Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HiJack this log


  • This topic is locked This topic is locked
13 replies to this topic

#1 earnest5

earnest5

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 18 February 2010 - 03:55 PM

Hi I have a problem. Ever time I do a web search I get sent to a different page.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:54:08 PM, on 2/18/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\dj\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - *{5aa14397-d310-447d-8548-2dd90218a07d} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Universal Installer] "C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe" /fromrun /starthidden
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Diner%20Dash%20-%20Flo%20on%20the%20Go/Images/stg_drm.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate...opAntiVirus.dll
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: AVGRSSTX.DLL,C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12209 bytes



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:37 PM

Posted 19 February 2010 - 05:48 PM

Hello! smile.gif
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT




  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.



=============



The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for the following boxes. Please uncheck these boxes.
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive, which is typically C:\
    • Show All (This is important, so do not miss it.)
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.


Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 earnest5

earnest5
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 19 February 2010 - 09:28 PM

OTL logfile created on: 2/19/2010 7:54:23 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Users\dj\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 28.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.97 Gb Total Space | 49.92 Gb Free Space | 35.92% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.19 Gb Free Space | 61.95% Space Free | Partition Type: NTFS
Drive E: | 5.54 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DJ-PC
Current User Name: dj
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/19 19:08:49 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\dj\Downloads\OTL.exe
PRC - [2010/02/18 15:23:24 | 001,229,232 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/02/18 15:23:24 | 000,815,184 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/02/18 15:08:26 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/01/15 22:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/07 09:04:13 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/12/31 09:58:35 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/12/12 08:54:21 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/12/12 08:54:20 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/12/07 09:57:12 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/12/07 09:57:10 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/11/28 19:32:46 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2009/11/28 19:32:42 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/11/18 12:36:53 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2009/10/01 16:03:14 | 001,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2009/09/28 21:16:16 | 009,347,072 | ---- | M] () -- C:\Program Files\MySpace\IM\MySpaceIM.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/05/21 09:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/02/15 18:40:14 | 000,091,440 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2009/02/04 16:57:42 | 004,363,504 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/20 06:50:34 | 002,656,528 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/12/20 06:46:58 | 000,558,864 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/12/16 20:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/09/08 23:02:08 | 000,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/09/08 23:02:00 | 000,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/09/08 07:02:59 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/09/05 22:26:28 | 000,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/08/29 10:18:44 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/02/11 20:13:10 | 000,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2008/02/11 20:13:08 | 000,133,656 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2008/02/11 20:13:02 | 000,166,424 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2008/01/19 02:33:40 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008/01/19 02:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/19 02:33:33 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2007/11/02 20:12:50 | 000,262,144 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2007/10/19 20:46:08 | 000,610,304 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2007/10/19 20:46:08 | 000,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2007/10/14 21:17:32 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007/10/14 20:38:52 | 000,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2007/08/31 12:01:22 | 001,037,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
PRC - [2007/08/31 11:58:52 | 000,357,800 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
PRC - [2007/07/04 03:25:16 | 000,947,544 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
PRC - [2007/04/19 11:33:54 | 000,880,640 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
PRC - [2007/04/13 10:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2007/04/04 01:01:42 | 000,774,144 | R--- | M] () -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
PRC - [2007/03/16 03:23:20 | 000,983,040 | R--- | M] (Teleca AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/03 18:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/11/02 04:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2006/10/20 17:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/08/04 19:39:20 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2003/02/25 00:52:00 | 000,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\LEXBCES.EXE
PRC - [2003/02/25 00:50:00 | 000,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\LEXPPS.EXE


========== Modules (SafeList) ==========

MOD - [2010/02/19 19:08:49 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\dj\Downloads\OTL.exe
MOD - [2009/11/28 19:33:45 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2008/01/19 02:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - [2010/02/18 15:23:24 | 001,229,232 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/02/10 18:48:29 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/28 19:32:46 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/11/28 19:32:42 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/11/18 12:36:53 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/10/01 16:03:14 | 001,858,144 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/16 20:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/09/24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/09/08 23:02:00 | 000,536,872 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/09/05 22:26:28 | 000,116,040 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/08/29 10:18:44 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 02:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/19 02:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/11/06 21:16:54 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/11/06 21:16:54 | 000,139,264 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007/04/13 10:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/08/04 19:39:20 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/02/25 00:52:00 | 000,303,104 | ---- | M] (Lexmark International, Inc.) [Auto | Running] -- C:\Windows\System32\LEXBCES.EXE -- (LexBceS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-2130474847-2308447009-2560494822-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-2130474847-2308447009-2560494822-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2130474847-2308447009-2560494822-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2130474847-2308447009-2560494822-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2130474847-2308447009-2560494822-1000\..\URLSearchHook: *{5aa14397-d310-447d-8548-2dd90218a07d} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2130474847-2308447009-2560494822-1000\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2130474847-2308447009-2560494822-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-2130474847-2308447009-2560494822-1000\S-1-5-21-2130474847-2308447009-2560494822-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2130474847-2308447009-2560494822-1000\S-1-5-21-2130474847-2308447009-2560494822-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: morningCoffee@shaneliesegang:1.33
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.2
FF - prefs.js..extensions.netassistant.keyword.enabled: false
FF - prefs.js..extensions.netassistant.keyword.original: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="
FF - prefs.js..keyword.URL: "http://click.w3i.com/?Programid=167&Elementname=Keyword&Applicationid=00000000-0000-0000-0000-000000000000&Version=3.6.2&searchterm="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/12 08:55:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2009/12/17 20:38:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox 3 Beta 5\components [2010/02/10 10:26:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3 Beta 5\plugins [2010/02/10 10:26:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/18 13:20:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/18 13:20:49 | 000,000,000 | ---D | M]

