Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by very stubborn browser hijack/redirect


  • This topic is locked This topic is locked
28 replies to this topic

#1 Warpspeed

Warpspeed

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 19 March 2010 - 02:04 PM

I am running Zone Alarm Security Suite with Webroot Spysweeper. When I search through Firefox, using Google, the results returned are often to sites that have nothing to do with the search. Examples include bee-se.com/, vera-se.com/, searchah.net/. I have attempted to remove the malware with numerous programs such as Malwarebyte's, SuperAntiSpyware, Trojan Remover, SmitfraudFix, F-Secure Blacklight, Housecall Launcher, VundoFix, and GooredFix. The redirects will not go away. It doesn't seem to matter if I conduct the search through the Google Toolbar or just click on the link. I still get the redirects to unrelated sites. Sometimes if I repeat the search enough times, the search will eventually go to the page I'm looking for.

I thank you in advance for any help and guidance in getting rid of the plague that has taken over my search engine.

Here's my log:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Tom at 23:05:26.12 on Thu 03/18/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.267 [GMT -4:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
D:\Program Files\Java\jre1.6.0_01\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\cryptainersrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\windows\ffpext\ffpsrv.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\tbctray.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\Program Files\Hotmail Popper\hotpop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
H:\Program Files\Qualcomm\Eudora\Eudora.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Documents and Settings\Tom.BLACK-WIDOW\Desktop\Cleaners\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uLocal Page =
mLocal Page =
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: CitiUSBrowserHelper Class: {387edf53-1cf2-4523-bc2f-13462651be8c} - c:\windows\system32\BhoCitUS.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre1.6.0_01\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre1.6.0_01\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [SpySweeper] "d:\program files\webroot\spy sweeper\SpySweeper.exe" /0
uRun: [USB Safely Remove] d:\program files\usb safely remove\USBSafelyRemove.exe /startup
mRun: [ffpsrv] c:\windows\ffpext\ffpsrv.exe
mRun: [ZoneAlarm Client] "d:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [TrueImageMonitor.exe] d:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TraySantaCruz] c:\windows\system32\tbctray.exe
StartupFolder: c:\docume~1\tom~1.bla\startm~1\programs\startup\hotmai~1.lnk - d:\program files\hotmail popper\hotpop.exe
IE: {4C730913-3961-439b-83D5-F4E445520422}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - d:\program files\bluetooth\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - d:\program files\kaspersky lab\kaspersky anti-virus 6.0\scieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~1\office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Notify: !SASWinLogon - d:\program files\superantispyware\SASWINLO.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - h:\program files\qualcomm\eudora\EuShlExt.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tom~1.bla\applic~1\mozilla\firefox\profiles\ihhivp5x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\tom.black-widow\application data\mozilla\firefox\profiles\ihhivp5x.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: d:\program files\mozilla firefox\components\daacfbaae.dll
FF - component: d:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\tom.black-widow\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\windows\system32\photosynth\nppsynth.dll
FF - plugin: d:\program files\adobe\reader 8.0\reader\browser\nppdf32.dll
FF - plugin: d:\program files\divx\divx7\divx player\npDivxPlayerPlugin.dll
FF - plugin: d:\program files\google\picasa3\npPicasa3.dll
FF - plugin: d:\program files\java\jre1.6.0_01\bin\new_plugin\npdeploytk.dll
FF - plugin: d:\program files\java\jre1.6.0_01\bin\new_plugin\npjp2.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npagent.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: d:\program files\mozilla firefox\plugins\nppsynth.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin6.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 89355182;89355182 Boot Guard Driver;c:\windows\system32\drivers\89355182.sys [2009-12-29 37392]
R0 90679352;90679352 Boot Guard Driver;c:\windows\system32\drivers\90679352.sys [2009-12-29 37392]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [2009-12-30 902432]
R1 89355181;89355181;c:\windows\system32\drivers\89355181.sys [2009-12-29 128016]
R1 90679351;90679351;c:\windows\system32\drivers\90679351.sys [2009-12-29 128016]
R1 FDCDNT;FDCDNT;c:\windows\system32\drivers\FDCDNT.SYS [2007-6-11 44288]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-5-23 127768]
R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\SASDIFSV.SYS [2009-11-23 12872]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2009-11-23 66632]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-5-22 394952]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2009-12-30 2326920]
R2 ssoftnt4;ssoftnt4;c:\windows\system32\drivers\ssoftnt4.sys [2008-6-20 100728]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2009-12-30 159168]
R3 EuMusDesignVirtualAudioCableWdm_ads;Audio Recorder Platinum Digital (WDM);c:\windows\system32\drivers\vacadskd.sys [2009-1-14 40832]
R3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys [2007-8-23 144768]
R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys [2007-8-23 545088]
R3 vdiskbus;Virtual Disk Bus;c:\windows\system32\drivers\VDiskBus.sys [2007-7-14 35107]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-2-22 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-2-22 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-2-22 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-2-22 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-2-22 25704]
S2 AVP;Kaspersky Anti-Virus 6.0;d:\program files\kaspersky lab\kaspersky anti-virus 6.0\avp.exe [2007-1-29 200768]
S2 ebfaedcfaafbffabddc;e8898e5a6c08a1ce4b1e504b181407bd;c:\windows\ebfaedcfaafbffabddc.exe /s --> c:\windows\ebfaedcfaafbffabddc.exe [?]
S2 gupdate1ca0d905480c0ba;Google Update Service (gupdate1ca0d905480c0ba);c:\program files\google\update\GoogleUpdate.exe [2009-7-25 133104]
S2 USBSafelyRemoveService;USB Safely Remove Assistant;d:\program files\usb safely remove\USBSRService.exe [2009-8-11 213776]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 ADPTEHCD;Adaptec USB 2.0 Enhanced Host Controller Driver;c:\windows\system32\drivers\aehcd.sys [2008-2-13 42512]
S3 AUSBD_FilterService;Adaptec USB 2.0 Port Enumeration Driver;c:\windows\system32\drivers\ausbd.sys [2008-2-13 23056]
S3 AutoWhatService;AutoWhat Registry Service;m:\program files\autowhat\Autoserv.exe [2002-3-4 432128]
S3 GoogleDesktopManager-051608-133132;Google Desktop Manager 5.7.805.16405;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-7-26 29744]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2010-1-26 42376]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2010-1-26 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2010-1-26 81288]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000]
S3 SASENUM;SASENUM;d:\program files\superantispyware\SASENUM.SYS [2009-11-23 12872]
S3 sdAuxService;PC Tools Auxiliary Service;d:\program files\spyware doctor\pctsAuxs.exe [2010-1-26 337800]
S3 sdCoreService;PC Tools Security Service;d:\program files\spyware doctor\pctsSvc.exe [2010-1-26 1017224]
S3 usedisk;USEDisk Driver;c:\windows\system32\drivers\usedisk.sys [2009-12-1 17408]

=============== Created Last 30 ================

2010-03-19 01:21:11 0 ----a-w- c:\documents and settings\tom.black-widow\defogger_reenable
2010-03-18 10:28:07 82944 ----a-w- c:\windows\system32\MAPI.DLL
2010-03-15 14:58:49 2816 ----a-w- c:\windows\system32\tmp.reg
2010-03-15 13:15:34 98816 ----a-w- c:\windows\sed.exe
2010-03-15 13:15:34 77312 ----a-w- c:\windows\MBR.exe
2010-03-15 13:15:34 261632 ----a-w- c:\windows\PEV.exe
2010-03-15 13:15:34 161792 ----a-w- c:\windows\SWREG.exe
2010-03-11 20:37:58 0 d-----w- c:\program files\ESET
2010-03-10 11:51:40 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-02-22 22:04:59 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(5).sys
2010-02-22 22:04:34 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(4).sys
2010-02-22 22:04:12 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(3).sys
2010-02-22 22:03:48 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(2).sys
2010-02-22 22:02:58 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(1).sys

==================== Find3M ====================

2010-03-19 01:20:22 246851616 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-03-19 01:07:34 3321404 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-03-15 13:10:08 4212 ---h--w- c:\windows\system32\zllictbl.dat
2010-02-24 03:17:04 71128 ----a-w- c:\docume~1\tom~1.bla\applic~1\GDIPFONTCACHEV1.DAT
2010-02-10 17:56:45 17408 ----a-w- c:\windows\system32\drivers\usedisk.sys
2010-02-10 16:47:05 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-26 19:44:02 42376 ----a-w- c:\windows\system32\drivers\ikfilesec.sys
2009-12-22 05:21:05 667136 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:20:58 81920 ----a-w- c:\windows\system32\ieencode.dll

============= FINISH: 23:07:25.20 ===============

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-19 10:01:59
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\TOM~1.BLA\LOCALS~1\Temp\ugtiypog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwConnectPort [0xF538B040]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0xF5387930]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateKey [0xF5392A80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreatePort [0xF538B510]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcess [0xF5391870]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcessEx [0xF5391AA0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateSection [0xF5394FD0]
SSDT \SystemRoot\system32\DRIVERS\vdiskbus.sys (Virtual Disk Bus Enumerator/Winternals) ZwCreateSymbolicLinkObject [0xF79880DC]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateWaitablePort [0xF538B600]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0xF5387F20]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteKey [0xF53936E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteValueKey [0xF5393440]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDuplicateObject [0xF5391580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwLoadKey [0xF53938B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwMapViewOfSection [0xF5395270]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0xF5387D70]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenProcess [0xF5391350]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenThread [0xF5391150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRenameKey [0xF5394250]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwReplaceKey [0xF5393CB0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRequestWaitReplyPort [0xF538AC00]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRestoreKey [0xF5394080]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSecureConnectPort [0xF538B220]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0xF5388120]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetValueKey [0xF5393140]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwTerminateProcess [0xF5391CD0]

