0268 2332 ApfiltrService (ab9570fa938bcd68362f6701b136ccd1) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/07/23 21:37:28.0698 2332 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/07/23 21:37:30.0391 2332 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/23 21:37:30.0992 2332 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/23 21:37:31.0933 2332 ati2mtag (6361d85faf2442bbee2c25ada6cb8512) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/07/23 21:37:33.0004 2332 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/23 21:37:33.0585 2332 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/23 21:37:34.0316 2332 BCM43XX (588d19f3522fea9c76ab991fe457d929) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/07/23 21:37:34.0927 2332 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/23 21:37:35.0418 2332 BtnHnd (ff101366e20fbe976dc73f1d8cfd1aa2) C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys
2011/07/23 21:37:35.0889 2332 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/23 21:37:36.0239 2332 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/07/23 21:37:37.0401 2332 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/23 21:37:38.0182 2332 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/23 21:37:38.0713 2332 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/23 21:37:39.0664 2332 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/07/23 21:37:40.0665 2332 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/07/23 21:37:41.0567 2332 cvspydr2 (c6644d1a70c050fdd7ecbe8c3ac05313) C:\WINDOWS\system32\DRIVERS\cvspydr2.sys
2011/07/23 21:37:42.0799 2332 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/23 21:37:43.0630 2332 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/23 21:37:44.0351 2332 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/23 21:37:44.0982 2332 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/23 21:37:45.0583 2332 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/23 21:37:46.0524 2332 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/23 21:37:47.0265 2332 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/23 21:37:47.0966 2332 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/23 21:37:48.0727 2332 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/23 21:37:49.0779 2332 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/07/23 21:37:50.0460 2332 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/23 21:37:51.0161 2332 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/23 21:37:51.0691 2332 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/23 21:37:52.0282 2332 FUJ02B1 (00845dcd64fe6348ddf7890c310c17b9) C:\WINDOWS\system32\DRIVERS\FUJ02B1.sys
2011/07/23 21:37:52.0783 2332 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/07/23 21:37:53.0454 2332 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/23 21:37:54.0565 2332 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/23 21:37:56.0198 2332 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/23 21:37:57.0400 2332 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/23 21:37:57.0810 2332 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/23 21:37:59.0132 2332 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/23 21:37:59.0773 2332 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/23 21:38:00.0384 2332 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/23 21:38:01.0275 2332 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/23 21:38:01.0806 2332 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/23 21:38:02.0317 2332 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/23 21:38:03.0278 2332 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/23 21:38:03.0578 2332 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/23 21:38:03.0809 2332 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/23 21:38:04.0159 2332 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/23 21:38:04.0800 2332 libusb0 (e2f1dcf4a68cc6cf694fbfba1842f4cd) C:\WINDOWS\system32\drivers\libusb0.sys
2011/07/23 21:38:05.0561 2332 MASPINT (a2ae666cee860babe7fa6f1662b71737) C:\WINDOWS\system32\drivers\MASPINT.sys
2011/07/23 21:38:07.0214 2332 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys
2011/07/23 21:38:08.0505 2332 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/23 21:38:09.0247 2332 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/23 21:38:10.0178 2332 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/23 21:38:10.0799 2332 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/23 21:38:11.0680 2332 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/23 21:38:13.0473 2332 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/23 21:38:14.0204 2332 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/23 21:38:15.0375 2332 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/23 21:38:15.0916 2332 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/23 21:38:16.0637 2332 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/23 21:38:17.0068 2332 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/23 21:38:17.0789 2332 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/23 21:38:18.0470 2332 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/07/23 21:38:19.0111 2332 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/23 21:38:19.0641 2332 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/07/23 21:38:20.0142 2332 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/23 21:38:20.0753 2332 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/07/23 21:38:21.0484 2332 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/23 21:38:22.0375 2332 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/23 21:38:23.0056 2332 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/23 21:38:23.0397 2332 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/23 21:38:23.0557 2332 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/23 21:38:23.0717 2332 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/23 21:38:23.0978 2332 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/07/23 21:38:24.0178 2332 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/23 21:38:24.0358 2332 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/23 21:38:24.0529 2332 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/23 21:38:24.0679 2332 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/23 21:38:24.0879 2332 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/23 21:38:25.0580 2332 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/07/23 21:38:26.0261 2332 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