[2009/03/06 01:25:44 | 000,000,000 | ---D | M] -- C:\Users\dj\AppData\Roaming\Mozilla\Extensions
[2009/03/06 01:25:44 | 000,000,000 | ---D | M] -- C:\Users\dj\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/02/19 13:42:17 | 000,000,000 | ---D | M] -- C:\Users\dj\AppData\Roaming\Mozilla\Firefox\Profiles\a546oe5c.default\extensions
[2009/09/30 11:39:06 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\dj\AppData\Roaming\Mozilla\Firefox\Profiles\a546oe5c.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2009/09/30 11:39:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dj\AppData\Roaming\Mozilla\Firefox\Profiles\a546oe5c.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/02/27 01:15:28 | 000,000,000 | ---D | M] -- C:\Users\dj\AppData\Roaming\Mozilla\Firefox\Profiles\a546oe5c.default\extensions\morningCoffee@shaneliesegang
[2010/01/13 22:08:21 | 000,002,186 | ---- | M] () -- C:\Users\dj\AppData\Roaming\Mozilla\Firefox\Profiles\a546oe5c.default\searchplugins\bing.xml
[2009/09/28 20:46:40 | 000,002,160 | ---- | M] () -- C:\Users\dj\AppData\Roaming\Mozilla\Firefox\Profiles\a546oe5c.default\searchplugins\MySpace.xml
[2010/01/24 00:09:01 | 000,009,977 | ---- | M] () -- C:\Users\dj\AppData\Roaming\Mozilla\Firefox\Profiles\a546oe5c.default\searchplugins\mywebsearch.xml
[2010/02/18 13:20:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/02/17 23:39:10 | 000,001,244 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-2130474847-2308447009-2560494822-1000\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-2130474847-2308447009-2560494822-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-18..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2130474847-2308447009-2560494822-1000..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-2130474847-2308447009-2560494822-1000..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe File not found
O4 - HKU\S-1-5-21-2130474847-2308447009-2560494822-1000..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\S-1-5-21-2130474847-2308447009-2560494822-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-2130474847-2308447009-2560494822-1000..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-21-2130474847-2308447009-2560494822-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-2130474847-2308447009-2560494822-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2130474847-2308447009-2560494822-1000..\Run: [Universal Installer] C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-2130474847-2308447009-2560494822-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\dj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe (Smith Micro Software, Inc.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2130474847-2308447009-2560494822-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2130474847-2308447009-2560494822-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-2130474847-2308447009-2560494822-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKU\S-1-5-21-2130474847-2308447009-2560494822-1000\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2130474847-2308447009-2560494822-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Diner%20Dash%20-%20Flo%20on%20the%20Go/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcpitstop.com/Exterminate...opAntiVirus.dll (PCPitstop AntiVirus)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.75.198 68.87.64.150
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (AVGRSSTX.DLL) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\dj\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\dj\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/04/29 21:57:16 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/10/21 17:22:16 | 000,000,045 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{190d4418-ee8b-11dc-9323-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{190d4418-ee8b-11dc-9323-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2009/04/29 21:57:16 | 000,054,544 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/07/07 16:59:31 | 000,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/02/18 16:53:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/02/18 16:53:17 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/02/18 15:53:06 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\dj\Desktop\HijackThis.exe
[2010/02/18 15:23:46 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/02/18 15:23:39 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/02/18 15:21:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/02/18 15:21:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/02/18 15:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/02/18 14:02:02 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/02/17 21:22:43 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/02/16 22:38:38 | 000,000,000 | ---D | C] -- C:\Users\dj\AppData\Roaming\DVD Profiler
[2010/02/16 22:37:36 | 000,000,000 | ---D | C] -- C:\Users\dj\Documents\DVD Profiler
[2010/02/16 22:37:35 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Profiler
[2010/02/16 15:19:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\New Folder
[2010/02/16 15:06:36 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
[2010/02/16 02:59:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/02/16 02:59:06 | 000,000,000 | ---D | C] -- C:\Users\dj\AppData\Roaming\SUPERAntiSpyware.com
[2010/02/16 02:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/02/16 02:58:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/02/15 18:10:37 | 000,000,000 | ---D | C] -- C:\Users\dj\Documents\a-squared Free
[2010/02/15 18:10:37 | 000,000,000 | ---D | C] -- C:\Program Files\a-squared Free
[2010/02/15 17:27:55 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2010/02/15 16:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE
[2010/02/15 08:05:17 | 000,000,000 | ---D | C] -- C:\Advanced Defender
[2010/02/14 18:51:58 | 003,043,328 | ---- | C] (Atomix Productions) -- C:\Users\dj\Desktop\virtualdj_trial.exe
[2010/02/14 18:48:11 | 000,000,000 | ---D | C] -- C:\Users\dj\Documents\VirtualDJ
[2010/02/14 18:48:11 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2010/02/10 19:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010/02/10 18:56:55 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/02/10 18:54:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/02/10 18:48:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/02/10 01:49:21 | 000,000,000 | ---D | C] -- C:\Users\dj\AppData\Roaming\Big Fish Games
[2010/02/09 20:02:56 | 000,000,000 | ---D | C] -- C:\Users\dj\Documents\Movie Collector
[2010/02/06 16:45:47 | 000,000,000 | ---D | C] -- C:\Users\dj\AppData\Roaming\vlc
[2010/02/06 16:38:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Readon
[2010/02/06 16:36:41 | 000,000,000 | ---D | C] -- C:\Users\dj\AppData\Local\Readon_Technology
[2010/02/06 16:36:41 | 000,000,000 | ---D | C] -- C:\Users\dj\Documents\Readon Player
[2010/02/06 16:35:40 | 000,000,000 | ---D | C] -- C:\Program Files\Readon Technology

========== Files - Modified Within 14 Days ==========

[2010/02/19 20:00:03 | 004,980,736 | -HS- | M] () -- C:\Users\dj\ntuser.dat
[2010/02/19 19:47:29 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/19 19:47:29 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/19 19:47:26 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/19 19:47:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/19 17:05:28 | 055,938,014 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/02/19 14:25:49 | 000,703,448 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/02/19 14:25:49 | 000,603,774 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/02/19 14:25:49 | 000,104,834 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/19 14:24:58 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/02/18 18:03:17 | 000,524,288 | -HS- | M] () -- C:\Users\dj\ntuser.dat{ef2ec724-e603-11de-8379-001d098d3040}.TMContainer00000000000000000001.regtrans-ms
[2010/02/18 18:03:17 | 000,065,536 | -HS- | M] () -- C:\Users\dj\ntuser.dat{ef2ec724-e603-11de-8379-001d098d3040}.TM.blf
[2010/02/18 18:03:13 | 002,914,154 | -H-- | M] () -- C:\Users\dj\AppData\Local\IconCache.db
[2010/02/18 16:53:27 | 000,001,057 | ---- | M] () -- C:\Users\dj\Desktop\Spybot - Search & Destroy.lnk
[2010/02/18 15:53:08 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\dj\Desktop\HijackThis.exe
[2010/02/18 15:23:35 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/02/18 15:23:33 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2010/02/18 15:21:48 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/02/18 14:50:29 | 002,221,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/18 13:20:56 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/02/17 23:39:10 | 000,001,244 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/02/17 17:41:01 | 006,335,797 | ---- | M] () -- C:\Users\Public\Documents\new ecw champion.psd
[2010/02/17 17:36:23 | 032,967,302 | ---- | M] () -- C:\Users\dj\Documents\video.mp4
[2010/02/16 22:37:41 | 000,000,908 | ---- | M] () -- C:\Users\dj\Desktop\DVD Profiler.lnk
[2010/02/16 17:26:22 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for dj.job
[2010/02/16 15:16:47 | 000,209,408 | ---- | M] () -- C:\Users\dj\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/16 15:09:12 | 005,344,306 | ---- | M] () -- C:\Users\dj\Documents\YouTube- Mickie James-Are You With Me.mp4
[2010/02/16 15:06:37 | 000,000,921 | ---- | M] () -- C:\Users\dj\Desktop\YouTube Downloader.lnk
[2010/02/16 02:59:08 | 000,000,904 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/15 18:10:55 | 000,000,772 | ---- | M] () -- C:\Users\Public\Desktop\a-squared Free.lnk
[2010/02/15 11:14:47 | 000,073,816 | ---- | M] () -- C:\Users\dj\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/15 08:05:17 | 000,000,679 | ---- | M] () -- C:\Advanced Defender.lnk
[2010/02/15 08:05:17 | 000,000,000 | ---- | M] () -- C:\Windows\System32\winscent.exe
[2010/02/14 19:47:00 | 000,114,102 | ---- | M] () -- C:\Users\dj\Documents\a.mp3
[2010/02/10 19:02:33 | 000,001,004 | ---- | M] () -- C:\Users\dj\Desktop\Adobe Photoshop CS4.lnk
[2010/02/10 18:36:00 | 000,005,216 | ---- | M] () -- C:\Users\dj\AppData\Local\d3d9caps.dat
[2010/02/10 10:28:15 | 000,000,855 | ---- | M] () -- C:\Users\dj\Desktop\MCF6.exe - Shortcut.lnk
[2010/02/10 01:25:52 | 000,061,365 | ---- | M] () -- C:\Users\dj\Desktop\hey copy.jpg
[2010/02/09 20:29:37 | 000,014,670 | ---- | M] () -- C:\Users\dj\AppData\Roaming\wklnhst.dat
[2010/02/07 18:43:21 | 000,000,175 | ---- | M] () -- C:\Users\dj\AppData\Roaming\default.rss
[2010/02/07 18:13:54 | 002,143,017 | ---- | M] () -- C:\Users\dj\Desktop\fearless.mp3
[2010/02/07 18:04:11 | 003,333,135 | ---- | M] () -- C:\Users\dj\Desktop\rockstar.mp3
[2010/02/06 17:52:05 | 000,002,683 | ---- | M] () -- C:\Users\Public\Desktop\Readon TV Movie Radio Player.lnk
[2010/02/06 14:01:42 | 000,001,046 | ---- | M] () -- C:\Users\dj\Desktop\GameCollector.exe - Shortcut.lnk