INT 0x92 ? FEEB2DD4
INT 0x93 ? FEECADD4
INT 0xA3 ? FEEC4DD4
INT 0xA4 ? FEECB044

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \FileSystem\Ntfs \Ntfs FDCDNT.SYS (Filter Device/Silence of Troubles United Company Ltd.)
AttachedDevice \FileSystem\Ntfs \Ntfs ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume7 tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume7 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume8 tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume8 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume9 tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume9 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x47 0x35 0x37 0xC4 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xC0 0xAE 0x5D 0xC9 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xC9 0x33 0x94 0xC2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x47 0x35 0x37 0xC4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xC0 0xAE 0x5D 0xC9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xC9 0x33 0x94 0xC2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE5 0xC3 0xA7 0x5B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xC0 0xAE 0x5D 0xC9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xC9 0x33 0x94 0xC2 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE5 0xC3 0xA7 0x5B ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xC0 0xAE 0x5D 0xC9 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xC9 0x33 0x94 0xC2 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE5 0xC3 0xA7 0x5B ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xC0 0xAE 0x5D 0xC9 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xC9 0x33 0x94 0xC2 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x07 0x20 0x43 0xE2 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xC0 0xAE 0x5D 0xC9 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xC9 0x33 0x94 0xC2 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB9 0xAE 0xE4 0x5E ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xC0 0xAE 0x5D 0xC9 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xC9 0x33 0x94 0xC2 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB9 0xAE 0xE4 0x5E ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xC0 0xAE 0x5D 0xC9 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xC9 0x33 0x94 0xC2 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB9 0xAE 0xE4 0x5E ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xC0 0xAE 0x5D 0xC9 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xC9 0x33 0x94 0xC2 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB9 0xAE 0xE4 0x5E ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xC0 0xAE 0x5D 0xC9 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xC9 0x33 0x94 0xC2 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC0 0xE4 0xD9 0xD3 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xC0 0xAE 0x5D 0xC9 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xC9 0x33 0x94 0xC2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001638c45b62
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001638c45b62@0023af2f771b 0x79 0x6F 0x0C 0xD2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x23 0x05 0x23 0x05 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD3 0xDE 0x37 0x32 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet014\Services\BTHPORT\Parameters\Keys\001638c45b62 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet014\Services\BTHPORT\Parameters\Keys\001638c45b62@0023af2f771b 0x79 0x6F 0x0C 0xD2 ...
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x23 0x05 0x23 0x05 ...
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 D:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{118600C1-E06C-ABA1-A888AB723E33B02B}\{E318BB0E-605A-21B6-FB8DB7AF590D8446}\{BCA1AEF5-4FB2-0965-288B69F3AC878E97}
Reg HKLM\SOFTWARE\Classes\CLSID\{118600C1-E06C-ABA1-A888AB723E33B02B}\{E318BB0E-605A-21B6-FB8DB7AF590D8446}\{BCA1AEF5-4FB2-0965-288B69F3AC878E97}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{11B5C8DC-3FEA-1682-D4F0355518481497}\{414E0745-768E-27E6-1A22BEEA50FFC306}\{0F77990A-A8C5-E83C-A2DEB9098A2A23DE}
Reg HKLM\SOFTWARE\Classes\CLSID\{11B5C8DC-3FEA-1682-D4F0355518481497}\{414E0745-768E-27E6-1A22BEEA50FFC306}\{0F77990A-A8C5-E83C-A2DEB9098A2A23DE}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{1A68D668-6DF3-702D-2A0852A803C1488D}\{D6F2E9CD-48BA-CDDC-BEA31B576464FCAF}\{421B9E29-5D23-2966-C9D7C1E976BC0884}
Reg HKLM\SOFTWARE\Classes\CLSID\{1A68D668-6DF3-702D-2A0852A803C1488D}\{D6F2E9CD-48BA-CDDC-BEA31B576464FCAF}\{421B9E29-5D23-2966-C9D7C1E976BC0884}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{564572D7-BA6B-A81E-17332C14105A24EF}\{35AC4256-1B84-66D8-7C4583AC3B4AA35B}\{791C0703-8CF5-813B-67470F66B09458B3}
Reg HKLM\SOFTWARE\Classes\CLSID\{564572D7-BA6B-A81E-17332C14105A24EF}\{35AC4256-1B84-66D8-7C4583AC3B4AA35B}\{791C0703-8CF5-813B-67470F66B09458B3}@1D1OWFM6WKF6TLM3S2BGKKUUDG1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{5BE3D010-3EF3-EA3A-19EA72F7729702DF}\{352FFD75-9B70-D323-D2F13A6467AA3E3D}\{81CD47E4-7EF3-579C-2C259DBE42414B54}
Reg HKLM\SOFTWARE\Classes\CLSID\{5BE3D010-3EF3-EA3A-19EA72F7729702DF}\{352FFD75-9B70-D323-D2F13A6467AA3E3D}\{81CD47E4-7EF3-579C-2C259DBE42414B54}@1D1OWFM6WKF6TLM3S2BGKKUUDG1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{60778762-8BE2-5BE8-74B1F534DECE7DD7}\{033814D8-F5F0-69C3-B63A6822FA3F97AC}\{BB1878CD-9C66-F7AC-793F8981AF2E0354}
Reg HKLM\SOFTWARE\Classes\CLSID\{60778762-8BE2-5BE8-74B1F534DECE7DD7}\{033814D8-F5F0-69C3-B63A6822FA3F97AC}\{BB1878CD-9C66-F7AC-793F8981AF2E0354}@1D1OWFM6WKF6TLM3S2BGKKUUDG1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{6283EF60-5306-646F-3E2A60A6F3147012}\{EC258BE5-E5B0-C834-EB7A48F96467BF3F}\{829C9D27-3E4A-4D61-8C18630CF0B6A85C}
Reg HKLM\SOFTWARE\Classes\CLSID\{6283EF60-5306-646F-3E2A60A6F3147012}\{EC258BE5-E5B0-C834-EB7A48F96467BF3F}\{829C9D27-3E4A-4D61-8C18630CF0B6A85C}@1D1OWFM6WKF6TLM3S2BGKKUUDG1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{66D2B6B0-0AC3-1D5E-AFE4FCFC2DBC1E0D}\{D0054572-6CDD-7E67-D144F5B82EF8A509}\{800AEEDD-FDE9-D9F6-54124DEBF6D799D2}
Reg HKLM\SOFTWARE\Classes\CLSID\{66D2B6B0-0AC3-1D5E-AFE4FCFC2DBC1E0D}\{D0054572-6CDD-7E67-D144F5B82EF8A509}\{800AEEDD-FDE9-D9F6-54124DEBF6D799D2}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7105F8B9-026E-CFD3-5D9F0001C57F1CEC}\{AACA605D-194C-A7AC-E2A3B1335A37F3B8}\{651E2FC5-8B06-4659-81C7FD9235B0E0BA}
Reg HKLM\SOFTWARE\Classes\CLSID\{7105F8B9-026E-CFD3-5D9F0001C57F1CEC}\{AACA605D-194C-A7AC-E2A3B1335A37F3B8}\{651E2FC5-8B06-4659-81C7FD9235B0E0BA}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7D123B2E-0C5F-D919-194C2B3C78E1FEC1}\{313463E6-9B37-5C56-F570B6CAA31EBA6B}\{14D54DC1-EDC1-0F67-65A1433CC409F39D}
Reg HKLM\SOFTWARE\Classes\CLSID\{7D123B2E-0C5F-D919-194C2B3C78E1FEC1}\{313463E6-9B37-5C56-F570B6CAA31EBA6B}\{14D54DC1-EDC1-0F67-65A1433CC409F39D}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EC7A25C-208B-259B-D0F10B7D70121E6A}\{B30129B8-8481-85C6-1CF8CC8FAFB9C5A4}\{9F5D8B19-EFCA-EE59-2A819F5112EEBB2A}
Reg HKLM\SOFTWARE\Classes\CLSID\{7EC7A25C-208B-259B-D0F10B7D70121E6A}\{B30129B8-8481-85C6-1CF8CC8FAFB9C5A4}\{9F5D8B19-EFCA-EE59-2A819F5112EEBB2A}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{8065E9BF-72C0-0FC1-5AFDE65F0780FDDF}\{9AEA461A-A66D-2047-6BE4E874E5E97513}\{AA471588-234B-ED0A-4D91A11ADDB01E65}
Reg HKLM\SOFTWARE\Classes\CLSID\{8065E9BF-72C0-0FC1-5AFDE65F0780FDDF}\{9AEA461A-A66D-2047-6BE4E874E5E97513}\{AA471588-234B-ED0A-4D91A11ADDB01E65}@1D1OWFM6WKF6TLM3S2BGKKUUDG1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{90C9B227-00E9-ED2B-D8335C00663422E2}\{BA143829-6513-6AB3-17B76E63BBBF825B}\{B7811D8F-B091-6828-D848878685722533}
Reg HKLM\SOFTWARE\Classes\CLSID\{90C9B227-00E9-ED2B-D8335C00663422E2}\{BA143829-6513-6AB3-17B76E63BBBF825B}\{B7811D8F-B091-6828-D848878685722533}@1D1OWFM6WKF6TLM3S2BGKKUUDG1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{9D7D745F-2DA2-E26E-67E2A61C92B5C873}\{869A1319-CB5B-72EF-32E86935B8210920}\{0F637A1B-C125-DB37-203685E7DE12B741}
Reg HKLM\SOFTWARE\Classes\CLSID\{9D7D745F-2DA2-E26E-67E2A61C92B5C873}\{869A1319-CB5B-72EF-32E86935B8210920}\{0F637A1B-C125-DB37-203685E7DE12B741}@1D1OWFM6WKF6TLM3S2BGKKUUDG1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{A35BAB48-4D1F-6A0B-6BCC81421932BFFC}\{F9F16A92-BF70-12AC-7ED2CC2822129D24}\{512F8077-C30C-4607-36213242EA83EF67}
Reg HKLM\SOFTWARE\Classes\CLSID\{A35BAB48-4D1F-6A0B-6BCC81421932BFFC}\{F9F16A92-BF70-12AC-7ED2CC2822129D24}\{512F8077-C30C-4607-36213242EA83EF67}@1D1OWFM6WKF6TLM3S2BGKKUUDG1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AB53ABC9-60C7-8B2C-A2AB126EB1F03A59}\{6511FF0A-0202-CA71-9BBA47A5377501DE}\{CE12CB05-B8C7-0E6B-6DC342F04A20B600}
Reg HKLM\SOFTWARE\Classes\CLSID\{AB53ABC9-60C7-8B2C-A2AB126EB1F03A59}\{6511FF0A-0202-CA71-9BBA47A5377501DE}\{CE12CB05-B8C7-0E6B-6DC342F04A20B600}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AD212F18-226F-19C5-6836DC0F322A8CD1}\{165CDB28-57BC-2FFB-C17032E84F1598CE}\{1D773DA2-1E07-1A59-CFCCE9D8E9744932}
Reg HKLM\SOFTWARE\Classes\CLSID\{AD212F18-226F-19C5-6836DC0F322A8CD1}\{165CDB28-57BC-2FFB-C17032E84F1598CE}\{1D773DA2-1E07-1A59-CFCCE9D8E9744932}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EDCF6AC6-CDE0-1F6D-043771A983FAB740}\{0B884C8F-0AAB-F925-A63B97C7F3A43931}\{965D33BD-6599-2D1D-7E8A152D666CAEE5}
Reg HKLM\SOFTWARE\Classes\CLSID\{EDCF6AC6-CDE0-1F6D-043771A983FAB740}\{0B884C8F-0AAB-F925-A63B97C7F3A43931}\{965D33BD-6599-2D1D-7E8A152D666CAEE5}@1D1OWFM6WKF6TLM3S2BGKKUUDG1 0x01 0x00 0x01 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F30A11F5-9049-7FE3-EAEE-41D695B97AA7}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F30A11F5-9049-7FE3-EAEE-41D695B97AA7}@bbofakcekfglkgdbcgidjcdackcbhlmopaaa 0x61 0x62 0x64 0x68 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F30A11F5-9049-7FE3-EAEE-41D695B97AA7}@abofakcekfglkgdbcgpfmmifebfbdibdal 0x61 0x62 0x6D 0x67 ...

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 PM

Posted 21 March 2010 - 07:38 PM

Hi,

My name is Extremeboy (or EB for short), and I will be helping you with your log.

If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs.

If for any reason you did not post a DDS log or GMER log please refer to this page and in step #6 and Step #7 and Step #8 for further instructions on downloading and running DDS & GMER. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.


For your next reply I would like to see:
-The DDS logs
---DDS.txt and Attach logs
-Description of any remaining problems you may still have.


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 Warpspeed

Warpspeed
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 22 March 2010 - 07:14 AM

Thank you for your response. I am still experiencing the same problems as before; ie, many Google searches return unknown and unrelated portals or URLS. Examples from searches this morning include: http://inetworkguide.com/, http://beermoode.com/, and http://see2findall.com/. It doesn't seem to make any difference whether I search directly from the Google Search Bar or from the Google Toolbar. Occasionally, the redirect problem seems to go away for a while. I don't know if it is because of something I've done to the PC, or if it's random. At any rate, the redirects always come back.

I've included the current DDS.txt and attached the Attach.txt (with Zone Alarm and the Internet connection turned off).

Thanks again for assistance with this very aggravating problem.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Tom at 7:48:33.14 on Mon 03/22/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.270 [GMT -4:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
D:\Program Files\Java\jre1.6.0_01\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\cryptainersrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\windows\ffpext\ffpsrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\tbctray.exe
D:\Program Files\Hotmail Popper\hotpop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
D:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Tom.BLACK-WIDOW\Desktop\Cleaners\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uLocal Page =
mLocal Page =
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: CitiUSBrowserHelper Class: {387edf53-1cf2-4523-bc2f-13462651be8c} - c:\windows\system32\BhoCitUS.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre1.6.0_01\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre1.6.0_01\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [SpySweeper] "d:\program files\webroot\spy sweeper\SpySweeper.exe" /0
uRun: [USB Safely Remove] d:\program files\usb safely remove\USBSafelyRemove.exe /startup
mRun: [ffpsrv] c:\windows\ffpext\ffpsrv.exe
mRun: [ZoneAlarm Client] "d:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [TrueImageMonitor.exe] d:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TraySantaCruz] c:\windows\system32\tbctray.exe
StartupFolder: c:\docume~1\tom~1.bla\startm~1\programs\startup\hotmai~1.lnk - d:\program files\hotmail popper\hotpop.exe
IE: {4C730913-3961-439b-83D5-F4E445520422}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - d:\program files\bluetooth\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - d:\program files\kaspersky lab\kaspersky anti-virus 6.0\scieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~1\office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Notify: !SASWinLogon - d:\program files\superantispyware\SASWINLO.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - h:\program files\qualcomm\eudora\EuShlExt.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tom~1.bla\applic~1\mozilla\firefox\profiles\ihhivp5x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\tom.black-widow\application data\mozilla\firefox\profiles\ihhivp5x.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: d:\program files\mozilla firefox\components\daacfbaae.dll
FF - component: d:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\tom.black-widow\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\windows\system32\photosynth\nppsynth.dll
FF - plugin: d:\program files\adobe\reader 8.0\reader\browser\nppdf32.dll
FF - plugin: d:\program files\divx\divx7\divx player\npDivxPlayerPlugin.dll
FF - plugin: d:\program files\google\picasa3\npPicasa3.dll
FF - plugin: d:\program files\java\jre1.6.0_01\bin\new_plugin\npdeploytk.dll
FF - plugin: d:\program files\java\jre1.6.0_01\bin\new_plugin\npjp2.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npagent.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: d:\program files\mozilla firefox\plugins\nppsynth.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin6.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 89355182;89355182 Boot Guard Driver;c:\windows\system32\drivers\89355182.sys [2009-12-29 37392]
R0 90679352;90679352 Boot Guard Driver;c:\windows\system32\drivers\90679352.sys [2009-12-29 37392]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [2009-12-30 902432]
R1 89355181;89355181;c:\windows\system32\drivers\89355181.sys [2009-12-29 128016]
R1 90679351;90679351;c:\windows\system32\drivers\90679351.sys [2009-12-29 128016]
R1 FDCDNT;FDCDNT;c:\windows\system32\drivers\FDCDNT.SYS [2007-6-11 44288]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-5-23 127768]
R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\SASDIFSV.SYS [2009-11-23 12872]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2009-11-23 66632]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-5-22 394952]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2009-12-30 2326920]
R2 ssoftnt4;ssoftnt4;c:\windows\system32\drivers\ssoftnt4.sys [2008-6-20 100728]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2009-12-30 159168]
R3 EuMusDesignVirtualAudioCableWdm_ads;Audio Recorder Platinum Digital (WDM);c:\windows\system32\drivers\vacadskd.sys [2009-1-14 40832]
R3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys [2007-8-23 144768]
R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys [2007-8-23 545088]
R3 vdiskbus;Virtual Disk Bus;c:\windows\system32\drivers\VDiskBus.sys [2007-7-14 35107]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-2-22 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-2-22 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-2-22 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-2-22 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-2-22 25704]
S2 AVP;Kaspersky Anti-Virus 6.0;d:\program files\kaspersky lab\kaspersky anti-virus 6.0\avp.exe [2007-1-29 200768]
S2 ebfaedcfaafbffabddc;e8898e5a6c08a1ce4b1e504b181407bd;c:\windows\ebfaedcfaafbffabddc.exe /s --> c:\windows\ebfaedcfaafbffabddc.exe [?]
S2 gupdate1ca0d905480c0ba;Google Update Service (gupdate1ca0d905480c0ba);c:\program files\google\update\GoogleUpdate.exe [2009-7-25 133104]
S2 USBSafelyRemoveService;USB Safely Remove Assistant;d:\program files\usb safely remove\USBSRService.exe [2009-8-11 213776]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 ADPTEHCD;Adaptec USB 2.0 Enhanced Host Controller Driver;c:\windows\system32\drivers\aehcd.sys [2008-2-13 42512]
S3 AUSBD_FilterService;Adaptec USB 2.0 Port Enumeration Driver;c:\windows\system32\drivers\ausbd.sys [2008-2-13 23056]
S3 AutoWhatService;AutoWhat Registry Service;m:\program files\autowhat\Autoserv.exe [2002-3-4 432128]
S3 GoogleDesktopManager-051608-133132;Google Desktop Manager 5.7.805.16405;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-7-26 29744]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2010-1-26 42376]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2010-1-26 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2010-1-26 81288]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000]
S3 SASENUM;SASENUM;d:\program files\superantispyware\SASENUM.SYS [2009-11-23 12872]
S3 sdAuxService;PC Tools Auxiliary Service;d:\program files\spyware doctor\pctsAuxs.exe [2010-1-26 337800]
S3 sdCoreService;PC Tools Security Service;d:\program files\spyware doctor\pctsSvc.exe [2010-1-26 1017224]
S3 usedisk;USEDisk Driver;c:\windows\system32\drivers\usedisk.sys [2009-12-1 17408]