2011/07/23 21:38:27.0022 2332 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/23 21:38:27.0262 2332 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/23 21:38:27.0433 2332 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/23 21:38:27.0703 2332 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/23 21:38:27.0863 2332 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/07/23 21:38:28.0064 2332 PCTINDIS5 (a12bcc5d39c14a2d08df68ebb00aea0d) C:\WINDOWS\system32\PCTINDIS5.SYS
2011/07/23 21:38:29.0075 2332 pfc (ed2e7f396b4098608c95bc3806bdf6fc) C:\WINDOWS\system32\drivers\pfc.sys
2011/07/23 21:38:29.0245 2332 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/23 21:38:29.0426 2332 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/07/23 21:38:29.0616 2332 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/23 21:38:29.0786 2332 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/23 21:38:30.0026 2332 PxHelp20 (faa729e2e2fd3afb8df7a45de8769cc3) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/07/23 21:38:30.0717 2332 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/23 21:38:30.0878 2332 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/23 21:38:31.0078 2332 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/23 21:38:31.0258 2332 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/23 21:38:31.0438 2332 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/23 21:38:31.0639 2332 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/23 21:38:31.0889 2332 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/23 21:38:32.0109 2332 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/23 21:38:32.0360 2332 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
2011/07/23 21:38:32.0580 2332 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/23 21:38:32.0770 2332 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
2011/07/23 21:38:32.0991 2332 SEWModem (780c6319d1de60aa816e752261798500) C:\WINDOWS\system32\DRIVERS\GC75.sys
2011/07/23 21:38:33.0271 2332 SEWWNIC (fd607ddfe8c4992cac8a9be0ac60037f) C:\WINDOWS\system32\DRIVERS\GC75Net.sys
2011/07/23 21:38:33.0411 2332 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/23 21:38:33.0742 2332 sisagp (497ce69d7222df2758bec383cfd3638f) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/07/23 21:38:33.0962 2332 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/07/23 21:38:34.0192 2332 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/07/23 21:38:34.0503 2332 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/23 21:38:34.0683 2332 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/23 21:38:34.0873 2332 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/23 21:38:35.0154 2332 STAC97 (cebf089c55301138584d228893798732) C:\WINDOWS\system32\drivers\STAC97.sys
2011/07/23 21:38:35.0334 2332 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/07/23 21:38:35.0494 2332 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/23 21:38:35.0665 2332 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/23 21:38:36.0526 2332 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/23 21:38:37.0107 2332 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/23 21:38:37.0287 2332 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/23 21:38:37.0437 2332 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/23 21:38:37.0597 2332 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/23 21:38:37.0888 2332 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/23 21:38:38.0298 2332 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/23 21:38:38.0539 2332 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/07/23 21:38:38.0849 2332 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/23 21:38:39.0059 2332 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/23 21:38:39.0270 2332 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/23 21:38:39.0430 2332 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/07/23 21:38:39.0630 2332 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/23 21:38:39.0821 2332 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/23 21:38:40.0061 2332 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/23 21:38:40.0271 2332 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/07/23 21:38:40.0441 2332 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/07/23 21:38:40.0702 2332 VNUSB (ae01e1ed5a81e0d268b91b4a6de5a872) C:\WINDOWS\system32\DRIVERS\VNUSB.sys
2011/07/23 21:38:40.0872 2332 VolSnap (e33edbb864a22f7474d2b297e44ee0b6) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/23 21:38:40.0882 2332 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: e33edbb864a22f7474d2b297e44ee0b6, Fake md5: ee4660083deba849ff6c485d944b379b
2011/07/23 21:38:40.0912 2332 VolSnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/07/23 21:38:41.0142 2332 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/23 21:38:41.0413 2332 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/23 21:38:41.0783 2332 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/07/23 21:38:42.0014 2332 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/07/23 21:38:42.0524 2332 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/07/23 21:38:42.0665 2332 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/07/23 21:38:42.0795 2332 Boot (0x1200) (f5f78f24a8f8d169bc6141cdcc62f893) \Device\Harddisk0\DR0\Partition0
2011/07/23 21:38:42.0845 2332 Boot (0x1200) (7806f9c709b48e35fcef1f782532e747) \Device\Harddisk0\DR0\Partition1
2011/07/23 21:38:42.0865 2332 ================================================================================
2011/07/23 21:38:42.0865 2332 Scan finished
2011/07/23 21:38:42.0865 2332 ================================================================================
2011/07/23 21:38:42.0895 0344 Detected object count: 1
2011/07/23 21:38:42.0895 0344 Actual detected object count: 1
2011/07/23 21:38:59.0679 0344 VolSnap (e33edbb864a22f7474d2b297e44ee0b6) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/23 21:38:59.0679 0344 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: e33edbb864a22f7474d2b297e44ee0b6, Fake md5: ee4660083deba849ff6c485d944b379b
2011/07/23 21:39:05.0748 0344 Backup copy found, using it..
2011/07/23 21:39:06.0048 0344 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured after reboot
2011/07/23 21:39:06.0048 0344 Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Cure
2011/07/23 21:39:59.0135 1380 Deinitialize success