========== Files Created - No Company Name ==========

[2010/02/18 16:53:27 | 000,001,057 | ---- | C] () -- C:\Users\dj\Desktop\Spybot - Search & Destroy.lnk
[2010/02/18 15:42:46 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/02/18 15:21:48 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/02/18 13:20:56 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/02/17 17:41:01 | 006,335,797 | ---- | C] () -- C:\Users\Public\Documents\new ecw champion.psd
[2010/02/17 17:36:23 | 032,967,302 | ---- | C] () -- C:\Users\dj\Documents\video.mp4
[2010/02/16 22:37:41 | 000,000,908 | ---- | C] () -- C:\Users\dj\Desktop\DVD Profiler.lnk
[2010/02/16 15:09:12 | 005,344,306 | ---- | C] () -- C:\Users\dj\Documents\YouTube- Mickie James-Are You With Me.mp4
[2010/02/16 15:06:37 | 000,000,921 | ---- | C] () -- C:\Users\dj\Desktop\YouTube Downloader.lnk
[2010/02/16 02:59:08 | 000,000,904 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/15 18:10:55 | 000,000,772 | ---- | C] () -- C:\Users\Public\Desktop\a-squared Free.lnk
[2010/02/15 08:05:17 | 000,000,679 | ---- | C] () -- C:\Advanced Defender.lnk
[2010/02/15 08:05:17 | 000,000,000 | ---- | C] () -- C:\Windows\System32\winscent.exe
[2010/02/14 19:46:55 | 000,114,102 | ---- | C] () -- C:\Users\dj\Documents\a.mp3
[2010/02/10 19:02:33 | 000,001,004 | ---- | C] () -- C:\Users\dj\Desktop\Adobe Photoshop CS4.lnk
[2010/02/10 10:28:15 | 000,000,855 | ---- | C] () -- C:\Users\dj\Desktop\MCF6.exe - Shortcut.lnk
[2010/02/10 01:25:50 | 000,061,365 | ---- | C] () -- C:\Users\dj\Desktop\hey copy.jpg
[2010/02/07 18:12:52 | 002,143,017 | ---- | C] () -- C:\Users\dj\Desktop\fearless.mp3
[2010/02/07 18:03:06 | 003,333,135 | ---- | C] () -- C:\Users\dj\Desktop\rockstar.mp3
[2010/02/06 16:35:41 | 000,002,683 | ---- | C] () -- C:\Users\Public\Desktop\Readon TV Movie Radio Player.lnk
[2010/02/06 14:01:42 | 000,001,046 | ---- | C] () -- C:\Users\dj\Desktop\GameCollector.exe - Shortcut.lnk
[2009/07/06 14:08:32 | 000,000,000 | ---- | C] () -- C:\Users\dj\AppData\Roaming\downloads.m3u
[2009/04/26 06:59:12 | 000,000,013 | -H-- | C] () -- C:\ProgramData\113.sys
[2009/04/20 10:16:45 | 000,000,277 | ---- | C] () -- C:\Users\dj\AppData\Local\RAExpertHistory.xml
[2009/04/20 10:14:58 | 000,000,381 | ---- | C] () -- C:\Users\dj\AppData\Local\rahistory.xml
[2009/03/18 17:13:37 | 000,081,110 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/02/04 00:10:03 | 000,000,795 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/12/16 20:58:54 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2008/12/16 20:50:56 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLgFT.dll
[2008/12/15 20:45:25 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2008/10/16 07:27:22 | 000,000,175 | ---- | C] () -- C:\Users\dj\AppData\Roaming\default.rss
[2008/10/13 07:28:55 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/09/23 23:31:00 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2008/09/08 07:04:14 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/07/07 16:24:25 | 000,000,004 | ---- | C] () -- C:\Users\dj\AppData\Roaming\C9B7BD
[2008/07/07 16:24:24 | 000,870,128 | ---- | C] () -- C:\Users\dj\AppData\Roaming\mcs.rma
[2008/06/17 22:59:17 | 000,021,560 | ---- | C] () -- C:\Windows\System32\drivers\atapi.sys
[2008/05/21 17:03:58 | 000,049,152 | ---- | C] () -- C:\Windows\System32\VZWDLManager.dll
[2008/03/15 20:55:30 | 000,014,670 | ---- | C] () -- C:\Users\dj\AppData\Roaming\wklnhst.dat
[2008/03/15 13:44:10 | 000,005,216 | ---- | C] () -- C:\Users\dj\AppData\Local\d3d9caps.dat
[2008/03/14 21:14:21 | 000,000,280 | ---- | C] () -- C:\Windows\Lexstat.ini
[2008/03/14 16:25:10 | 000,209,408 | ---- | C] () -- C:\Users\dj\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/10 13:14:19 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/03/10 13:14:19 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2008/03/10 13:14:19 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/03/10 13:14:17 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/01/02 16:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 16:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 16:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1997/06/13 19:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== LOP Check ==========

[2010/02/10 01:49:21 | 000,000,000 | ---D | M] -- C:\Users\dj\AppData\Roaming\Big Fish Games
[2008/11/28 13:41:56 | 000,000,000 | ---D | M] -- C:\Users\dj\AppData\Roaming\Canon
[2010/02/19 19:07:09 | 000,000,000 | ---D | M] -- C:\Users\dj\AppData\Roaming\DVD Profiler
[2008/11/30 14:20:12 | 000,000,000 | ---D | M] -- C:\Users\dj\AppData\Roaming\GameInvest
[2008/06/14 21:41:57 | 000,000,000 | ---D | M] -- C:\Users\dj\AppData\Roaming\Home Sweet Home
[2008/04/30 17:50:27 | 000,000,000 | ---D | M] -- C:\Users\dj\AppData\Roaming\ICAClient
[2008/12/21 01:23:31 | 000,000,000 | ---D | M] -- C:\Users\dj\AppData\Roaming\iWinArcade
[2010/02/14 20:15:46 | 000,000,000 | ---D | M] -- C:\Users\dj\AppData\Roaming\LimeWire
[2008/05/27 15:37:16 | 000,000,000 | ---D | M] -- C:\Users\dj\AppData\Roaming\Lionhead Studios
[2008/11/11 18:03:39 | 000,000,000 | ---D | M] -- C:\Users\dj\AppData\Roaming\Ludia
[2008/11/30 23:08:50 | 000,000,000 | ---D | M] -- C:\Users\dj\AppData\Roaming\Memeo
[2009/01/15 22:08:49 | 000,000,000 | ---D | M] -- C:\Users\dj\AppData\Roaming\MysteryStudio
[2008/11/19 02:30:41 | 000,000,000 | ---D | M] -- C:\Users\dj\AppData\Roaming\PlayFirst
[2009/08/02 22:50:58 | 000,000,000 | ---D | M] -- C:\Users\dj\AppData\Roaming\Smith Micro
[2008/09/19 00:19:36 | 000,000,000 | ---D | M] -- C:\Users\dj\AppData\Roaming\SpinTop
[2009/12/01 18:00:20 | 000,000,000 | ---D | M] -- C:\Users\dj\AppData\Roaming\SystemRequirementsLab
[2008/05/10 12:01:50 | 000,000,000 | ---D | M] -- C:\Users\dj\AppData\Roaming\Teleca
[2008/03/15 20:55:32 | 000,000,000 | ---D | M] -- C:\Users\dj\AppData\Roaming\Template
[2009/04/26 07:52:24 | 000,000,000 | ---D | M] -- C:\Users\dj\AppData\Roaming\Virtual Mechanics
[2010/02/18 18:03:47 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2008/03/10 12:59:55 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\drivers\AGP440.sys
[2008/03/10 12:59:55 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2008/03/10 12:59:55 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2008/03/10 12:59:55 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/03/10 13:00:18 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2008/03/10 13:13:49 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5da5d093\atapi.sys
[2008/03/10 13:13:49 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20580_none_db8503133dc1c2af\atapi.sys
[2008/03/10 13:13:49 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_6c3af7d3\atapi.sys
[2008/03/10 13:13:49 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16470_none_db063634249c06f4\atapi.sys
[2008/03/10 12:59:52 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys
[2008/03/10 12:59:52 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys
[2008/03/10 13:00:18 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2008/03/10 13:00:18 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2008/03/14 16:35:02 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/03/14 16:35:02 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/03/14 16:35:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008/03/14 16:35:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2007/04/26 05:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Drivers\storage\R154092\iastor.sys
[2007/04/26 05:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys
[2007/04/26 05:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys
[2007/04/26 05:41:38 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_5f6e7be5\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 04:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 02:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/19 02:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 02:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/19 02:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 04:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/19 02:38:03 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/19 02:36:10 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:7E499B52
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:89C2A42C
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:C8E29393
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:C22674B6
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:D99A9131
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:9B7E8561
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:695CE4C3
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:7C017FB1
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:588B60C7
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:D31BE97C
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:271512BB
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:88D32024
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:D83224FA
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:BCFDAB5F
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:B9AA1D6D
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:9BF08751
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:85DA68FC
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:A73EAFFB
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:8EEE3BBB
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5F1019FF
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5B85C37B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:41099CE9
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:9ACB70D7
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:0745BF73
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:64217CD0
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:E54FA796
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:78CC8F21
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:4F3BEF81
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:9AB56A06
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:87FA5E8A
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:4862644E
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:FACB65E7
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:CF6CEB7B
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:3A925163
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:D09AEE3D
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:15DE523E
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:52DBE86F
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D3EEA250
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:ED810E46
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:37994DBE
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:2D61FFEE
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:E4712EE9
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:A73B0434
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:700CD00E
< End of report >