=============== Created Last 30 ================

2010-03-19 19:17:18 0 d-----w- C:\HighJackThis
2010-03-19 01:21:11 0 ----a-w- c:\documents and settings\tom.black-widow\defogger_reenable
2010-03-15 14:58:49 2816 ----a-w- c:\windows\system32\tmp.reg
2010-03-15 13:15:34 98816 ----a-w- c:\windows\sed.exe
2010-03-15 13:15:34 77312 ----a-w- c:\windows\MBR.exe
2010-03-15 13:15:34 261632 ----a-w- c:\windows\PEV.exe
2010-03-15 13:15:34 161792 ----a-w- c:\windows\SWREG.exe
2010-03-11 20:37:58 0 d-----w- c:\program files\ESET
2010-03-10 11:51:40 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-02-22 22:04:59 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(5).sys
2010-02-22 22:04:34 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(4).sys
2010-02-22 22:04:12 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(3).sys
2010-02-22 22:03:48 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(2).sys
2010-02-22 22:02:58 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(1).sys

==================== Find3M ====================

2010-03-22 11:46:23 247683104 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-03-22 02:02:11 3332252 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-03-19 11:59:27 4212 ---h--w- c:\windows\system32\zllictbl.dat
2010-02-24 03:17:04 71128 ----a-w- c:\docume~1\tom~1.bla\applic~1\GDIPFONTCACHEV1.DAT
2010-02-10 17:56:45 17408 ----a-w- c:\windows\system32\drivers\usedisk.sys
2010-02-10 16:47:05 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-26 19:44:02 42376 ----a-w- c:\windows\system32\drivers\ikfilesec.sys

============= FINISH: 7:49:19.78 ===============

Attached Files



#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 PM

Posted 22 March 2010 - 07:33 PM

Hello there,

A few things we need to deal with here. We are going to start off with Combofix though. Then from there, we will probably need to deal with the rest next post.

Download and Run Combofix

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page on instructions on doing so.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 Warpspeed

Warpspeed
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 23 March 2010 - 07:49 AM

Hi EB,

I ran ComboFix this morning and the results are included below.

Thank you very much for your help in cleaning this thing out.

___________________________________________________

ComboFix 10-03-22.03 - Tom 03/23/2010 7:32.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.411 [GMT -4:00]
Running from: c:\documents and settings\Tom.BLACK-WIDOW\Desktop\Cleaners\ComboFix.exe
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\tmp.reg

Infected copy of c:\windows\system32\kernel32.dll was found and disinfected
Restored copy from - c:\windows\$NtServicePackUninstall$\kernel32.dll

.
((((((((((((((((((((((((( Files Created from 2010-02-23 to 2010-03-23 )))))))))))))))))))))))))))))))
.

2010-03-19 19:17 . 2010-03-19 19:19 -------- d-----w- C:\HighJackThis
2010-03-11 20:37 . 2010-03-11 20:37 -------- d-----w- c:\program files\ESET
2010-03-10 11:51 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-02-22 22:04 . 2009-12-04 17:01 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(5).sys
2010-02-22 22:04 . 2009-12-04 17:01 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(4).sys
2010-02-22 22:04 . 2009-12-04 17:01 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(3).sys
2010-02-22 22:03 . 2009-12-04 17:01 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(2).sys
2010-02-22 22:02 . 2009-12-04 17:01 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(1).sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-23 11:45 . 2008-05-23 16:20 247899936 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-03-23 11:41 . 2008-05-23 16:20 3335492 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-03-23 02:28 . 2010-03-23 10:37 1257984 ----a-w- c:\windows\Internet Logs\xDB8.tmp
2010-03-22 11:56 . 2007-05-22 15:18 4212 ---h--w- c:\windows\system32\zllictbl.dat
2010-03-19 01:12 . 2007-06-12 13:24 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2010-03-18 18:32 . 2009-12-17 18:05 117760 ----a-w- c:\documents and settings\Tom.BLACK-WIDOW\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-17 03:02 . 2010-03-17 10:20 1208832 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2010-03-17 03:02 . 2010-01-24 03:58 149776 ----a-w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-16 13:04 . 2007-05-22 13:52 -------- d-----w- c:\documents and settings\Tom.BLACK-WIDOW\Application Data\uTorrent
2010-03-15 15:09 . 2004-05-21 01:58 -------- d-----w- c:\program files\Google
2010-03-13 22:08 . 2009-07-16 00:14 -------- d-----w- c:\documents and settings\Tom.BLACK-WIDOW\Application Data\vlc
2010-03-12 18:36 . 2007-11-27 16:08 -------- d-----w- c:\documents and settings\Tom.BLACK-WIDOW\Application Data\Azureus
2010-03-10 12:10 . 2007-12-19 13:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2010-03-09 03:41 . 2010-03-09 11:21 83456 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2010-03-08 04:13 . 2010-03-08 11:10 256000 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2010-03-05 04:29 . 2010-03-05 11:47 736256 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2010-02-24 04:07 . 2010-02-24 11:09 480256 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2010-02-19 05:19 . 2010-02-19 13:20 136704 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2010-02-18 03:13 . 2010-02-18 11:23 700416 ----a-w- c:\windows\Internet Logs\xDB6E9.tmp
2010-02-11 01:39 . 2008-07-19 19:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-11 00:55 . 2010-02-11 01:00 613888 ----a-w- c:\windows\Internet Logs\xDB6E8.tmp
2010-02-10 17:56 . 2009-12-01 21:47 17408 ----a-w- c:\windows\system32\drivers\usedisk.sys
2010-02-10 16:49 . 2005-01-17 14:32 -------- d-----w- c:\program files\Common Files\Java
2010-02-10 16:47 . 2008-11-23 16:47 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-09 22:27 . 2010-02-09 22:32 75776 ----a-w- c:\windows\Internet Logs\xDB6E7.tmp
2010-02-09 21:32 . 2007-05-22 02:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2010-02-09 14:11 . 2010-02-09 14:17 3113472 ----a-w- c:\windows\Internet Logs\xDB6E6.tmp
2010-02-08 20:47 . 2010-02-08 20:52 3111424 ----a-w- c:\windows\Internet Logs\xDB6E4.tmp
2010-02-08 20:47 . 2010-02-08 20:51 3264000 ----a-w- c:\windows\Internet Logs\xDB6E3.tmp
2010-02-05 05:14 . 2010-02-05 13:06 118272 ----a-w- c:\windows\Internet Logs\xDB6E2.tmp
2010-02-05 01:26 . 2010-02-05 01:34 3097600 ----a-w- c:\windows\Internet Logs\xDB6E1.tmp
2010-02-05 01:26 . 2010-02-05 01:34 3290112 ----a-w- c:\windows\Internet Logs\xDB6E0.tmp
2010-02-04 02:53 . 2010-02-04 11:33 152576 ----a-w- c:\windows\Internet Logs\xDB6DF.tmp
2010-02-03 01:54 . 2010-02-03 01:59 3327488 ----a-w- c:\windows\Internet Logs\xDB6DE.tmp
2010-02-01 01:19 . 2004-01-29 19:57 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-30 04:27 . 2010-01-30 16:30 342016 ----a-w- c:\windows\Internet Logs\xDB6DC.tmp
2010-01-29 04:28 . 2010-01-29 04:28 -------- d-----w- c:\program files\Garmin GPS Plugin
2010-01-28 02:22 . 2010-01-28 11:40 2855936 ----a-w- c:\windows\Internet Logs\xDB6DB.tmp
2010-01-26 19:44 . 2010-01-26 19:35 42376 ----a-w- c:\windows\system32\drivers\ikfilesec.sys
2010-01-26 19:35 . 2010-01-26 19:35 -------- d-----w- c:\documents and settings\Tom.BLACK-WIDOW\Application Data\PC Tools
2010-01-25 18:51 . 2010-01-25 19:03 2952192 ----a-w- c:\windows\Internet Logs\xDB6DA.tmp
2010-01-25 18:51 . 2010-01-25 19:03 28160 ----a-w- c:\windows\Internet Logs\xDB6D9.tmp
2010-01-25 16:18 . 2007-07-11 19:20 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2010-01-25 14:47 . 2010-01-25 14:51 2909696 ----a-w- c:\windows\Internet Logs\xDB6D8.tmp
2010-01-25 03:27 . 2010-01-25 11:10 2893312 ----a-w- c:\windows\Internet Logs\xDB6D7.tmp
2010-01-25 03:27 . 2010-01-25 11:10 134656 ----a-w- c:\windows\Internet Logs\xDB6D6.tmp
2010-01-24 18:48 . 2010-01-24 18:53 94720 ----a-w- c:\windows\Internet Logs\xDB6D4.tmp
2010-01-24 17:57 . 2010-01-24 18:14 116224 ----a-w- c:\windows\Internet Logs\xDB6D2.tmp
2010-01-24 17:57 . 2010-01-24 18:14 2876928 ----a-w- c:\windows\Internet Logs\xDB6D3.tmp
2010-01-23 22:04 . 2010-01-23 22:04 -------- d-----w- c:\program files\TurboTax
2010-01-23 17:16 . 2010-01-23 17:16 55016 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2010_01_22_23_00_58_small.dmp.zip
2010-01-23 04:04 . 2010-01-23 17:10 163328 ----a-w- c:\windows\Internet Logs\xDB6D1.tmp
2010-01-22 04:29 . 2010-01-22 12:07 92160 ----a-w- c:\windows\Internet Logs\xDB6D0.tmp
2010-01-21 03:35 . 2010-01-21 10:59 2842624 ----a-w- c:\windows\Internet Logs\xDB6CF.tmp
2010-01-20 04:29 . 2010-01-20 11:17 84480 ----a-w- c:\windows\Internet Logs\xDB6CC.tmp
2010-01-20 04:29 . 2010-01-20 11:17 2837504 ----a-w- c:\windows\Internet Logs\xDB6CD.tmp
2010-01-19 22:37 . 2010-01-19 22:41 90624 ----a-w- c:\windows\Internet Logs\xDB6CA.tmp
2010-01-19 22:37 . 2010-01-19 22:42 2836480 ----a-w- c:\windows\Internet Logs\xDB6CB.tmp
2010-01-18 05:18 . 2010-01-18 13:49 50688 ----a-w- c:\windows\Internet Logs\xDB6C9.tmp
2010-01-17 19:04 . 2010-01-18 04:17 93696 ----a-w- c:\windows\Internet Logs\xDB6C7.tmp
2010-01-17 19:04 . 2010-01-18 04:17 2830336 ----a-w- c:\windows\Internet Logs\xDB6C8.tmp
2010-01-16 21:19 . 2010-01-17 01:55 50688 ----a-w- c:\windows\Internet Logs\xDB6C5.tmp
2010-01-16 04:20 . 2010-01-16 14:59 148480 ----a-w- c:\windows\Internet Logs\xDB6C4.tmp
2010-01-15 04:57 . 2010-01-15 12:18 82432 ----a-w- c:\windows\Internet Logs\xDB6C2.tmp
2010-01-15 04:57 . 2010-01-15 12:19 2814976 ----a-w- c:\windows\Internet Logs\xDB6C3.tmp
2010-01-15 02:14 . 2010-01-15 02:19 2807296 ----a-w- c:\windows\Internet Logs\xDB6C1.tmp
2010-01-15 02:14 . 2010-01-15 02:19 87040 ----a-w- c:\windows\Internet Logs\xDB6C0.tmp
2010-01-14 03:09 . 2010-01-14 11:39 78336 ----a-w- c:\windows\Internet Logs\xDB6BE.tmp
2010-01-13 13:22 . 2010-01-13 13:28 127488 ----a-w- c:\windows\Internet Logs\xDB6BC.tmp
2010-01-13 13:22 . 2010-01-13 13:28 2778112 ----a-w- c:\windows\Internet Logs\xDB6BD.tmp
2010-01-13 04:25 . 2010-01-13 11:35 137216 ----a-w- c:\windows\Internet Logs\xDB6BA.tmp
2010-01-13 04:25 . 2010-01-13 11:35 2771456 ----a-w- c:\windows\Internet Logs\xDB6BB.tmp
2010-01-12 13:22 . 2010-01-12 13:28 68096 ----a-w- c:\windows\Internet Logs\xDB6B8.tmp
2010-01-12 13:22 . 2010-01-12 13:28 2768384 ----a-w- c:\windows\Internet Logs\xDB6B9.tmp
2010-01-11 15:06 . 2010-01-11 15:10 72704 ----a-w- c:\windows\Internet Logs\xDB6B5.tmp
2010-01-11 15:06 . 2010-01-11 15:11 2758656 ----a-w- c:\windows\Internet Logs\xDB6B6.tmp
2010-01-11 03:39 . 2010-01-11 12:05 64000 ----a-w- c:\windows\Internet Logs\xDB6B3.tmp
2010-01-11 03:39 . 2010-01-11 12:05 2755072 ----a-w- c:\windows\Internet Logs\xDB6B4.tmp
2010-01-11 01:54 . 2010-01-11 01:59 2748928 ----a-w- c:\windows\Internet Logs\xDB6B2.tmp
2010-01-11 01:54 . 2010-01-11 01:59 141312 ----a-w- c:\windows\Internet Logs\xDB6B1.tmp
2010-01-10 22:24 . 2009-02-18 15:06 5115824 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-10 19:37 . 2009-12-18 15:24 52224 ----a-w- c:\documents and settings\Tom.BLACK-WIDOW\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-10 04:58 . 2010-01-10 15:57 76800 ----a-w- c:\windows\Internet Logs\xDB6B0.tmp
2010-01-09 04:55 . 2010-01-09 15:58 52736 ----a-w- c:\windows\Internet Logs\xDB6AF.tmp
2010-01-09 04:49 . 2010-01-09 04:54 49152 ----a-w- c:\windows\Internet Logs\xDB6AE.tmp
2010-01-09 04:34 . 2010-01-09 04:38 61440 ----a-w- c:\windows\Internet Logs\xDB6AD.tmp
2010-01-09 02:42 . 2010-01-09 02:47 249856 ----a-w- c:\windows\Internet Logs\xDB6AC.tmp
2010-01-07 21:07 . 2009-01-16 13:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-01-16 13:25 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 22:05 . 2007-05-21 17:08 71128 ----a-w- c:\documents and settings\Tom.BLACK-WIDOW\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-06 13:51 . 2010-01-06 13:56 203264 ----a-w- c:\windows\Internet Logs\xDB6AB.tmp
2010-01-05 21:51 . 2007-05-21 16:29 86327 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2010-01-05 20:05 . 2010-01-05 20:36 164352 ----a-w- c:\windows\Internet Logs\xDB6A9.tmp
2010-01-05 20:05 . 2010-01-05 20:36 2518528 ----a-w- c:\windows\Internet Logs\xDB6AA.tmp
2010-01-05 03:36 . 2010-01-05 11:46 74240 ----a-w- c:\windows\Internet Logs\xDB6A7.tmp
2010-01-04 23:13 . 2010-01-04 23:18 2504704 ----a-w- c:\windows\Internet Logs\xDB6A6.tmp
2010-01-04 23:13 . 2010-01-04 23:18 73216 ----a-w- c:\windows\Internet Logs\xDB6A5.tmp
2010-01-04 21:52 . 2010-01-04 21:58 2493440 ----a-w- c:\windows\Internet Logs\xDB6A4.tmp
2010-01-04 21:52 . 2010-01-04 21:58 189952 ----a-w- c:\windows\Internet Logs\xDB6A3.tmp
2010-01-04 18:55 . 2010-01-04 19:01 279552 ----a-w- c:\windows\Internet Logs\xDB6A2.tmp
.