#8 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 24 July 2011 - 09:30 AM

Hi!

It looks like TDSSKiller found the main culprit.

Posted Image

One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.

I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

NEXT:

The main infection that you were infected with is called TDL3.

See the snippet of text below:

Quote

2011/07/23 21:38:42.0895 0344 Detected object count: 1
2011/07/23 21:38:42.0895 0344 Actual detected object count: 1
2011/07/23 21:38:59.0679 0344 VolSnap (e33edbb864a22f7474d2b297e44ee0b6) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/23 21:38:59.0679 0344 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: e33edbb864a22f7474d2b297e44ee0b6, Fake md5: ee4660083deba849ff6c485d944b379b
2011/07/23 21:39:05.0748 0344 Backup copy found, using it..
2011/07/23 21:39:06.0048 0344 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured after reboot
2011/07/23 21:39:06.0048 0344 Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Cure
2011/07/23 21:39:59.0135 1380 Deinitialize success

You can read more about this infection here:

Special thanks to quietman7 for providing the above links.

NEXT:

When you ran the OTL fix, did you have a Firefox window open? If so, please attempt to re-run it with Firefox closed.

If not, run this OTL Fix instead:

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:Services
:Processes
KILLALLPROCESSES
:OTL
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {3CE12596-5B96-4029-8082-FB85447D9B61} - No CLSID value found.
O2 - BHO: (no name) - {75F02544-2A24-4917-AD66-5649481F15F4} - No CLSID value found.
O2 - BHO: (no name) - {E8E531CE-2BCE-4A8B-88F1-2A17E9911AF6} - No CLSID value found.
O2 - BHO: (no name) - {F9AA5CA0-D3DF-4D02-965C-D202FEAE2D19} - No CLSID value found.
O2 - BHO: (no name) - SOFTWARE - No CLSID value found.
O3 - HKU\S-1-5-21-1765183899-2242799495-3402959499-1003\..\Toolbar\WebBrowser: (no name) - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - No CLSID value found.
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Pristine RTR Client http://chat.pristine.com/rtr/PristineRTR.CAB (Reg Error: Key error.)
O16 - DPF: Sametime JNI Loader ST30SP1 http://chat.pristine.com/RTR/Packages/Sametime/3.0/STJNILoader.cab (Reg Error: Key error.)
O16 - DPF: Sametime Meeting Toolkit ST30SP1 http://chat.pristine.com/RTR/Packages/Sametime/3.0/STMeeting.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Dominoes http://origin.games.yahoo.net/games/clients/y/dot9_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Hearts http://download2.games.yahoo.com/games/clients/y/ht1_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Pinochle http://download2.games.yahoo.com/games/clients/y/ut2_x.cab (Reg Error: Key error.)
O33 - MountPoints2\{c1bd2920-5d28-11de-a532-00e000eb3df2}\Shell - "" = AutoRun
O33 - MountPoints2\{c1bd2920-5d28-11de-a532-00e000eb3df2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c1bd2920-5d28-11de-a532-00e000eb3df2}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O37 - HKU\S-1-5-21-1765183899-2242799495-3402959499-1003\...exe [@ = exefile] -- Reg Error: Key error. File not found
[2011/06/14 17:19:31 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~21290788r
[2011/06/14 17:19:31 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~21290788
[2011/06/14 17:19:27 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\21290788
[2004/12/26 17:09:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\dukswiic.exe
[2004/11/06 00:58:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ajol.exe
[2004/11/06 00:58:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\uphnpk.exe
[2004/11/03 23:58:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cscrucu.exe
[2004/11/03 23:55:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ruxw.exe
[2004/11/01 03:34:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\aclsto.exe
[2004/11/01 03:34:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\lhqemxy.exe
[2004/11/01 03:13:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cerykbkt.exe
[2004/11/01 03:13:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\bwtq.exe
[2004/10/24 20:54:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\jqxkmzx.exe
[2004/10/24 20:54:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\gqrklil.exe
[2004/10/23 16:02:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\vravrnt.exe
[2004/10/20 21:53:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sybhfq.exe
[2004/09/01 00:07:28 | 000,000,045 | ---- | C] () -- C:\WINDOWS\EDJJJIGK.ini
[2004/08/09 22:56:11 | 000,005,460 | ---- | C] () -- C:\WINDOWS\kwv2.dat
@Alternate Data Stream - 302 bytes -> C:\WINDOWS\702:C=ev.ini