OTL Extras logfile created on: 2/19/2010 7:54:23 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Users\dj\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 28.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.97 Gb Total Space | 49.92 Gb Free Space | 35.92% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.19 Gb Free Space | 61.95% Space Free | Partition Type: NTFS
Drive E: | 5.54 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DJ-PC
Current User Name: dj
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2130474847-2308447009-2560494822-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0524C813-53AD-4028-B0B3-556D7B28A0C5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{079B8748-BF59-4D52-A41A-46398010825B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0A24AF0A-A8E1-47CB-9AB3-7445112C2308}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1EB2B61F-E803-4BF4-BD24-1DC8B65CB508}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2DC42900-4123-46F5-B971-4A0BEECB90AA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3516FD40-17B9-4939-A583-28D7A7D1C594}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{46394F27-88FE-4478-8D37-400C5CA769B9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{577687E9-4EDC-4674-8501-C01DC1FC4168}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{734E9EBA-0890-4C3E-8AB5-96CF5FB43CC2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7D018992-3656-45D2-AB99-CF0FE5DC983E}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{8A158D02-0F74-4AC2-8284-E9AC2E8FFA3D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{952D41EB-137B-4144-B0C3-652B72994456}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CC757934-DD4C-4B45-A41E-6CE46746511D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D66CA667-F680-4079-8FD0-F9AFCC0B7EF4}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E0C455EE-FF64-4E9C-9A65-772FDC2E92FC}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E657DECF-CB5A-4336-807E-DB2B16DE1094}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08A1B734-B138-487E-BD4F-7EA0F8353075}" = protocol=6 | dir=in | app=c:\windows\system32\lxbccoms.exe |
"{0B230DC3-A9E3-41A2-9222-87FE1C8D6BE7}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{0D0A126A-E25A-4D35-9398-D3C9AD618304}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{14A6A591-D32D-4CFF-B749-F235BFE48AB6}" = protocol=17 | dir=in | app=c:\windows\system32\lxbccoms.exe |
"{14D69281-8F46-419F-B32C-C7045CE6285E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1D8BEB0E-21A5-49F7-9B95-616AD5520C5B}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{215FAC9C-D152-44FB-A65C-897C3C9FE8A0}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{3919F594-3AA3-4157-A3B7-D755F9F43DA7}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{5124B661-278F-4ECD-ADFB-3B002D213EE4}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{52A66F3F-10B1-4017-AC18-B550A82AA314}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{545A5853-73FE-4D63-8249-76D696802AAA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5E4363C1-3AB5-4AAE-9D6B-5DFC003DC354}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5FC33D46-D2D9-4A85-8525-290DF511FA90}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7074311C-298F-4AEE-8EF3-A15B84F254C1}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{708336C7-5452-4FA0-9409-FEFFF4DD691A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{72D8C54A-4AC4-4FBD-AE0F-C83F918C1BA9}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbcpswx.exe |
"{73568AA5-0D98-4183-AA2F-F868E1961472}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7BE09774-8461-42D7-90FC-7B8F5DB452FF}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{8A0D8287-D40B-4618-9224-138BF0044146}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{8AC25B88-3A59-482B-BEC6-7DEB6D6144FC}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{91C3D791-994C-4A17-BB6C-2729F71CEEBE}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{97376DCE-D0E1-4239-B4C9-E1EDD9860132}" = dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"{9AC727AA-2AE3-430B-87CD-99B942A13263}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9C6B24DF-A9D6-4525-97CF-7EFF22287E82}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A11F6117-D72E-46DD-8B1F-57148D2D5B26}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{A44CBAA5-52F3-41DC-9016-8BB54A0A0F3D}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{B2DF1DA6-8EC5-4BBE-A0CF-EFAD67F32D68}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{C32277C2-9ECB-4767-AA87-229F1FDCA7F2}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{C71338BD-2440-4638-85A8-B7E3C5C1F9B4}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{C9DBE279-D118-4302-ACB8-B4C2FF8AE6D2}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{C9EB23AD-3BC0-49EF-9433-3E1081EDB3B0}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D13DC995-C561-4053-A97C-B454BF1BABA3}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{D5BDB5AB-B651-4A66-84E4-EE49B3753D0F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D6FFA961-195B-4F3A-9B85-52E717E68CCE}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbcpswx.exe |
"{EB15340B-1CEB-4491-AA2A-D795A1EA2DAE}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{EE4A3315-AFE4-4E45-921E-678A6A6A53D0}" = protocol=6 | dir=out | app=system |
"{F1E8E8F2-8743-4D1D-B2EE-5CCD387665AE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F5CE9AE2-3A7B-4AED-8F2A-204A14781714}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{FB995CAB-A6B6-47EB-9D89-52A08980913C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{00705C61-F5C0-4761-B8F9-B80CBD3BCA8C}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{0E6806B8-2880-4DA9-AED3-D16EB0B46DD6}C:\program files\myspace\im\myspaceim.exe" = protocol=6 | dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"TCP Query User{4E836740-C2D8-49FF-B77E-C99810B5B399}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"TCP Query User{85646D33-118C-4395-A0F9-BD1532C0F4AA}C:\program files\lionhead studios ltd\black & white\runblack.exe" = protocol=6 | dir=in | app=c:\program files\lionhead studios ltd\black & white\runblack.exe |
"TCP Query User{B7B4C6CD-0BFD-446D-A258-CBDD406A8CED}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{C7466C38-6F47-4A65-B54A-382B381EA072}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{D218FC80-F608-4C95-B16F-D19667478A70}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{D5CA4CFC-7230-4B20-96ED-536BF55EA642}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{DA37E1F8-C910-4D5A-88FA-14B932F5A327}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"TCP Query User{E350758F-F8C0-4413-89BB-64A731206E31}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{F516A620-48ED-41DA-A797-830684823AA6}C:\program files\readon technology\readon tv movie radio player 6.0.0.0\internettv.exe" = protocol=6 | dir=in | app=c:\program files\readon technology\readon tv movie radio player 6.0.0.0\internettv.exe |
"UDP Query User{02A7F788-E5E5-47B3-9A99-A1127F25B3AC}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{1D61187E-6551-4575-A3E9-FB7E75ADE25F}C:\program files\lionhead studios ltd\black & white\runblack.exe" = protocol=17 | dir=in | app=c:\program files\lionhead studios ltd\black & white\runblack.exe |
"UDP Query User{2CC29000-D8CD-42C2-A783-38FB1AD4B5F2}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{4E585BC9-CBCB-44CC-9338-D6719CFBB220}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"UDP Query User{65E612E7-DE76-433A-B083-0044EFE7F3DA}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{8C7D2E7E-4F8D-4414-8F67-BC327DB343BD}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{97655747-EB66-4C75-AD6D-E33DBCA0445E}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{A430ABFC-0A2B-4F5C-B405-01011EC35EB1}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{D3E1B15E-3339-41EB-892B-C7FE92CEB5F1}C:\program files\myspace\im\myspaceim.exe" = protocol=17 | dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"UDP Query User{F0DC2F5B-5673-4294-9BED-19E9D5797B39}C:\program files\readon technology\readon tv movie radio player 6.0.0.0\internettv.exe" = protocol=17 | dir=in | app=c:\program files\readon technology\readon tv movie radio player 6.0.0.0\internettv.exe |
"UDP Query User{F42181D1-1823-4BCF-9231-3C8A5FB77724}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{00C908A6-8038-4101-909C-575D8B83B57D}" = PS3ThemeCreator
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0CE5F45E-F6CC-4638-B0DD-BB7F6EF56713}" = HP Deskjet D1500 Printer Driver Software 10.0 Rel .3
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{2357B8BC-88C9-4A72-818C-050CC4EB0778}" = AOL Install
"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{291f244b-cc97-480d-bd57-0539fca2fb88}" = Nero 9 Trial
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{305468A6-DE2D-43ba-A168-2F45A97A89DA}" = DJ_SF_03_D1500_Software_Min
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{38436888-9EAA-4cec-A56F-65B73D9D423C}" = D1500
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Beta)
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{4f0c3000-98f8-4ff0-bbb4-87f198eed247}" = Nero 9
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{52D44F93-8FA9-4945-A817-0E98669CCE03}" = Sony Ericsson PC Suite
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{54AE3C08-D7D8-45FF-9348-0B4BE0D5A6CB}" = Comcast Universal Installer v1.2
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = MobileMe Control Panel
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.11.0
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80757F48-95CA-4DF5-8A07-CE308A665BF2}" = Canon Driver Auto Installation
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82C113AD-486F-4bd5-A2EA-2383AF57D084}" = D1500_Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B8240B3-891D-4965-AA51-8799622D44FF}" = DJ_SF_03_D1500_ProductContext
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1421599-A42D-47ef-B512-B9B0317BD599}" = DJ_SF_03_D1500_Software
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims 3
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C7C895CA-331B-4D7D-A0FB-D3BC637949F9}" = Apple Mobile Device Support
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CA621297-7883-4C7B-919D-90CB90D1CFF0}" = Sony Ericsson Drivers
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE6DEE87-1C87-42ED-A108-7369BFE9076F}" = 32 bit Windows Card Reader Driver
"{D2BD3C8F-9D7F-472B-BDF9-7309A5CB813A}" = Motorola Driver Installation 3.5.0
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E723FBDD-0417-4546-8EB9-49A3CD443D3D}" = Readon TV Movie Radio Player 6.0.0.0
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"{EA418519-2160-43A0-AABD-6608DDD8D87F}" = iTunes
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.7.20090805
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"0B9DCE8E-9DC8-40E4-ABB2-D355D4C2FF75_is1" = Sisimizi Game Catalog 1.0.0.0
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Applian FLV Player2.0.24" = Applian FLV Player
"a-squared Free_is1" = a-squared Free 4.5
"Audacity_is1" = Audacity 1.2.6
"AVG9Uninstall" = AVG Free 9.0
"AviSynth" = AviSynth 2.5
"BFGC" = Big Fish Games Client
"BFG-Mystery Case Files - Return to Ravenhearst" = Mystery Case Files: Return to Ravenhearst
"CANONIJPLM100" = PIXMA Extended Survey Program
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"Collectorz.com Game Collector" = Collectorz.com Game Collector
"Collectorz.com Movie Collector" = Collectorz.com Movie Collector
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EADM" = EA Download Manager
"Eye Candy 4000" = Eye Candy 4000
"GIF Animator" = Microsoft GIF Animator
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"InvelosDVDProfiler_is1" = DVD Profiler Version 3.5.1
"legacyqcam_11.10" = Logitech Legacy USB Camera Driver Package
"LimeWire" = LimeWire 5.1.1
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mortimer Beckett and the Secrets of Spooky Manor" = Mortimer Beckett and the Secrets of Spooky Manor
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MySpaceIM" = MySpaceIM
"PROSetDX" = Intel® PRO Network Connections 12.1.11.0
"RealPlayer 6.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"Smart-Shopper" = SmartShopper
"SpongeBob SquarePants Diner Dash 2" = SpongeBob SquarePants Diner Dash 2
"SUPER " = SUPER Version 2008.bld.33 (Sep 2, 2008)
"SystemRequirementsLab" = System Requirements Lab
"V CAST Music with Rhapsody" = V CAST Music with Rhapsody
"VCast Music Essentials Manager" = V CAST Music Manager
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VZAccess Manager" = VZAccess Manager
"WinRAR archiver" = WinRAR archiver
"XP Recovery CD Maker (Trial Version)_is1" = XP Recovery CD Maker (Trial Version)
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >








#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:37 PM

Posted 20 February 2010 - 11:29 AM

Were you able to run Gmer? If so, please post that log for me also.


We need to run this special tool.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • If prompted to reboot, please do so.
  • When it is done, a log file should be created on your desktop called "TDSSKiller.txt" please copy and paste the contents of that file here.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 earnest5

earnest5
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 20 February 2010 - 02:26 PM

Were you able to run Gmer? No I let it run all night and all it did was lock up my computer.

#6 earnest5

earnest5
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 20 February 2010 - 02:42 PM

14:31:34:060 5740 TDSS rootkit removing tool 2.2.4 Feb 15 2010 19:38:31
14:31:34:060 5740 ================================================================================
14:31:34:060 5740 SystemInfo:

14:31:34:060 5740 OS Version: 6.0.6001 ServicePack: 1.0
14:31:34:060 5740 Product type: Workstation
14:31:34:061 5740 ComputerName: DJ-PC
14:31:34:061 5740 UserName: dj
14:31:34:061 5740 Windows directory: C:\Windows
14:31:34:061 5740 Processor architecture: Intel x86
14:31:34:061 5740 Number of processors: 2
14:31:34:061 5740 Page size: 0x1000
14:31:34:088 5740 Boot type: Normal boot
14:31:34:088 5740 ================================================================================
14:31:34:092 5740 ForceUnloadDriverW: Old driver(klmd21) unloaded successfully
14:31:34:593 5740 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000
14:31:34:741 5740 UtilityInit: KLMD drop and load success
14:31:34:741 5740 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201010)
14:31:34:741 5740 UtilityInit: KLMD open success
14:31:34:741 5740 UtilityInit: Initialize success
14:31:34:741 5740
14:31:34:741 5740 Scanning Services ...
14:31:34:741 5740 CreateRegParser: Registry parser init started
14:31:34:741 5740 CreateRegParser: DisableWow64Redirection error
14:31:34:741 5740 wfopen_ex: Trying to open file C:\Windows\system32\config\system
14:31:34:842 5740 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\system) returned status C0000043
14:31:34:842 5740 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
14:31:34:842 5740 wfopen_ex: Trying to KLMD file open
14:31:34:842 5740 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\system
14:31:34:842 5740 wfopen_ex: File opened ok (Flags 2)
14:31:34:897 5740 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\system) init success: 25B1440
14:31:34:897 5740 wfopen_ex: Trying to open file C:\Windows\system32\config\software
14:31:34:917 5740 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\software) returned status C0000043
14:31:34:917 5740 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
14:31:34:917 5740 wfopen_ex: Trying to KLMD file open
14:31:34:917 5740 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\software
14:31:34:917 5740 wfopen_ex: File opened ok (Flags 2)
14:31:34:917 5740 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\software) init success: 25B1468
14:31:34:917 5740 CreateRegParser: EnableWow64Redirection error
14:31:34:917 5740 CreateRegParser: RegParser init completed
14:31:42:213 5740 GetAdvancedServicesInfo: Raw services enum returned 461 services
14:31:42:221 5740 fclose_ex: Trying to close file C:\Windows\system32\config\system
14:31:42:222 5740 fclose_ex: Trying to close file C:\Windows\system32\config\software
14:31:42:222 5740
14:31:42:222 5740 Scanning Kernel memory ...
14:31:42:223 5740 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
14:31:42:223 5740 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 855EE0C0
14:31:42:223 5740 DetectCureTDL3: KLMD_GetDeviceObjectList returned 5 DevObjects
14:31:42:223 5740
14:31:42:223 5740 DetectCureTDL3: DEVICE_OBJECT: 86DD9AC8
14:31:42:223 5740 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86DD9AC8
14:31:42:223 5740 DetectCureTDL3: DEVICE_OBJECT: 86D7D9E0
14:31:42:223 5740 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86D7D9E0
14:31:42:223 5740 KLMD_ReadMem: Trying to ReadMemory 0x86D7D9E0[0x38]
14:31:42:223 5740 DetectCureTDL3: DRIVER_OBJECT: 86D74328
14:31:42:223 5740 KLMD_ReadMem: Trying to ReadMemory 0x86D74328[0xA8]
14:31:42:223 5740 KLMD_ReadMem: Trying to ReadMemory 0x86D29B38[0x1E]
14:31:42:223 5740 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR
14:31:42:223 5740 DetectCureTDL3: IRP_MJ_CREATE : 807E2B40
14:31:42:223 5740 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 8262E013
14:31:42:223 5740 DetectCureTDL3: IRP_MJ_CLOSE : 807E2BB8
14:31:42:223 5740 DetectCureTDL3: IRP_MJ_READ : 807E2C30
14:31:42:223 5740 DetectCureTDL3: IRP_MJ_WRITE : 807E2C30
14:31:42:224 5740 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 8262E013
14:31:42:224 5740 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 8262E013
14:31:42:224 5740 DetectCureTDL3: IRP_MJ_QUERY_EA : 8262E013
14:31:42:224 5740 DetectCureTDL3: IRP_MJ_SET_EA : 8262E013
14:31:42:224 5740 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 8262E013
14:31:42:224 5740 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 8262E013
14:31:42:224 5740 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 8262E013
14:31:42:224 5740 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 8262E013
14:31:42:224 5740 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 8262E013
14:31:42:224 5740 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : 807E2828
14:31:42:224 5740 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : 807D74AA
14:31:42:224 5740 DetectCureTDL3: IRP_MJ_SHUTDOWN : 8262E013
14:31:42:224 5740 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 8262E013
14:31:42:224 5740 DetectCureTDL3: IRP_MJ_CLEANUP : 8262E013
14:31:42:224 5740 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 8262E013
14:31:42:224 5740 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 8262E013
14:31:42:224 5740 DetectCureTDL3: IRP_MJ_SET_SECURITY : 8262E013
14:31:42:224 5740 DetectCureTDL3: IRP_MJ_POWER : 807E0F9A
14:31:42:224 5740 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : 807DE7A2
14:31:42:224 5740 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 8262E013
14:31:42:224 5740 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 8262E013
14:31:42:224 5740 DetectCureTDL3: IRP_MJ_SET_QUOTA : 8262E013
14:31:42:224 5740 TDL3_FileDetect: Processing driver: USBSTOR
14:31:42:225 5740 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:31:42:225 5740 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:31:42:275 5740 KLMD_ReadMem: Trying to ReadMemory 0x807D9A44[0x400]
14:31:42:275 5740 TDL3_StartIoHookDetect: CheckParameters: 4, 807DD000, 0
14:31:42:275 5740 TDL3_FileDetect: Processing driver: USBSTOR
14:31:42:276 5740 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:31:42:276 5740 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:31:42:302 5740 TDL3_FileDetect: C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
14:31:42:302 5740
14:31:42:302 5740 DetectCureTDL3: DEVICE_OBJECT: 86DDA560
14:31:42:302 5740 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86DDA560
14:31:42:302 5740 DetectCureTDL3: DEVICE_OBJECT: 86D7E560
14:31:42:302 5740 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86D7E560
14:31:42:302 5740 KLMD_ReadMem: Trying to ReadMemory 0x86D7E560[0x38]
14:31:42:302 5740 DetectCureTDL3: DRIVER_OBJECT: 86D74328
14:31:42:302 5740 KLMD_ReadMem: Trying to ReadMemory 0x86D74328[0xA8]
14:31:42:302 5740 KLMD_ReadMem: Trying to ReadMemory 0x86D29B38[0x1E]
14:31:42:302 5740 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR
14:31:42:302 5740 DetectCureTDL3: IRP_MJ_CREATE : 807E2B40
14:31:42:302 5740 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 8262E013
14:31:42:303 5740 DetectCureTDL3: IRP_MJ_CLOSE : 807E2BB8
14:31:42:303 5740 DetectCureTDL3: IRP_MJ_READ : 807E2C30
14:31:42:303 5740 DetectCureTDL3: IRP_MJ_WRITE : 807E2C30
14:31:42:303 5740 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 8262E013
14:31:42:303 5740 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 8262E013
14:31:42:303 5740 DetectCureTDL3: IRP_MJ_QUERY_EA : 8262E013
14:31:42:303 5740 DetectCureTDL3: IRP_MJ_SET_EA : 8262E013
14:31:42:303 5740 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 8262E013
14:31:42:303 5740 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 8262E013
14:31:42:303 5740 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 8262E013
14:31:42:303 5740 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 8262E013
14:31:42:303 5740 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 8262E013
14:31:42:303 5740 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : 807E2828
14:31:42:303 5740 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : 807D74AA
14:31:42:303 5740 DetectCureTDL3: IRP_MJ_SHUTDOWN : 8262E013
14:31:42:303 5740 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 8262E013
14:31:42:303 5740 DetectCureTDL3: IRP_MJ_CLEANUP : 8262E013
14:31:42:303 5740 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 8262E013
14:31:42:303 5740 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 8262E013
14:31:42:303 5740 DetectCureTDL3: IRP_MJ_SET_SECURITY : 8262E013
14:31:42:303 5740 DetectCureTDL3: IRP_MJ_POWER : 807E0F9A
14:31:42:303 5740 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : 807DE7A2
14:31:42:303 5740 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 8262E013
14:31:42:304 5740 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 8262E013
14:31:42:304 5740 DetectCureTDL3: IRP_MJ_SET_QUOTA : 8262E013
14:31:42:304 5740 TDL3_FileDetect: Processing driver: USBSTOR
14:31:42:304 5740 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:31:42:304 5740 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:31:42:323 5740 KLMD_ReadMem: Trying to ReadMemory 0x807D9A44[0x400]
14:31:42:324 5740 TDL3_StartIoHookDetect: CheckParameters: 4, 807DD000, 0
14:31:42:324 5740 TDL3_FileDetect: Processing driver: USBSTOR
14:31:42:324 5740 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:31:42:324 5740 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:31:42:367 5740 TDL3_FileDetect: C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
14:31:42:368 5740
14:31:42:368 5740 DetectCureTDL3: DEVICE_OBJECT: 86DDAAC8
14:31:42:368 5740 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86DDAAC8
14:31:42:368 5740 DetectCureTDL3: DEVICE_OBJECT: 86D2A7E0
14:31:42:368 5740 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86D2A7E0
14:31:42:368 5740 KLMD_ReadMem: Trying to ReadMemory 0x86D2A7E0[0x38]
14:31:42:368 5740 DetectCureTDL3: DRIVER_OBJECT: 86D74328
14:31:42:368 5740 KLMD_ReadMem: Trying to ReadMemory 0x86D74328[0xA8]
14:31:42:368 5740 KLMD_ReadMem: Trying to ReadMemory 0x86D29B38[0x1E]
14:31:42:368 5740 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR
14:31:42:368 5740 DetectCureTDL3: IRP_MJ_CREATE : 807E2B40
14:31:42:368 5740 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 8262E013
14:31:42:368 5740 DetectCureTDL3: IRP_MJ_CLOSE : 807E2BB8
14:31:42:368 5740 DetectCureTDL3: IRP_MJ_READ : 807E2C30
14:31:42:368 5740 DetectCureTDL3: IRP_MJ_WRITE : 807E2C30
14:31:42:368 5740 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 8262E013
14:31:42:368 5740 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 8262E013
14:31:42:368 5740 DetectCureTDL3: IRP_MJ_QUERY_EA : 8262E013
14:31:42:368 5740 DetectCureTDL3: IRP_MJ_SET_EA : 8262E013
14:31:42:368 5740 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 8262E013
14:31:42:368 5740 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 8262E013
14:31:42:368 5740 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 8262E013
14:31:42:368 5740 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 8262E013
14:31:42:369 5740 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 8262E013
14:31:42:369 5740 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : 807E2828
14:31:42:369 5740 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : 807D74AA
14:31:42:369 5740 DetectCureTDL3: IRP_MJ_SHUTDOWN : 8262E013
14:31:42:369 5740 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 8262E013
14:31:42:369 5740 DetectCureTDL3: IRP_MJ_CLEANUP : 8262E013
14:31:42:369 5740 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 8262E013
14:31:42:369 5740 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 8262E013
14:31:42:369 5740 DetectCureTDL3: IRP_MJ_SET_SECURITY : 8262E013
14:31:42:369 5740 DetectCureTDL3: IRP_MJ_POWER : 807E0F9A
14:31:42:369 5740 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : 807DE7A2
14:31:42:369 5740 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 8262E013
14:31:42:369 5740 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 8262E013
14:31:42:369 5740 DetectCureTDL3: IRP_MJ_SET_QUOTA : 8262E013
14:31:42:369 5740 TDL3_FileDetect: Processing driver: USBSTOR
14:31:42:369 5740 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:31:42:369 5740 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:31:42:410 5740 KLMD_ReadMem: Trying to ReadMemory 0x807D9A44[0x400]
14:31:42:411 5740 TDL3_StartIoHookDetect: CheckParameters: 4, 807DD000, 0
14:31:42:411 5740 TDL3_FileDetect: Processing driver: USBSTOR
14:31:42:411 5740 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:31:42:411 5740 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:31:42:633 5740 TDL3_FileDetect: C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
14:31:42:633 5740
14:31:42:633 5740 DetectCureTDL3: DEVICE_OBJECT: 86D90030
14:31:42:633 5740 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86D90030
14:31:42:633 5740 DetectCureTDL3: DEVICE_OBJECT: 86DDDCD0
14:31:42:633 5740 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86DDDCD0
14:31:42:633 5740 KLMD_ReadMem: Trying to ReadMemory 0x86DDDCD0[0x38]
14:31:42:633 5740 DetectCureTDL3: DRIVER_OBJECT: 86D74328
14:31:42:633 5740 KLMD_ReadMem: Trying to ReadMemory 0x86D74328[0xA8]
14:31:42:633 5740 KLMD_ReadMem: Trying to ReadMemory 0x86D29B38[0x1E]
14:31:42:633 5740 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR
14:31:42:633 5740 DetectCureTDL3: IRP_MJ_CREATE : 807E2B40
14:31:42:633 5740 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 8262E013
14:31:42:633 5740 DetectCureTDL3: IRP_MJ_CLOSE : 807E2BB8
14:31:42:633 5740 DetectCureTDL3: IRP_MJ_READ : 807E2C30
14:31:42:633 5740 DetectCureTDL3: IRP_MJ_WRITE : 807E2C30
14:31:42:633 5740 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 8262E013
14:31:42:634 5740 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 8262E013
14:31:42:634 5740 DetectCureTDL3: IRP_MJ_QUERY_EA : 8262E013
14:31:42:634 5740 DetectCureTDL3: IRP_MJ_SET_EA : 8262E013
14:31:42:634 5740 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 8262E013
14:31:42:634 5740 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 8262E013
14:31:42:634 5740 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 8262E013
14:31:42:634 5740 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 8262E013
14:31:42:634 5740 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 8262E013
14:31:42:634 5740 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : 807E2828
14:31:42:634 5740 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : 807D74AA
14:31:42:634 5740 DetectCureTDL3: IRP_MJ_SHUTDOWN : 8262E013