------- Sigcheck -------

[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

c:\windows\System32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpySweeper"="d:\program files\Webroot\Spy Sweeper\SpySweeper.exe" [2008-08-25 3065344]
"USB Safely Remove"="d:\program files\USB Safely Remove\USBSafelyRemove.exe" [2009-06-19 3678208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ffpsrv"="c:\windows\ffpext\ffpsrv.exe" [2009-05-29 81408]
"ZoneAlarm Client"="d:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-03 919016]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-06-18 29744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"TrueImageMonitor.exe"="d:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-09-12 5048488]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"TraySantaCruz"="c:\windows\system32\tbctray.exe" [2002-04-17 290816]

c:\documents and settings\Tom\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Hotmail Popper.lnk - d:\program files\Hotmail Popper\hotpop.exe [2004-1-24 1777664]

c:\documents and settings\Tom.BLACK-WIDOW\Start Menu\Programs\Startup\
Hotmail Popper.lnk - d:\program files\Hotmail Popper\hotpop.exe [2004-1-24 1777664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "h:\program files\Qualcomm\Eudora\EuShlExt.dll" [2006-01-09 86016]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FDCDNT.SYS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FileAndFolderProtector_S]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2009-09-12 21:31 357384 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 13:58 40368 ----a-w- d:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-10-22 17:22 7700480 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-10-22 17:22 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-10-22 17:22 1622016 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 20:09 413696 ----a-w- d:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"d:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"d:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"d:\\Program Files\\WM Recorder 10\\WMR90.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Azureas\\Vuze\\Azureus.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 89355182;89355182 Boot Guard Driver;c:\windows\system32\drivers\89355182.sys [12/29/2009 9:06 AM 37392]
R0 90679352;90679352 Boot Guard Driver;c:\windows\system32\drivers\90679352.sys [12/29/2009 9:53 AM 37392]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [12/30/2009 11:43 AM 902432]
R1 89355181;89355181;c:\windows\system32\drivers\89355181.sys [12/29/2009 9:06 AM 128016]
R1 90679351;90679351;c:\windows\system32\drivers\90679351.sys [12/29/2009 9:53 AM 128016]
R1 FDCDNT;FDCDNT;c:\windows\system32\drivers\FDCDNT.SYS [6/11/2007 2:03 PM 44288]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\SASDIFSV.SYS [11/23/2009 9:43 AM 12872]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 9:43 AM 66632]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [12/30/2009 11:43 AM 2326920]
R2 ssoftnt4;ssoftnt4;c:\windows\system32\drivers\ssoftnt4.sys [6/20/2008 12:04 PM 100728]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [12/30/2009 11:43 AM 159168]
R3 EuMusDesignVirtualAudioCableWdm_ads;Audio Recorder Platinum Digital (WDM);c:\windows\system32\drivers\vacadskd.sys [1/14/2009 5:10 PM 40832]
R3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys [8/23/2007 10:53 PM 144768]
R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys [8/23/2007 10:53 PM 545088]
R3 vdiskbus;Virtual Disk Bus;c:\windows\system32\drivers\VDiskBus.sys [7/14/2007 4:50 PM 35107]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2/22/2010 6:02 PM 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2/22/2010 6:03 PM 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2/22/2010 6:04 PM 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2/22/2010 6:04 PM 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2/22/2010 6:04 PM 25704]
S2 ebfaedcfaafbffabddc;e8898e5a6c08a1ce4b1e504b181407bd;c:\windows\ebfaedcfaafbffabddc.exe /s --> c:\windows\ebfaedcfaafbffabddc.exe [?]
S2 gupdate1ca0d905480c0ba;Google Update Service (gupdate1ca0d905480c0ba);c:\program files\Google\Update\GoogleUpdate.exe [7/25/2009 9:28 PM 133104]
S2 USBSafelyRemoveService;USB Safely Remove Assistant;d:\program files\USB Safely Remove\USBSRService.exe [8/11/2009 7:58 AM 213776]
S3 ADPTEHCD;Adaptec USB 2.0 Enhanced Host Controller Driver;c:\windows\system32\drivers\aehcd.sys [2/13/2008 6:19 PM 42512]
S3 AUSBD_FilterService;Adaptec USB 2.0 Port Enumeration Driver;c:\windows\system32\drivers\ausbd.sys [2/13/2008 6:19 PM 23056]
S3 AutoWhatService;AutoWhat Registry Service;m:\program files\AutoWhat\Autoserv.exe [3/4/2002 6:58 AM 432128]
S3 GoogleDesktopManager-051608-133132;Google Desktop Manager 5.7.805.16405;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/26/2006 7:38 PM 29744]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/25/2007 1:31 PM 42000]
S3 SASENUM;SASENUM;d:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 9:43 AM 12872]
S3 sdAuxService;PC Tools Auxiliary Service;d:\program files\Spyware Doctor\pctsAuxs.exe [1/26/2010 3:35 PM 337800]
S3 usedisk;USEDisk Driver;c:\windows\system32\drivers\usedisk.sys [12/1/2009 5:47 PM 17408]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/24/2007 9:06 AM 716272]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2010-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cac6819fdef3b0.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-26 01:27]

2009-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-26 01:27]

2009-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-412668190-682003330-1003Core.job
- c:\documents and settings\Tom.BLACK-WIDOW\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-16 00:33]

2009-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-412668190-682003330-1003UA.job
- c:\documents and settings\Tom.BLACK-WIDOW\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-16 00:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uLocal Page =
mLocal Page =
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
Trusted Zone: intuit.com\ttlc
FF - ProfilePath - c:\documents and settings\Tom.BLACK-WIDOW\Application Data\Mozilla\Firefox\Profiles\ihhivp5x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\Tom.BLACK-WIDOW\Application Data\Mozilla\Firefox\Profiles\ihhivp5x.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: d:\program files\Mozilla Firefox\components\daacfbaae.dll
FF - component: d:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Tom.BLACK-WIDOW\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\windows\system32\Photosynth\nppsynth.dll
FF - plugin: d:\program files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll
FF - plugin: d:\program files\DivX\Divx7\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: d:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: d:\program files\Java\jre1.6.0_01\bin\new_plugin\npdeploytk.dll
FF - plugin: d:\program files\Java\jre1.6.0_01\bin\new_plugin\npjp2.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npagent.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\nppsynth.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin6.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-23 07:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet012\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\TOM~1.BLA\LOCALS~1\Temp\mc24.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1482476501-412668190-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F30A11F5-9049-7FE3-EAEE-41D695B97AA7}*]
"bbofakcekfglkgdbcgidjcdackcbhlmopaaa"=hex:61,62,64,68,68,63,63,66,62,6e,68,66,
63,67,63,62,68,6a,6e,6b,65,6b,64,6a,6e,6b,69,67,6b,6c,6e,62,6d,6c,00,77
"abofakcekfglkgdbcgpfmmifebfbdibdal"=hex:61,62,6d,67,64,6b,6c,61,6d,63,70,63,
6b,67,6d,63,69,68,6e,62,6b,63,62,63,66,64,65,6d,63,68,6d,6b,65,62,00,77