:Reg

:Files
type "C:\ComboFix.txt" /c
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[EMPTYFLASH]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

#9 shawnhenson

Member

Group: Members
Posts: 15
Joined: 10-July 11

Posted 24 July 2011 - 01:18 PM

Thank you for the extra resources and information. I ran the second fix since the first one didn't work even when all of my internet browser windows were closed. Here is the report from that. I would like to try to clean this computer.

========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CE12596-5B96-4029-8082-FB85447D9B61}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CE12596-5B96-4029-8082-FB85447D9B61}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75F02544-2A24-4917-AD66-5649481F15F4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75F02544-2A24-4917-AD66-5649481F15F4}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8E531CE-2BCE-4A8B-88F1-2A17E9911AF6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8E531CE-2BCE-4A8B-88F1-2A17E9911AF6}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9AA5CA0-D3DF-4D02-965C-D202FEAE2D19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9AA5CA0-D3DF-4D02-965C-D202FEAE2D19}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\SOFTWARE\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1765183899-2242799495-3402959499-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Starting removal of ActiveX control Pristine RTR Client
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Pristine RTR Client\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Pristine RTR Client\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Pristine RTR Client\ not found.
Starting removal of ActiveX control Sametime JNI Loader ST30SP1
C:\WINDOWS\Downloaded Program Files\STJNILoader.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Sametime JNI Loader ST30SP1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Sametime JNI Loader ST30SP1\ not found.
Starting removal of ActiveX control Sametime Meeting Toolkit ST30SP1
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Sametime Meeting Toolkit ST30SP1\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Sametime Meeting Toolkit ST30SP1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Sametime Meeting Toolkit ST30SP1\ not found.
Starting removal of ActiveX control Yahoo! Dominoes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Yahoo! Dominoes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Yahoo! Dominoes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Yahoo! Dominoes\ not found.
Starting removal of ActiveX control Yahoo! Hearts
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Yahoo! Hearts\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Yahoo! Hearts\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Yahoo! Hearts\ not found.
Starting removal of ActiveX control Yahoo! Pinochle
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Yahoo! Pinochle\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Yahoo! Pinochle\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Yahoo! Pinochle\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1bd2920-5d28-11de-a532-00e000eb3df2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1bd2920-5d28-11de-a532-00e000eb3df2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1bd2920-5d28-11de-a532-00e000eb3df2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1bd2920-5d28-11de-a532-00e000eb3df2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1bd2920-5d28-11de-a532-00e000eb3df2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1bd2920-5d28-11de-a532-00e000eb3df2}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_USERS\S-1-5-21-1765183899-2242799495-3402959499-1003_Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1765183899-2242799495-3402959499-1003_Classes\exefile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\Documents and Settings\All Users\Application Data\~21290788r moved successfully.
C:\Documents and Settings\All Users\Application Data\~21290788 moved successfully.
C:\Documents and Settings\All Users\Application Data\21290788 moved successfully.
C:\WINDOWS\system32\dukswiic.exe moved successfully.
C:\WINDOWS\system32\ajol.exe moved successfully.
C:\WINDOWS\system32\uphnpk.exe moved successfully.
C:\WINDOWS\system32\cscrucu.exe moved successfully.
C:\WINDOWS\system32\ruxw.exe moved successfully.
C:\WINDOWS\system32\aclsto.exe moved successfully.
C:\WINDOWS\system32\lhqemxy.exe moved successfully.
C:\WINDOWS\system32\cerykbkt.exe moved successfully.
C:\WINDOWS\system32\bwtq.exe moved successfully.
C:\WINDOWS\system32\jqxkmzx.exe moved successfully.
C:\WINDOWS\system32\gqrklil.exe moved successfully.
C:\WINDOWS\system32\vravrnt.exe moved successfully.
C:\WINDOWS\system32\sybhfq.exe moved successfully.
C:\WINDOWS\EDJJJIGK.ini moved successfully.
C:\WINDOWS\kwv2.dat moved successfully.
ADS C:\WINDOWS\702:C=ev.ini deleted successfully.
========== REGISTRY ==========
========== FILES ==========
< type "C:\ComboFix.txt" /c >
C:\Documents and Settings\Owner\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\My Documents\Downloads\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Owner\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Owner
->Flash cache emptied: 1978878 bytes