14:31:42:634 5740 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 8262E013
14:31:42:634 5740 DetectCureTDL3: IRP_MJ_CLEANUP : 8262E013
14:31:42:634 5740 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 8262E013
14:31:42:634 5740 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 8262E013
14:31:42:634 5740 DetectCureTDL3: IRP_MJ_SET_SECURITY : 8262E013
14:31:42:634 5740 DetectCureTDL3: IRP_MJ_POWER : 807E0F9A
14:31:42:634 5740 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : 807DE7A2
14:31:42:634 5740 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 8262E013
14:31:42:634 5740 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 8262E013
14:31:42:634 5740 DetectCureTDL3: IRP_MJ_SET_QUOTA : 8262E013
14:31:42:634 5740 TDL3_FileDetect: Processing driver: USBSTOR
14:31:42:635 5740 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:31:42:635 5740 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:31:42:692 5740 KLMD_ReadMem: Trying to ReadMemory 0x807D9A44[0x400]
14:31:42:693 5740 TDL3_StartIoHookDetect: CheckParameters: 4, 807DD000, 0
14:31:42:693 5740 TDL3_FileDetect: Processing driver: USBSTOR
14:31:42:693 5740 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:31:42:693 5740 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:31:42:745 5740 TDL3_FileDetect: C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
14:31:42:745 5740
14:31:42:745 5740 DetectCureTDL3: DEVICE_OBJECT: 8560D620
14:31:42:746 5740 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8560D620
14:31:42:746 5740 DetectCureTDL3: DEVICE_OBJECT: 84A6E9D0
14:31:42:746 5740 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84A6E9D0
14:31:42:746 5740 DetectCureTDL3: DEVICE_OBJECT: 853DFBA0
14:31:42:746 5740 KLMD_GetLowerDeviceObject: Trying to get lower device object for 853DFBA0
14:31:42:746 5740 KLMD_ReadMem: Trying to ReadMemory 0x853DFBA0[0x38]
14:31:42:746 5740 DetectCureTDL3: DRIVER_OBJECT: 86439C90
14:31:42:746 5740 KLMD_ReadMem: Trying to ReadMemory 0x86439C90[0xA8]
14:31:42:746 5740 KLMD_ReadMem: Trying to ReadMemory 0x853E0028[0x38]
14:31:42:746 5740 KLMD_ReadMem: Trying to ReadMemory 0x84644F38[0xA8]
14:31:42:746 5740 KLMD_ReadMem: Trying to ReadMemory 0x84A65368[0x1A]
14:31:42:746 5740 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
14:31:42:746 5740 DetectCureTDL3: IRP_MJ_CREATE : 8542281A
14:31:42:746 5740 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 8542281A
14:31:42:746 5740 DetectCureTDL3: IRP_MJ_CLOSE : 8542281A
14:31:42:746 5740 DetectCureTDL3: IRP_MJ_READ : 8542281A
14:31:42:746 5740 DetectCureTDL3: IRP_MJ_WRITE : 8542281A
14:31:42:746 5740 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 8542281A
14:31:42:746 5740 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 8542281A
14:31:42:746 5740 DetectCureTDL3: IRP_MJ_QUERY_EA : 8542281A
14:31:42:746 5740 DetectCureTDL3: IRP_MJ_SET_EA : 8542281A
14:31:42:747 5740 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 8542281A
14:31:42:747 5740 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 8542281A
14:31:42:747 5740 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 8542281A
14:31:42:747 5740 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 8542281A
14:31:42:747 5740 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 8542281A
14:31:42:747 5740 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : 8542281A
14:31:42:747 5740 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : 8542281A
14:31:42:747 5740 DetectCureTDL3: IRP_MJ_SHUTDOWN : 8542281A
14:31:42:747 5740 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 8542281A
14:31:42:747 5740 DetectCureTDL3: IRP_MJ_CLEANUP : 8542281A
14:31:42:747 5740 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 8542281A
14:31:42:747 5740 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 8542281A
14:31:42:747 5740 DetectCureTDL3: IRP_MJ_SET_SECURITY : 8542281A
14:31:42:747 5740 DetectCureTDL3: IRP_MJ_POWER : 8542281A
14:31:42:747 5740 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : 8542281A
14:31:42:747 5740 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 8542281A
14:31:42:747 5740 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 8542281A
14:31:42:747 5740 DetectCureTDL3: IRP_MJ_SET_QUOTA : 8542281A
14:31:42:747 5740 TDL3_FileDetect: Processing driver: atapi
14:31:42:747 5740 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\atapi.sys
14:31:42:747 5740 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\atapi.sys
14:31:42:750 5740 DetectCureTDL3: All IRP handlers pointed to one addr: 8542281A
14:31:42:750 5740 KLMD_ReadMem: Trying to ReadMemory 0x8542281A[0x400]
14:31:42:750 5740 TDL3_IrpHookDetect: CheckParameters: 4, FFDF0308, 333, 121, 3, 109
14:31:42:750 5740 Driver "atapi" Irp handler infected by TDSS rootkit ... 14:31:42:750 5740 KLMD_WriteMem: Trying to WriteMemory 0x85422893[0xD]
14:31:42:750 5740 cured
14:31:42:751 5740 KLMD_ReadMem: Trying to ReadMemory 0x854226C5[0x400]
14:31:42:751 5740 TDL3_StartIoHookDetect: CheckParameters: 9, FFDF0308, 1
14:31:42:751 5740 Driver "atapi" StartIo handler infected by TDSS rootkit ... 14:31:42:751 5740 TDL3_StartIoHookCure: Number of patches 1
14:31:42:751 5740 KLMD_WriteMem: Trying to WriteMemory 0x854227CE[0x6]
14:31:42:751 5740 cured
14:31:42:752 5740 TDL3_FileDetect: Processing driver: atapi
14:31:42:753 5740 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\atapi.sys
14:31:42:753 5740 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\atapi.sys
14:31:42:832 5740 TDL3_FileDetect: C:\Windows\system32\drivers\atapi.sys - Verdict: Infected
14:31:42:832 5740 File C:\Windows\system32\drivers\atapi.sys infected by TDSS rootkit ... 14:31:42:833 5740 TDL3_FileCure: Processing driver file: C:\Windows\system32\drivers\atapi.sys
14:31:58:653 5740 FileCallback: Backup candidate found: C:\Windows\system32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys:21560, checking..
14:31:58:780 5740 ValidateDriverFile: Stage 1 passed
14:31:58:782 5740 ValidateDriverFile: Stage 2 passed
14:31:58:900 5740 DigitalSignVerifyByHandle: Embedded DS result: 00000000
14:31:58:900 5740 ValidateDriverFile: Stage 3 passed
14:31:58:900 5740 FileCallback: File validated successfully, restore information prepared
14:32:08:501 5740 FindDriverFileBackup: Backup copy found in DriverStore
14:32:08:501 5740 TDL3_FileCure: Backup copy found, using it..
14:32:08:502 5740 TDL3_FileCure: Dumping cured buffer to file C:\Windows\system32\drivers\tskB6EF.tmp
14:32:08:780 5740 TDL3_FileCure: New / Old Image paths: (system32\drivers\tskB6EF.tmp, system32\drivers\atapi.sys)
14:32:08:834 5740 TDL3_FileCure: KLMD jobs schedule success
14:32:08:834 5740 will be cured on next reboot
14:32:08:835 5740 UtilityBootReinit: Reboot required for cure complete..
14:32:08:836 5740 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmdb.sys) returned status 00000000
14:32:08:839 5740 UtilityBootReinit: KLMD drop success
14:32:08:840 5740 KLMD_ApplyPendList: Pending buffer(645E_9C5, 616) dropped successfully
14:32:08:840 5740 UtilityBootReinit: Cure on reboot scheduled successfully
14:32:08:840 5740
14:32:08:841 5740 Completed
14:32:08:841 5740
14:32:08:841 5740 Results:
14:32:08:841 5740 Memory objects infected / cured / cured on reboot: 2 / 2 / 0
14:32:08:842 5740 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
14:32:08:842 5740 File objects infected / cured / cured on reboot: 1 / 0 / 1
14:32:08:842 5740
14:32:08:843 5740 UnloadDriverW: NtUnloadDriver error 1
14:32:08:843 5740 KLMD_Unload: UnloadDriverW(klmd21) error 1
14:32:08:843 5740 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000
14:32:08:844 5740 UtilityDeinit: KLMD(ARK) unloaded successfully