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{118600C1-E06C-ABA1-A888AB723E33B02B}\{E318BB0E-605A-21B6-FB8DB7AF590D8446}\{BCA1AEF5-4FB2-0965-288B69F3AC878E97}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,fa,38,79,
51,02,ef,96,65,16,c4,17,6e,40,6b,17,be,ff,b6,ae,2c,8a,0a,ca,17,20,ea,8d,60,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{11B5C8DC-3FEA-1682-D4F0355518481497}\{414E0745-768E-27E6-1A22BEEA50FFC306}\{0F77990A-A8C5-E83C-A2DEB9098A2A23DE}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,fa,38,79,
51,02,ef,96,65,16,c4,17,6e,40,6b,17,be,ff,b6,ae,2c,8a,0a,ca,17,20,ea,8d,60,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1A68D668-6DF3-702D-2A0852A803C1488D}\{D6F2E9CD-48BA-CDDC-BEA31B576464FCAF}\{421B9E29-5D23-2966-C9D7C1E976BC0884}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,fa,38,79,
51,02,ef,96,65,16,c4,17,6e,40,6b,17,be,ff,b6,ae,2c,8a,0a,ca,17,20,ea,8d,60,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{564572D7-BA6B-A81E-17332C14105A24EF}\{35AC4256-1B84-66D8-7C4583AC3B4AA35B}\{791C0703-8CF5-813B-67470F66B09458B3}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5BE3D010-3EF3-EA3A-19EA72F7729702DF}\{352FFD75-9B70-D323-D2F13A6467AA3E3D}\{81CD47E4-7EF3-579C-2C259DBE42414B54}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{60778762-8BE2-5BE8-74B1F534DECE7DD7}\{033814D8-F5F0-69C3-B63A6822FA3F97AC}\{BB1878CD-9C66-F7AC-793F8981AF2E0354}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6283EF60-5306-646F-3E2A60A6F3147012}\{EC258BE5-E5B0-C834-EB7A48F96467BF3F}\{829C9D27-3E4A-4D61-8C18630CF0B6A85C}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{66D2B6B0-0AC3-1D5E-AFE4FCFC2DBC1E0D}\{D0054572-6CDD-7E67-D144F5B82EF8A509}\{800AEEDD-FDE9-D9F6-54124DEBF6D799D2}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,fa,38,79,
51,02,ef,96,65,16,c4,17,6e,40,6b,17,be,ff,b6,ae,2c,8a,0a,ca,17,20,ea,8d,60,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7105F8B9-026E-CFD3-5D9F0001C57F1CEC}\{AACA605D-194C-A7AC-E2A3B1335A37F3B8}\{651E2FC5-8B06-4659-81C7FD9235B0E0BA}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,fa,38,79,
51,02,ef,96,65,16,c4,17,6e,40,6b,17,be,ff,b6,ae,2c,8a,0a,ca,17,20,ea,8d,60,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7D123B2E-0C5F-D919-194C2B3C78E1FEC1}\{313463E6-9B37-5C56-F570B6CAA31EBA6B}\{14D54DC1-EDC1-0F67-65A1433CC409F39D}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,fa,38,79,
51,02,ef,96,65,16,c4,17,6e,40,6b,17,be,ff,b6,ae,2c,8a,0a,ca,17,20,ea,8d,60,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EC7A25C-208B-259B-D0F10B7D70121E6A}\{B30129B8-8481-85C6-1CF8CC8FAFB9C5A4}\{9F5D8B19-EFCA-EE59-2A819F5112EEBB2A}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,fa,38,79,
51,02,ef,96,65,16,c4,17,6e,40,6b,17,be,ff,b6,ae,2c,8a,0a,ca,17,20,ea,8d,60,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8065E9BF-72C0-0FC1-5AFDE65F0780FDDF}\{9AEA461A-A66D-2047-6BE4E874E5E97513}\{AA471588-234B-ED0A-4D91A11ADDB01E65}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{90C9B227-00E9-ED2B-D8335C00663422E2}\{BA143829-6513-6AB3-17B76E63BBBF825B}\{B7811D8F-B091-6828-D848878685722533}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9D7D745F-2DA2-E26E-67E2A61C92B5C873}\{869A1319-CB5B-72EF-32E86935B8210920}\{0F637A1B-C125-DB37-203685E7DE12B741}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A35BAB48-4D1F-6A0B-6BCC81421932BFFC}\{F9F16A92-BF70-12AC-7ED2CC2822129D24}\{512F8077-C30C-4607-36213242EA83EF67}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AB53ABC9-60C7-8B2C-A2AB126EB1F03A59}\{6511FF0A-0202-CA71-9BBA47A5377501DE}\{CE12CB05-B8C7-0E6B-6DC342F04A20B600}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,fa,38,79,
51,02,ef,96,65,16,c4,17,6e,40,6b,17,be,ff,b6,ae,2c,8a,0a,ca,17,20,ea,8d,60,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AD212F18-226F-19C5-6836DC0F322A8CD1}\{165CDB28-57BC-2FFB-C17032E84F1598CE}\{1D773DA2-1E07-1A59-CFCCE9D8E9744932}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,fa,38,79,
51,02,ef,96,65,16,c4,17,6e,40,6b,17,be,ff,b6,ae,2c,8a,0a,ca,17,20,ea,8d,60,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EDCF6AC6-CDE0-1F6D-043771A983FAB740}\{0B884C8F-0AAB-F925-A63B97C7F3A43931}\{965D33BD-6599-2D1D-7E8A152D666CAEE5}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1236)
d:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\klogon.dll
d:\program files\Webroot\Spy Sweeper\sis.dll

- - - - - - - > 'lsass.exe'(1292)
d:\program files\Webroot\Spy Sweeper\sis.dll

- - - - - - - > 'explorer.exe'(2500)
d:\program files\Webroot\Spy Sweeper\sis.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll

- - - - - - - > 'csrss.exe'(1212)
d:\program files\Webroot\Spy Sweeper\sis.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
d:\program files\Java\jre1.6.0_01\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\cryptainersrv.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2010-03-23 07:57:45 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-23 11:57
ComboFix2.txt 2010-03-15 13:27

Pre-Run: 3,791,130,624 bytes free
Post-Run: 3,820,269,568 bytes free

Current=12 Default=12 Failed=11 LastKnownGood=14 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14
- - End Of File - - 24AE62BFDB7321D734C721D4A1D91716


#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 PM

Posted 23 March 2010 - 03:50 PM

Hello.

Run ComboFix with CFScript

We will run ComboFix again. This time, the instructions are slightly different.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the quotebox below into it:
    CODE
    FCopy::
    c:\windows\ServicePackFiles\i386\eventlog.dll | C:\Windows\system32\eventlog.dll
    FileLook::
    c:\windows\system32\drivers\89355181.sys
    c:\windows\system32\drivers\90679351.sys
    Driver::
    ebfaedcfaafbffabddc
    File::
    c:\windows\ebfaedcfaafbffabddc.exe
    RegNull::
    [HKEY_USERS\S-1-5-21-1482476501-412668190-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F30A11F5-9049-7FE3-EAEE-41D695B97AA7}*]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{118600C1-E06C-ABA1-A888AB723E33B02B}\{E318BB0E-605A-21B6-FB8DB7AF590D8446}\{BCA1AEF5-4FB2-0965-288B69F3AC878E97}*]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{11B5C8DC-3FEA-1682-D4F0355518481497}\{414E0745-768E-27E6-1A22BEEA50FFC306}\{0F77990A-A8C5-E83C-A2DEB9098A2A23DE}*]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1A68D668-6DF3-702D-2A0852A803C1488D}\{D6F2E9CD-48BA-CDDC-BEA31B576464FCAF}\{421B9E29-5D23-2966-C9D7C1E976BC0884}*]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{564572D7-BA6B-A81E-17332C14105A24EF}\{35AC4256-1B84-66D8-7C4583AC3B4AA35B}\{791C0703-8CF5-813B-67470F66B09458B3}*]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5BE3D010-3EF3-EA3A-19EA72F7729702DF}\{352FFD75-9B70-D323-D2F13A6467AA3E3D}\{81CD47E4-7EF3-579C-2C259DBE42414B54}*]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{60778762-8BE2-5BE8-74B1F534DECE7DD7}\{033814D8-F5F0-69C3-B63A6822FA3F97AC}\{BB1878CD-9C66-F7AC-793F8981AF2E0354}*]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6283EF60-5306-646F-3E2A60A6F3147012}\{EC258BE5-E5B0-C834-EB7A48F96467BF3F}\{829C9D27-3E4A-4D61-8C18630CF0B6A85C}*]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{66D2B6B0-0AC3-1D5E-AFE4FCFC2DBC1E0D}\{D0054572-6CDD-7E67-D144F5B82EF8A509}\{800AEEDD-FDE9-D9F6-54124DEBF6D799D2}*]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7105F8B9-026E-CFD3-5D9F0001C57F1CEC}\{AACA605D-194C-A7AC-E2A3B1335A37F3B8}\{651E2FC5-8B06-4659-81C7FD9235B0E0BA}*]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7D123B2E-0C5F-D919-194C2B3C78E1FEC1}\{313463E6-9B37-5C56-F570B6CAA31EBA6B}\{14D54DC1-EDC1-0F67-65A1433CC409F39D}*]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EC7A25C-208B-259B-D0F10B7D70121E6A}\{B30129B8-8481-85C6-1CF8CC8FAFB9C5A4}\{9F5D8B19-EFCA-EE59-2A819F5112EEBB2A}*]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8065E9BF-72C0-0FC1-5AFDE65F0780FDDF}\{9AEA461A-A66D-2047-6BE4E874E5E97513}\{AA471588-234B-ED0A-4D91A11ADDB01E65}*]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{90C9B227-00E9-ED2B-D8335C00663422E2}\{BA143829-6513-6AB3-17B76E63BBBF825B}\{B7811D8F-B091-6828-D848878685722533}*]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9D7D745F-2DA2-E26E-67E2A61C92B5C873}\{869A1319-CB5B-72EF-32E86935B8210920}\{0F637A1B-C125-DB37-203685E7DE12B741}*]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A35BAB48-4D1F-6A0B-6BCC81421932BFFC}\{F9F16A92-BF70-12AC-7ED2CC2822129D24}\{512F8077-C30C-4607-36213242EA83EF67}*]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AB53ABC9-60C7-8B2C-A2AB126EB1F03A59}\{6511FF0A-0202-CA71-9BBA47A5377501DE}\{CE12CB05-B8C7-0E6B-6DC342F04A20B600}*]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AD212F18-226F-19C5-6836DC0F322A8CD1}\{165CDB28-57BC-2FFB-C17032E84F1598CE}\{1D773DA2-1E07-1A59-CFCCE9D8E9744932}*]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EDCF6AC6-CDE0-1F6D-043771A983FAB740}\{0B884C8F-0AAB-F925-A63B97C7F3A43931}\{965D33BD-6599-2D1D-7E8A152D666CAEE5}*]
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)

    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Update and Scan with MalwareBytes Anti-Malware
  • Launch Malwarebytes' Anti-Malware
  • Go to the Update tab
  • Select Check for Update and let MBAM download and install any available updates.
  • After the update is complete go to the Scanner tab.
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 Warpspeed

Warpspeed
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 23 March 2010 - 07:06 PM

Hello EB,

Here's the ComboFix/CFScript scan.

_______________________________________________________

ComboFix 10-03-22.03 - Tom 03/23/2010 17:22:31.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.442 [GMT -4:00]
Running from: c:\documents and settings\Tom.BLACK-WIDOW\Desktop\Cleaners\ComboFix.exe
Command switches used :: c:\documents and settings\Tom.BLACK-WIDOW\Desktop\Cleaners\CFScript.txt
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"c:\windows\ebfaedcfaafbffabddc.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\eventlog.dll --> c:\windows\system32\eventlog.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EBFAEDCFAAFBFFABDDC
-------\Service_ebfaedcfaafbffabddc


((((((((((((((((((((((((( Files Created from 2010-02-23 to 2010-03-23 )))))))))))))))))))))))))))))))
.