Total Flash Files Cleaned = 2.00 mb

OTL by OldTimer - Version 3.2.26.1 log created on 07242011_140538

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#10 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 24 July 2011 - 06:55 PM

Hi!

Okay, that's no problem!

Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

#11 shawnhenson

Member

Group: Members
Posts: 15
Joined: 10-July 11

Posted 24 July 2011 - 08:39 PM

I tried running combofix from my desktop. It froze after it installed the Microsoft Windows Recovery Console. Now my computer has the Microsoft Windows Recovery Console on it. My computer is running a lot better and a lot faster now. Google and Yahoo no longer redirects when I do a search. The problem appears to be gone. I realize though that there might still be a little more to clean up, so I look forward to your reply. Thanks a lot!! It's taken a long time and a lot of aggravation, so I appreciate your help!

#12 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 25 July 2011 - 09:42 AM

Hi!

Can you please try to run ComboFix in Safe mode, and see if it will run for you there?

#13 shawnhenson

Member

Group: Members
Posts: 15
Joined: 10-July 11

Posted 25 July 2011 - 11:49 AM

I tried running the program in safe mode and the same thing happened. It ran for about 2 or 3 mins and than it froze. I let it continue running for about 30 mins to make sure it was actually frozen and not just working itself out.

#14 SweetTech

Agent ST

Group: Malware Response Team
Posts: 12,662
Joined: 15-March 09
Gender:Male
Location:Antarctica

Posted 25 July 2011 - 06:13 PM

Hi!

Lets skip the ComboFix instructions for now, and try running these scans.

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Select Perform quick scan, then click on Scan
Leave the default options as it is and click on Start Scan
When done, you will be prompted. Click OK, then click on Show Results
Checked (ticked) all items and click on Remove Selected
After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT:

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is Unchecked
When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
- Enable Anti-Stealth technology
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

NEXT:

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

#15 shawnhenson

Member

Group: Members
Posts: 15
Joined: 10-July 11

Posted 26 July 2011 - 07:22 PM

Here's the report from Malwarebytes. The Eset scan found 0 threats and so did not produce a report at the end.

alwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7286

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

7/26/2011 5:19:37 PM
mbam-log-2011-07-26 (17-19-36).txt

Scan type: Quick scan
Objects scanned: 157294
Time elapsed: 16 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Here's the security scan report

Results of screen317's Security Check version 0.99.17
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
eTrust EZ Armor
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java Web Start
Java™ 6 Update 26
Flash Player Out of Date!
Adobe Flash Player 10.0.32.18
Mozilla Firefox (2.0.0) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````