#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:37 PM

Posted 21 February 2010 - 09:35 AM

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.


Let me know how your computer is behaving now.



Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 earnest5

earnest5
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 21 February 2010 - 02:34 PM

Malwarebytes' Anti-Malware 1.44
Database version: 3741
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18882

2/21/2010 2:23:25 PM
mbam-log-2010-02-21 (14-23-21).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 361937
Time elapsed: 2 hour(s), 41 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart-Shopper (Adware.SmartShopper) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\winscent.exe (Trojan.FakeAlert) -> No action taken.


Malwarebytes' Anti-Malware stopped working after it asked me to reboot. I had to go to start then restart. Im going to run it again.


#9 earnest5

earnest5
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 21 February 2010 - 02:39 PM

This log was in Malwarebytes' Anti-Malware. The first one was saved to the desktop.

Malwarebytes' Anti-Malware 1.44
Database version: 3741
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18882

2/21/2010 2:23:38 PM
mbam-log-2010-02-21 (14-23-38).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 361937
Time elapsed: 2 hour(s), 41 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart-Shopper (Adware.SmartShopper) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\winscent.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.


#10 earnest5

earnest5
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 21 February 2010 - 05:18 PM

Malwarebytes' Anti-Malware 1.44
Database version: 3741
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18882

2/21/2010 5:17:11 PM
mbam-log-2010-02-21 (17-17-11).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 362012
Time elapsed: 2 hour(s), 39 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:37 PM

Posted 22 February 2010 - 08:29 AM

Looks good! How is your computer behaving now?

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 earnest5

earnest5
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 22 February 2010 - 02:11 PM

It is running good now. I can do a Google Search now. Thanks for your help.

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:37 PM

Posted 22 February 2010 - 06:33 PM

Glad I could help!

Follow these steps to remove OTL and some of the other tools we've used.
  • Double-click OTL.exe to run it.
  • Click on the CleanUp! button
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.



================




Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  1. Disable and Enable System Restore. - You should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  2. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  3. Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  4. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  5. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  6. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  7. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  8. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

thumbup.gif smile.gif





Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:37 PM

Posted 19 March 2010 - 08:14 AM

Now that your malware problem appears to be resolved, this topic will be closed.
If you need this topic reopened, please contact a member of the Malware Response Team and we will reopen it for you.
Include the address of this topic in your request.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users