2010-03-23 21:22 . 2008-04-14 00:11 56320 -c--a-w- c:\windows\system32\dllcache\eventlog.dll
2010-03-23 21:22 . 2008-04-14 00:11 56320 ----a-w- c:\windows\system32\eventlog.dll
2010-03-19 19:17 . 2010-03-19 19:19 -------- d-----w- C:\HighJackThis
2010-03-11 20:37 . 2010-03-11 20:37 -------- d-----w- c:\program files\ESET
2010-03-10 11:51 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-02-22 22:04 . 2009-12-04 17:01 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(5).sys
2010-02-22 22:04 . 2009-12-04 17:01 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(4).sys
2010-02-22 22:04 . 2009-12-04 17:01 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(3).sys
2010-02-22 22:03 . 2009-12-04 17:01 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(2).sys
2010-02-22 22:02 . 2009-12-04 17:01 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(1).sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-23 21:38 . 2008-05-23 16:20 248166944 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-03-23 21:31 . 2008-05-23 16:20 3339044 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-03-23 12:49 . 2007-05-22 15:18 4212 ---h--w- c:\windows\system32\zllictbl.dat
2010-03-23 02:28 . 2010-03-23 10:37 1257984 ----a-w- c:\windows\Internet Logs\xDB8.tmp
2010-03-19 01:12 . 2007-06-12 13:24 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2010-03-18 18:32 . 2009-12-17 18:05 117760 ----a-w- c:\documents and settings\Tom.BLACK-WIDOW\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-17 03:02 . 2010-03-17 10:20 1208832 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2010-03-17 03:02 . 2010-01-24 03:58 149776 ----a-w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-16 13:04 . 2007-05-22 13:52 -------- d-----w- c:\documents and settings\Tom.BLACK-WIDOW\Application Data\uTorrent
2010-03-15 15:09 . 2004-05-21 01:58 -------- d-----w- c:\program files\Google
2010-03-13 22:08 . 2009-07-16 00:14 -------- d-----w- c:\documents and settings\Tom.BLACK-WIDOW\Application Data\vlc
2010-03-12 18:36 . 2007-11-27 16:08 -------- d-----w- c:\documents and settings\Tom.BLACK-WIDOW\Application Data\Azureus
2010-03-10 12:10 . 2007-12-19 13:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2010-03-09 03:41 . 2010-03-09 11:21 83456 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2010-03-08 04:13 . 2010-03-08 11:10 256000 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2010-03-05 04:29 . 2010-03-05 11:47 736256 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2010-02-24 04:07 . 2010-02-24 11:09 480256 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2010-02-19 05:19 . 2010-02-19 13:20 136704 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2010-02-18 03:13 . 2010-02-18 11:23 700416 ----a-w- c:\windows\Internet Logs\xDB6E9.tmp
2010-02-11 01:39 . 2008-07-19 19:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-11 00:55 . 2010-02-11 01:00 613888 ----a-w- c:\windows\Internet Logs\xDB6E8.tmp
2010-02-10 17:56 . 2009-12-01 21:47 17408 ----a-w- c:\windows\system32\drivers\usedisk.sys
2010-02-10 16:49 . 2005-01-17 14:32 -------- d-----w- c:\program files\Common Files\Java
2010-02-10 16:47 . 2008-11-23 16:47 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-09 22:27 . 2010-02-09 22:32 75776 ----a-w- c:\windows\Internet Logs\xDB6E7.tmp
2010-02-09 21:32 . 2007-05-22 02:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2010-02-09 14:11 . 2010-02-09 14:17 3113472 ----a-w- c:\windows\Internet Logs\xDB6E6.tmp
2010-02-08 20:47 . 2010-02-08 20:52 3111424 ----a-w- c:\windows\Internet Logs\xDB6E4.tmp
2010-02-08 20:47 . 2010-02-08 20:51 3264000 ----a-w- c:\windows\Internet Logs\xDB6E3.tmp
2010-02-05 05:14 . 2010-02-05 13:06 118272 ----a-w- c:\windows\Internet Logs\xDB6E2.tmp
2010-02-05 01:26 . 2010-02-05 01:34 3097600 ----a-w- c:\windows\Internet Logs\xDB6E1.tmp
2010-02-05 01:26 . 2010-02-05 01:34 3290112 ----a-w- c:\windows\Internet Logs\xDB6E0.tmp
2010-02-04 02:53 . 2010-02-04 11:33 152576 ----a-w- c:\windows\Internet Logs\xDB6DF.tmp
2010-02-03 01:54 . 2010-02-03 01:59 3327488 ----a-w- c:\windows\Internet Logs\xDB6DE.tmp
2010-02-01 01:19 . 2004-01-29 19:57 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-30 04:27 . 2010-01-30 16:30 342016 ----a-w- c:\windows\Internet Logs\xDB6DC.tmp
2010-01-29 04:28 . 2010-01-29 04:28 -------- d-----w- c:\program files\Garmin GPS Plugin
2010-01-28 02:22 . 2010-01-28 11:40 2855936 ----a-w- c:\windows\Internet Logs\xDB6DB.tmp
2010-01-26 19:44 . 2010-01-26 19:35 42376 ----a-w- c:\windows\system32\drivers\ikfilesec.sys
2010-01-26 19:35 . 2010-01-26 19:35 -------- d-----w- c:\documents and settings\Tom.BLACK-WIDOW\Application Data\PC Tools
2010-01-25 18:51 . 2010-01-25 19:03 2952192 ----a-w- c:\windows\Internet Logs\xDB6DA.tmp
2010-01-25 18:51 . 2010-01-25 19:03 28160 ----a-w- c:\windows\Internet Logs\xDB6D9.tmp
2010-01-25 16:18 . 2007-07-11 19:20 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2010-01-25 14:47 . 2010-01-25 14:51 2909696 ----a-w- c:\windows\Internet Logs\xDB6D8.tmp
2010-01-25 03:27 . 2010-01-25 11:10 2893312 ----a-w- c:\windows\Internet Logs\xDB6D7.tmp
2010-01-25 03:27 . 2010-01-25 11:10 134656 ----a-w- c:\windows\Internet Logs\xDB6D6.tmp
2010-01-24 18:48 . 2010-01-24 18:53 94720 ----a-w- c:\windows\Internet Logs\xDB6D4.tmp
2010-01-24 17:57 . 2010-01-24 18:14 116224 ----a-w- c:\windows\Internet Logs\xDB6D2.tmp
2010-01-24 17:57 . 2010-01-24 18:14 2876928 ----a-w- c:\windows\Internet Logs\xDB6D3.tmp
2010-01-23 22:04 . 2010-01-23 22:04 -------- d-----w- c:\program files\TurboTax
2010-01-23 17:16 . 2010-01-23 17:16 55016 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2010_01_22_23_00_58_small.dmp.zip
2010-01-23 04:04 . 2010-01-23 17:10 163328 ----a-w- c:\windows\Internet Logs\xDB6D1.tmp
2010-01-22 04:29 . 2010-01-22 12:07 92160 ----a-w- c:\windows\Internet Logs\xDB6D0.tmp
2010-01-21 03:35 . 2010-01-21 10:59 2842624 ----a-w- c:\windows\Internet Logs\xDB6CF.tmp
2010-01-20 04:29 . 2010-01-20 11:17 84480 ----a-w- c:\windows\Internet Logs\xDB6CC.tmp
2010-01-20 04:29 . 2010-01-20 11:17 2837504 ----a-w- c:\windows\Internet Logs\xDB6CD.tmp
2010-01-19 22:37 . 2010-01-19 22:41 90624 ----a-w- c:\windows\Internet Logs\xDB6CA.tmp
2010-01-19 22:37 . 2010-01-19 22:42 2836480 ----a-w- c:\windows\Internet Logs\xDB6CB.tmp
2010-01-18 05:18 . 2010-01-18 13:49 50688 ----a-w- c:\windows\Internet Logs\xDB6C9.tmp
2010-01-17 19:04 . 2010-01-18 04:17 93696 ----a-w- c:\windows\Internet Logs\xDB6C7.tmp
2010-01-17 19:04 . 2010-01-18 04:17 2830336 ----a-w- c:\windows\Internet Logs\xDB6C8.tmp
2010-01-16 21:19 . 2010-01-17 01:55 50688 ----a-w- c:\windows\Internet Logs\xDB6C5.tmp
2010-01-16 04:20 . 2010-01-16 14:59 148480 ----a-w- c:\windows\Internet Logs\xDB6C4.tmp
2010-01-15 04:57 . 2010-01-15 12:18 82432 ----a-w- c:\windows\Internet Logs\xDB6C2.tmp
2010-01-15 04:57 . 2010-01-15 12:19 2814976 ----a-w- c:\windows\Internet Logs\xDB6C3.tmp
2010-01-15 02:14 . 2010-01-15 02:19 2807296 ----a-w- c:\windows\Internet Logs\xDB6C1.tmp
2010-01-15 02:14 . 2010-01-15 02:19 87040 ----a-w- c:\windows\Internet Logs\xDB6C0.tmp
2010-01-14 03:09 . 2010-01-14 11:39 78336 ----a-w- c:\windows\Internet Logs\xDB6BE.tmp
2010-01-13 13:22 . 2010-01-13 13:28 127488 ----a-w- c:\windows\Internet Logs\xDB6BC.tmp
2010-01-13 13:22 . 2010-01-13 13:28 2778112 ----a-w- c:\windows\Internet Logs\xDB6BD.tmp
2010-01-13 04:25 . 2010-01-13 11:35 137216 ----a-w- c:\windows\Internet Logs\xDB6BA.tmp
2010-01-13 04:25 . 2010-01-13 11:35 2771456 ----a-w- c:\windows\Internet Logs\xDB6BB.tmp
2010-01-12 13:22 . 2010-01-12 13:28 68096 ----a-w- c:\windows\Internet Logs\xDB6B8.tmp
2010-01-12 13:22 . 2010-01-12 13:28 2768384 ----a-w- c:\windows\Internet Logs\xDB6B9.tmp
2010-01-11 15:06 . 2010-01-11 15:10 72704 ----a-w- c:\windows\Internet Logs\xDB6B5.tmp
2010-01-11 15:06 . 2010-01-11 15:11 2758656 ----a-w- c:\windows\Internet Logs\xDB6B6.tmp
2010-01-11 03:39 . 2010-01-11 12:05 64000 ----a-w- c:\windows\Internet Logs\xDB6B3.tmp
2010-01-11 03:39 . 2010-01-11 12:05 2755072 ----a-w- c:\windows\Internet Logs\xDB6B4.tmp
2010-01-11 01:54 . 2010-01-11 01:59 2748928 ----a-w- c:\windows\Internet Logs\xDB6B2.tmp
2010-01-11 01:54 . 2010-01-11 01:59 141312 ----a-w- c:\windows\Internet Logs\xDB6B1.tmp
2010-01-10 22:24 . 2009-02-18 15:06 5115824 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-10 19:37 . 2009-12-18 15:24 52224 ----a-w- c:\documents and settings\Tom.BLACK-WIDOW\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-10 04:58 . 2010-01-10 15:57 76800 ----a-w- c:\windows\Internet Logs\xDB6B0.tmp
2010-01-09 04:55 . 2010-01-09 15:58 52736 ----a-w- c:\windows\Internet Logs\xDB6AF.tmp
2010-01-09 04:49 . 2010-01-09 04:54 49152 ----a-w- c:\windows\Internet Logs\xDB6AE.tmp
2010-01-09 04:34 . 2010-01-09 04:38 61440 ----a-w- c:\windows\Internet Logs\xDB6AD.tmp
2010-01-09 02:42 . 2010-01-09 02:47 249856 ----a-w- c:\windows\Internet Logs\xDB6AC.tmp
2010-01-07 21:07 . 2009-01-16 13:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-01-16 13:25 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 22:05 . 2007-05-21 17:08 71128 ----a-w- c:\documents and settings\Tom.BLACK-WIDOW\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-06 13:51 . 2010-01-06 13:56 203264 ----a-w- c:\windows\Internet Logs\xDB6AB.tmp
2010-01-05 21:51 . 2007-05-21 16:29 86327 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2010-01-05 20:05 . 2010-01-05 20:36 164352 ----a-w- c:\windows\Internet Logs\xDB6A9.tmp
2010-01-05 20:05 . 2010-01-05 20:36 2518528 ----a-w- c:\windows\Internet Logs\xDB6AA.tmp
2010-01-05 03:36 . 2010-01-05 11:46 74240 ----a-w- c:\windows\Internet Logs\xDB6A7.tmp
2010-01-04 23:13 . 2010-01-04 23:18 2504704 ----a-w- c:\windows\Internet Logs\xDB6A6.tmp
2010-01-04 23:13 . 2010-01-04 23:18 73216 ----a-w- c:\windows\Internet Logs\xDB6A5.tmp
2010-01-04 21:52 . 2010-01-04 21:58 2493440 ----a-w- c:\windows\Internet Logs\xDB6A4.tmp
2010-01-04 21:52 . 2010-01-04 21:58 189952 ----a-w- c:\windows\Internet Logs\xDB6A3.tmp
2010-01-04 18:55 . 2010-01-04 19:01 279552 ----a-w- c:\windows\Internet Logs\xDB6A2.tmp
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\system32\drivers\89355181.sys ---
Company: Kaspersky Lab
File Description: Kaspersky Unified Driver
File Version: 6.4.0.11
Product Name: Kaspersky Anti-Virus
Copyright: Copyright © Kaspersky Lab 1997-2009.
Original Filename: KL1.SYS
File size: 128016
Created time: 2009-12-29 13:06
Modified time: 2009-09-25 21:59
MD5: 7DD41B7AC1FBB1DBF20BB1F4E4FBE58C
SHA1: C763C52F8B0DBB6594F1A81246AE2C27C6F74557


--- c:\windows\system32\drivers\90679351.sys ---
Company: Kaspersky Lab
File Description: Kaspersky Unified Driver
File Version: 6.4.0.11
Product Name: Kaspersky Anti-Virus
Copyright: Copyright © Kaspersky Lab 1997-2009.
Original Filename: KL1.SYS
File size: 128016
Created time: 2009-12-29 13:53
Modified time: 2009-09-25 21:59
MD5: 7DD41B7AC1FBB1DBF20BB1F4E4FBE58C
SHA1: C763C52F8B0DBB6594F1A81246AE2C27C6F74557


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpySweeper"="d:\program files\Webroot\Spy Sweeper\SpySweeper.exe" [2008-08-25 3065344]
"USB Safely Remove"="d:\program files\USB Safely Remove\USBSafelyRemove.exe" [2009-06-19 3678208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ffpsrv"="c:\windows\ffpext\ffpsrv.exe" [2009-05-29 81408]
"ZoneAlarm Client"="d:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-03 919016]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-06-18 29744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"TrueImageMonitor.exe"="d:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-09-12 5048488]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"TraySantaCruz"="c:\windows\system32\tbctray.exe" [2002-04-17 290816]

c:\documents and settings\Tom\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Hotmail Popper.lnk - d:\program files\Hotmail Popper\hotpop.exe [2004-1-24 1777664]

c:\documents and settings\Tom.BLACK-WIDOW\Start Menu\Programs\Startup\
Hotmail Popper.lnk - d:\program files\Hotmail Popper\hotpop.exe [2004-1-24 1777664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "h:\program files\Qualcomm\Eudora\EuShlExt.dll" [2006-01-09 86016]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FDCDNT.SYS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FileAndFolderProtector_S]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2009-09-12 21:31 357384 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 13:58 40368 ----a-w- d:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-10-22 17:22 7700480 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-10-22 17:22 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-10-22 17:22 1622016 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 20:09 413696 ----a-w- d:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"d:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"d:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"d:\\Program Files\\WM Recorder 10\\WMR90.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Azureas\\Vuze\\Azureus.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 89355182;89355182 Boot Guard Driver;c:\windows\system32\drivers\89355182.sys [12/29/2009 9:06 AM 37392]
R0 90679352;90679352 Boot Guard Driver;c:\windows\system32\drivers\90679352.sys [12/29/2009 9:53 AM 37392]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [12/30/2009 11:43 AM 902432]
R1 89355181;89355181;c:\windows\system32\drivers\89355181.sys [12/29/2009 9:06 AM 128016]
R1 90679351;90679351;c:\windows\system32\drivers\90679351.sys [12/29/2009 9:53 AM 128016]
R1 FDCDNT;FDCDNT;c:\windows\system32\drivers\FDCDNT.SYS [6/11/2007 2:03 PM 44288]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\SASDIFSV.SYS [11/23/2009 9:43 AM 12872]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 9:43 AM 66632]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [12/30/2009 11:43 AM 2326920]
R2 ssoftnt4;ssoftnt4;c:\windows\system32\drivers\ssoftnt4.sys [6/20/2008 12:04 PM 100728]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [12/30/2009 11:43 AM 159168]
R3 EuMusDesignVirtualAudioCableWdm_ads;Audio Recorder Platinum Digital (WDM);c:\windows\system32\drivers\vacadskd.sys [1/14/2009 5:10 PM 40832]
R3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys [8/23/2007 10:53 PM 144768]
R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys [8/23/2007 10:53 PM 545088]
R3 vdiskbus;Virtual Disk Bus;c:\windows\system32\drivers\VDiskBus.sys [7/14/2007 4:50 PM 35107]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2/22/2010 6:02 PM 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2/22/2010 6:03 PM 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2/22/2010 6:04 PM 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2/22/2010 6:04 PM 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2/22/2010 6:04 PM 25704]
S2 gupdate1ca0d905480c0ba;Google Update Service (gupdate1ca0d905480c0ba);c:\program files\Google\Update\GoogleUpdate.exe [7/25/2009 9:28 PM 133104]
S2 USBSafelyRemoveService;USB Safely Remove Assistant;d:\program files\USB Safely Remove\USBSRService.exe [8/11/2009 7:58 AM 213776]
S3 ADPTEHCD;Adaptec USB 2.0 Enhanced Host Controller Driver;c:\windows\system32\drivers\aehcd.sys [2/13/2008 6:19 PM 42512]
S3 AUSBD_FilterService;Adaptec USB 2.0 Port Enumeration Driver;c:\windows\system32\drivers\ausbd.sys [2/13/2008 6:19 PM 23056]
S3 AutoWhatService;AutoWhat Registry Service;m:\program files\AutoWhat\Autoserv.exe [3/4/2002 6:58 AM 432128]
S3 GoogleDesktopManager-051608-133132;Google Desktop Manager 5.7.805.16405;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/26/2006 7:38 PM 29744]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/25/2007 1:31 PM 42000]
S3 SASENUM;SASENUM;d:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 9:43 AM 12872]
S3 sdAuxService;PC Tools Auxiliary Service;d:\program files\Spyware Doctor\pctsAuxs.exe [1/26/2010 3:35 PM 337800]
S3 usedisk;USEDisk Driver;c:\windows\system32\drivers\usedisk.sys [12/1/2009 5:47 PM 17408]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/24/2007 9:06 AM 716272]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2010-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cac6819fdef3b0.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-26 01:27]

2009-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-26 01:27]

2009-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-412668190-682003330-1003Core.job
- c:\documents and settings\Tom.BLACK-WIDOW\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-16 00:33]

2009-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-412668190-682003330-1003UA.job
- c:\documents and settings\Tom.BLACK-WIDOW\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-16 00:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uLocal Page =
mLocal Page =
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
Trusted Zone: intuit.com\ttlc
FF - ProfilePath - c:\documents and settings\Tom.BLACK-WIDOW\Application Data\Mozilla\Firefox\Profiles\ihhivp5x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\Tom.BLACK-WIDOW\Application Data\Mozilla\Firefox\Profiles\ihhivp5x.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: d:\program files\Mozilla Firefox\components\daacfbaae.dll
FF - component: d:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Tom.BLACK-WIDOW\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\windows\system32\Photosynth\nppsynth.dll
FF - plugin: d:\program files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll
FF - plugin: d:\program files\DivX\Divx7\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: d:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: d:\program files\Java\jre1.6.0_01\bin\new_plugin\npdeploytk.dll
FF - plugin: d:\program files\Java\jre1.6.0_01\bin\new_plugin\npjp2.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npagent.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\nppsynth.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin6.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-23 17:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet012\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\TOM~1.BLA\LOCALS~1\Temp\mc22.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1236)
d:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\klogon.dll
d:\program files\Webroot\Spy Sweeper\sis.dll

- - - - - - - > 'lsass.exe'(1292)
d:\program files\Webroot\Spy Sweeper\sis.dll

- - - - - - - > 'explorer.exe'(3716)
d:\program files\Webroot\Spy Sweeper\sis.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll

- - - - - - - > 'csrss.exe'(1212)
d:\program files\Webroot\Spy Sweeper\sis.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
d:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
d:\program files\Java\jre1.6.0_01\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\cryptainersrv.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2010-03-23 17:46:54 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-23 21:46
ComboFix2.txt 2010-03-23 11:57
ComboFix3.txt 2010-03-15 13:27

Pre-Run: 3,649,253,376 bytes free
Post-Run: 3,602,059,264 bytes free

Current=12 Default=12 Failed=11 LastKnownGood=14 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14
- - End Of File - - FF8E1FE185B70C357CD51C44DBFD4E37

________________________________________________

I'll next complete the MBam process.

Many thanks!

#8 Warpspeed

Warpspeed
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 23 March 2010 - 07:40 PM

Results from the MalwareBytes scan are below.
This one appears clean.

_________________________________________________________

Malwarebytes' Anti-Malware 1.44
Database version: 3907
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

3/23/2010 8:33:45 PM
mbam-log-2010-03-23 (20-33-45).txt

Scan type: Quick Scan
Objects scanned: 199038
Time elapsed: 12 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#9 Warpspeed

Warpspeed
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 24 March 2010 - 08:52 AM

Hello EB,

I am still experiencing the browser redirects. Possibly less often, but they are still pervasive. Clicking on a link in a search return often (but not always) yields mostly advertising portals such as abcdfinder.com, /elooksee.com, or seekanduse.net.

Whatever is living in my computer is still there mad.gif

Thanks for your help.

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 PM

Posted 26 March 2010 - 09:12 PM

We'll look into that.

Can you let me know if that problem is in FireFox, Internet Explorer or in both?

We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.
  6. Copy and Paste the following code into the textbox. Do not include the word "Code"

    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT

  7. Push
  8. A report will open. Copy and Paste that report in your next reply.
  9. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 Warpspeed

Warpspeed
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 27 March 2010 - 04:50 PM

Hi,

The Google redirects are more numerous than ever. Internet Explorer is now doing something different. I very seldom use IE, so I'm not sure when this started. Anyway, when I conduct a search on a term using Google, I get a white page with the words Redirect Notice at the top of the page, and an instruction to click on a hyperlink directed at the (correct) website. A second option is offered which points back to the original search return. For example:
The previous page is sending you to http://www.bleepingcomputer.com/.

If you do not want to visit that page, you can return to the previous page.


This seems to happen 100% of the time.

As far as I can tell, the redirect problem doesn't appear when using Chrome. Again, I don't use it much, so, if unlike Firefox, it hedirects only occasionally, I could miss it.

I have run OTL as directed, and pasted the two logs below. I did not do the Run Fix since I wasn't instructed to do it.

Once more, thanks for staying with me.

_______________________________________________________________
OTL logfile created on: 3/27/2010 1:09:04 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Tom.BLACK-WIDOW\Desktop\Cleaners
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 311.00 Mb Available Physical Memory | 41.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0K:\pagefile.sys 1500 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.41 Gb Total Space | 3.27 Gb Free Space | 13.39% Space Free | Partition Type: NTFS
Drive D: | 37.76 Gb Total Space | 23.89 Gb Free Space | 63.27% Space Free | Partition Type: NTFS
Drive E: | 127.74 Gb Total Space | 33.52 Gb Free Space | 26.24% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 7.81 Gb Total Space | 4.11 Gb Free Space | 52.59% Space Free | Partition Type: NTFS
Drive I: | 9.77 Gb Total Space | 2.42 Gb Free Space | 24.75% Space Free | Partition Type: NTFS
Drive J: | 128.01 Gb Total Space | 8.37 Gb Free Space | 6.54% Space Free | Partition Type: NTFS
Drive K: | 9.77 Gb Total Space | 1.73 Gb Free Space | 17.67% Space Free | Partition Type: NTFS
Drive L: | 14.65 Gb Total Space | 12.27 Gb Free Space | 83.80% Space Free | Partition Type: NTFS
Drive M: | 23.44 Gb Total Space | 21.50 Gb Free Space | 91.74% Space Free | Partition Type: NTFS

Computer Name: BLACK-WIDOW
Current User Name: Tom
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/27 13:02:29 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom.BLACK-WIDOW\Desktop\Cleaners\OTL.exe
PRC - [2010/02/18 19:29:09 | 000,908,248 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/10 12:47:05 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Java\jre1.6.0_01\bin\jqs.exe
PRC - [2009/12/30 11:43:31 | 002,326,920 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/09/12 17:31:30 | 000,660,520 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/05/29 15:28:08 | 000,081,408 | ---- | M] () -- C:\WINDOWS\ffpext\ffpsrv.exe
PRC - [2008/11/22 16:12:34 | 001,333,016 | ---- | M] (Diskeeper Corporation) -- D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2008/08/24 22:21:49 | 003,065,344 | ---- | M] (Webroot Software, Inc.) -- D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
PRC - [2008/06/18 08:07:04 | 000,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2008/06/17 10:06:12 | 001,777,664 | ---- | M] () -- D:\Program Files\Hotmail Popper\hotpop.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/02 21:07:54 | 000,919,016 | ---- | M] (Zone Labs, LLC) -- D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/04/02 21:07:54 | 000,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2007/12/03 15:53:58 | 000,139,264 | ---- | M] () -- C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
PRC - [2007/01/24 18:45:10 | 000,074,240 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) -- C:\WINDOWS\system32\cryptainersrv.exe
PRC - [2002/04/17 15:51:08 | 000,290,816 | ---- | M] (Voyetra Turtle Beach, Inc.) -- C:\WINDOWS\system32\tbctray.exe


========== Modules (SafeList) ==========

MOD - [2010/03/27 13:02:29 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom.BLACK-WIDOW\Desktop\Cleaners\OTL.exe
MOD - [2009/05/29 15:28:08 | 000,044,032 | ---- | M] () -- C:\WINDOWS\ffpext\FFPKbd.dll
MOD - [2004/11/08 13:30:56 | 000,125,440 | ---- | M] (Webroot Software, Inc.) -- D:\Program Files\Webroot\Spy Sweeper\sis.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/10 12:47:05 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- D:\Program Files\Java\jre1.6.0_01\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010/01/26 15:44:01 | 001,017,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- D:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/01/26 15:43:57 | 000,337,800 | ---- | M] (PC Tools) [On_Demand | Stopped] -- D:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/12/30 11:43:31 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/09/12 17:31:30 | 000,660,520 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/06/16 14:05:08 | 000,213,776 | ---- | M] () [Auto | Stopped] -- D:\Program Files\USB Safely Remove\USBSRService.exe -- (USBSafelyRemoveService)
SRV - [2008/11/22 16:12:34 | 001,333,016 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2008/06/18 08:07:04 | 000,029,744 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051608-133132)
SRV - [2008/04/02 21:07:54 | 000,075,304 | ---- | M] (Zone Labs, LLC) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2007/01/29 23:02:04 | 000,200,768 | ---- | M] (Kaspersky Lab) [Auto | Stopped] -- D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe -- (AVP)
SRV - [2007/01/25 13:31:34 | 000,093,048 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/01/24 18:45:10 | 000,074,240 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Auto | Running] -- C:\WINDOWS\System32\cryptainersrv.exe -- (ssoftservice)
SRV - [2005/09/19 15:56:06 | 000,258,103 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- D:\Program Files\Bluetooth\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2002/03/04 06:58:42 | 000,432,128 | ---- | M] (Ziff Davis Media, Inc.) [On_Demand | Stopped] -- M:\Program Files\AutoWhat\Autoserv.exe -- (AutoWhatService)


========== Driver Services (SafeList) ==========

DRV - [2010/02/24 09:37:48 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/24 09:37:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/24 09:37:48 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- D:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/10 13:56:45 | 000,017,408 | ---- | M] (Gili Soft INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usedisk.sys -- (usedisk)
DRV - [2010/01/26 15:44:02 | 000,042,376 | ---- | M] (PCTools Research Pty Ltd.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec)
DRV - [2009/12/30 11:43:34 | 000,159,168 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2009/12/30 11:43:25 | 000,902,432 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)
DRV - [2009/12/30 11:43:23 | 000,570,016 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/12/30 11:42:50 | 000,157,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/12/04 13:01:00 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2009/12/04 13:01:00 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2009/12/04 13:01:00 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2009/12/04 13:01:00 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2009/12/04 13:01:00 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\90679352.sys -- (90679352)
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\89355182.sys -- (89355182)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\90679351.sys -- (90679351)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\89355181.sys -- (89355181)
DRV - [2009/06/08 17:33:24 | 000,051,176 | ---- | M] (Zone Labs, LLC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2009/05/28 20:28:26 | 000,044,288 | ---- | M] (Silence of Troubles United Company Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\FDCDNT.SYS -- (FDCDNT)
DRV - [2009/01/21 07:49:40 | 000,118,656 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/05/28 16:25:12 | 000,716,272 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/09 19:12:06 | 000,040,832 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vacadskd.sys -- (EuMusDesignVirtualAudioCableWdm_ads) Audio Recorder Platinum Digital (WDM)
DRV - [2008/04/02 21:08:00 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/12/13 18:28:36 | 000,005,504 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2007/12/10 15:53:28 | 000,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec)
DRV - [2007/12/10 15:53:28 | 000,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt)
DRV - [2007/08/06 20:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/07/19 16:10:28 | 000,127,768 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klif.sys -- (TSP)
DRV - [2007/07/19 16:10:28 | 000,127,768 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2007/07/13 19:05:38 | 000,100,728 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ssoftnt4.sys -- (ssoftnt4)
DRV - [2007/01/25 13:31:34 | 000,042,000 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2006/10/22 13:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/09/20 15:26:16 | 001,342,122 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005/09/20 15:03:36 | 000,401,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2005/09/19 15:44:52 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2005/09/19 15:44:46 | 000,222,876 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP)
DRV - [2005/09/19 15:42:04 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2005/09/19 15:41:36 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/09/19 15:38:26 | 000,148,040 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2005/01/13 10:06:48 | 000,035,107 | ---- | M] (Winternals) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VDiskBus.sys -- (vdiskbus)
DRV - [2004/06/28 12:08:56 | 000,042,752 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/08/13 15:27:22 | 000,065,280 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003/03/14 13:18:30 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2002/11/14 13:19:00 | 000,042,512 | ---- | M] (Adaptec Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aehcd.sys -- (ADPTEHCD)
DRV - [2002/11/14 13:19:00 | 000,023,056 | ---- | M] (Adaptec Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ausbd.sys -- (AUSBD_FilterService)
DRV - [2002/10/15 01:00:00 | 000,101,431 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\IdeChnDr.sys -- (IdeChnDr) Intel®
DRV - [2002/10/15 01:00:00 | 000,013,891 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\IdeBusDr.sys -- (IdeBusDr)
DRV - [2002/04/17 15:51:08 | 000,545,088 | ---- | M] (Voyetra Turtle Beach) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbcwdm.sys -- (tbcwdm)
DRV - [2002/04/17 15:51:08 | 000,144,768 | ---- | M] (Voyetra Turtle Beach) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbcspud.sys -- (tbcspud)
DRV - [2001/12/04 09:18:06 | 000,659,905 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmxp.sys -- (ltmodem5)
DRV - [2001/08/17 09:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1482476501-412668190-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1482476501-412668190-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKU\S-1-5-21-1482476501-412668190-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1482476501-412668190-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1482476501-412668190-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1482476501-412668190-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: optout@google.com:1.2
FF - prefs.js..extensions.enabledItems: {563e4790-7e70-11da-a72b-0800200c9a66}:0.9b
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.7
FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.8.1Lite
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: firefox1@myibay.com:1.1.6
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.63
FF - prefs.js..extensions.enabledItems: {D46E8522-6E86-44b1-A622-58C0668AD78E}:3.6.0

FF - user.js..network.proxy.type: 0
FF - user.js..network.proxy.http: ""
FF - user.js..network.proxy.http_port:
FF - user.js..network.proxy.no_proxies_on: ""

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: D:\Program Files\Java\jre1.6.0_01\lib\deploy\jqs\ff [2010/02/10 12:47:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010/02/27 11:42:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010/02/18 19:29:12 | 000,000,000 | ---D | M]

[2008/06/17 15:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Mozilla\Extensions
[2010/03/26 13:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Mozilla\Firefox\Profiles\ihhivp5x.default\extensions
[2010/03/18 17:24:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Mozilla\Firefox\Profiles\ihhivp5x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/18 17:23:45 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Mozilla\Firefox\Profiles\ihhivp5x.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/03/18 17:23:41 | 000,000,000 | ---D | M] (Google Send to Phone) -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Mozilla\Firefox\Profiles\ihhivp5x.default\extensions\{452a61a1-543d-48ef-bcc8-60391fe6c68a}
[2010/03/18 17:23:39 | 000,000,000 | ---D | M] (Google Send to Phone) -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Mozilla\Firefox\Profiles\ihhivp5x.default\extensions\{452a61a1-543d-48ef-bcc8-60391fe6c68a}(2)
[2010/03/18 17:23:37 | 000,000,000 | ---D | M] (Clear Cache Button) -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Mozilla\Firefox\Profiles\ihhivp5x.default\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
[2010/03/18 17:23:24 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Mozilla\Firefox\Profiles\ihhivp5x.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/03/18 17:23:24 | 000,000,000 | ---D | M] (Live IP Address) -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Mozilla\Firefox\Profiles\ihhivp5x.default\extensions\{7C9AE782-DB21-4e40-81FB-AD8A53A6233A}
[2010/03/18 17:23:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Mozilla\Firefox\Profiles\ihhivp5x.default\extensions\{81a7a680-d724-460d-aa2f-4b0d8d926fe3}
[2010/03/18 17:23:23 | 000,000,000 | ---D | M] (Modern Aluminum) -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Mozilla\Firefox\Profiles\ihhivp5x.default\extensions\{835A3F80-DF39-11D9-A0B5-000D0B3AEB26}
[2010/03/18 17:23:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Mozilla\Firefox\Profiles\ihhivp5x.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/03/18 17:23:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Mozilla\Firefox\Profiles\ihhivp5x.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}(2)
[2010/03/18 17:23:22 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Mozilla\Firefox\Profiles\ihhivp5x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/03/18 17:22:32 | 000,000,000 | ---D | M] (Classic Compact) -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Mozilla\Firefox\Profiles\ihhivp5x.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}
[2010/03/18 17:22:25 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Mozilla\Firefox\Profiles\ihhivp5x.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/03/18 17:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Mozilla\Firefox\Profiles\ihhivp5x.default\extensions\FasterFox_Lite@BigRedBrent
[2010/03/18 17:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Mozilla\Firefox\Profiles\ihhivp5x.default\extensions\firefox1@myibay.com
[2010/03/18 17:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Mozilla\Firefox\Profiles\ihhivp5x.default\extensions\optout@google.com
[2010/03/18 17:24:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Mozilla\Firefox\Profiles\ihhivp5x.default\extensions\translator@dontfollowme.net
[2010/03/18 17:22:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Mozilla\Firefox\Profiles\ihhivp5x.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions
[2008/06/19 22:34:45 | 000,001,940 | ---- | M] () -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Mozilla\Firefox\Profiles\ihhivp5x.default\searchplugins\marketwatch.xml
[2009/03/24 21:22:02 | 000,001,976 | ---- | M] () -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Mozilla\Firefox\Profiles\ihhivp5x.default\searchplugins\rapidshare-google-arama.xml

O1 HOSTS File: ([2010/03/23 17:32:55 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CitiUSBrowserHelper Class) - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre1.6.0_01\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre1.6.0_01\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-1482476501-412668190-682003330-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-1482476501-412668190-682003330-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-1482476501-412668190-682003330-1003\..\Toolbar\WebBrowser: (no name) - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [ffpsrv] c:\WINDOWS\ffpext\ffpsrv.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe (Voyetra Turtle Beach, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [ZoneAlarm Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKU\S-1-5-21-1482476501-412668190-682003330-1003..\Run: [SpySweeper] d:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc.)
O4 - HKU\S-1-5-21-1482476501-412668190-682003330-1003..\Run: [USB Safely Remove] D:\Program Files\USB Safely Remove\USBSafelyRemove.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Tom\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Tom\Start Menu\Programs\Startup\Hotmail Popper.lnk = D:\Program Files\Hotmail Popper\hotpop.exe ()
O4 - Startup: C:\Documents and Settings\Tom.BLACK-WIDOW\Start Menu\Programs\Startup\Hotmail Popper.lnk = D:\Program Files\Hotmail Popper\hotpop.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-412668190-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1482476501-412668190-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-1482476501-412668190-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1482476501-412668190-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll (Kaspersky Lab)
O9 - Extra Button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - Reg Error: Value error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie.htm ()
O15 - HKU\S-1-5-21-1482476501-412668190-682003330-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Documents and Settings\Tom.BLACK-WIDOW\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tom.BLACK-WIDOW\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - H:\Program Files\Qualcomm\Eudora\EuShlExt.dll (Qualcomm Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/21 10:16:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/07/31 11:52:28 | 000,000,194 | ---- | M] () - H:\AUTOEXEC.BAK -- [ NTFS ]
O32 - AutoRun File - [2006/07/31 11:52:28 | 000,000,194 | ---- | M] () - H:\AutoExec.bat -- [ NTFS ]
O32 - AutoRun File - [2000/08/09 11:26:38 | 000,000,079 | -HS- | M] () - H:\AUTOEXEC.DOS -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/05/21 12:29:25 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: Acronis Scheduler2 Service - hkey= - key= - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found
MsConfig - StartUpReg: nwiz - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - D:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 2
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: FDCDNT.SYS - C:\WINDOWS\system32\drivers\FDCDNT.SYS (Silence of Troubles United Company Ltd.)
SafeBootMin: File system - Driver Group
SafeBootMin: FileAndFolderProtector_S - Reg Error: Value error.
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sdauxservice - D:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SafeBootMin: sdcoreservice - D:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: FDCDNT.SYS - C:\WINDOWS\system32\drivers\FDCDNT.SYS (Silence of Troubles United Company Ltd.)
SafeBootNet: File system - Driver Group
SafeBootNet: FileAndFolderProtector_S - Reg Error: Value error.
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sdauxservice - D:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SafeBootNet: sdcoreservice - D:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3D1EB7DD-D55F-1C69-F002-0DB35E7E38BF} -
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6D4A7512-2756-66D2-918D-A80B6D0DE120} - Dynamic HTML Data Binding for Java
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {732EE399-DFCE-6E1F-D6B5-E538DF1FC53A} - Microsoft Windows Media Player 6.4
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C2B359D0-CF2E-558E-A542-C1CFAF377586} - Outlook Express
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - sirenacm.dll File not found
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: VIDC.3IV2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.ptev - C:\WINDOWS\System32\ptevideo.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17736316556935168)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/24 10:11:33 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/23 17:32:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/03/23 17:22:29 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eventlog.dll
[2010/03/23 17:22:29 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\eventlog.dll
[2010/03/23 17:03:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/23 07:30:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/19 15:17:18 | 000,000,000 | ---D | C] -- C:\HighJackThis
[2010/03/18 20:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Desktop\Cleaners
[2010/03/15 09:15:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/15 09:15:34 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/15 09:15:34 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/11 16:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/03/10 07:51:40 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2007/01/16 08:15:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/10/20 20:13:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Azureus
[2006/01/23 12:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2004/12/27 13:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2004/01/27 19:39:05 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/01/27 19:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\Tom.BLACK-WIDOW\My Documents\*.tmp files -> C:\Documents and Settings\Tom.BLACK-WIDOW\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/27 13:12:38 | 249,643,552 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/03/27 12:57:14 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-412668190-682003330-1003UA.job
[2010/03/27 12:54:00 | 000,002,704 | ---- | M] () -- C:\rollback.ini
[2010/03/27 12:47:14 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/27 12:41:01 | 000,001,039 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/27 12:37:32 | 000,355,093 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/03/27 12:35:10 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/03/27 12:35:04 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cac6819fdef3b0.job
[2010/03/27 12:35:00 | 000,001,396 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/27 12:35:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/27 12:34:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/26 22:40:46 | 003,358,604 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/03/26 22:40:32 | 009,175,040 | ---- | M] () -- C:\Documents and Settings\Tom.BLACK-WIDOW\ntuser.dat
[2010/03/26 22:40:22 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Tom.BLACK-WIDOW\ntuser.ini
[2010/03/26 20:57:01 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-412668190-682003330-1003Core.job
[2010/03/26 12:07:02 | 000,002,305 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\TurboTax 2009.lnk
[2010/03/26 12:03:15 | 000,000,115 | ---- | M] () -- C:\Documents and Settings\Tom.BLACK-WIDOW\Desktop\Very stubborn browser redirect issue.URL
[2010/03/23 22:03:18 | 000,000,084 | ---- | M] () -- C:\Documents and Settings\Tom.BLACK-WIDOW\Desktop\cassidy420's reviews - StumbleUpon.URL
[2010/03/23 20:39:11 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/03/23 17:34:56 | 000,000,896 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/23 17:32:55 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/22 22:26:33 | 000,000,068 | ---- | M] () -- C:\Documents and Settings\Tom.BLACK-WIDOW\Desktop\YouTube - Those Rich Old White Guys.URL
[2010/03/20 00:06:28 | 000,000,096 | ---- | M] () -- C:\Documents and Settings\Tom.BLACK-WIDOW\Desktop\Jon Stewart - Glenn Beck - Epic Parody Mediaite.URL
[2010/03/19 21:09:46 | 000,202,752 | ---- | M] () -- C:\Documents and Settings\Tom.BLACK-WIDOW\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/18 21:21:11 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Tom.BLACK-WIDOW\defogger_reenable
[2010/03/17 08:33:38 | 000,023,811 | ---- | M] () -- C:\Documents and Settings\Tom.BLACK-WIDOW\My Documents\Edmund Hortin Death Notice.pdf
[2010/03/16 08:51:19 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Tom.BLACK-WIDOW\Local Settings\Application Data\housecall.guid.cache
[2010/03/14 12:26:35 | 000,449,320 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 12:26:35 | 000,074,808 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/14 12:26:34 | 000,534,170 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/03/12 17:50:16 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/11 19:58:10 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Tom.BLACK-WIDOW\Desktop\HijackThis.lnk
[2010/02/27 12:24:53 | 000,001,600 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader 8.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\Tom.BLACK-WIDOW\My Documents\*.tmp files -> C:\Documents and Settings\Tom.BLACK-WIDOW\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/26 12:03:15 | 000,000,115 | ---- | C] () -- C:\Documents and Settings\Tom.BLACK-WIDOW\Desktop\Very stubborn browser redirect issue.URL
[2010/03/23 22:03:18 | 000,000,084 | ---- | C] () -- C:\Documents and Settings\Tom.BLACK-WIDOW\Desktop\cassidy420's reviews - StumbleUpon.URL
[2010/03/22 22:26:33 | 000,000,068 | ---- | C] () -- C:\Documents and Settings\Tom.BLACK-WIDOW\Desktop\YouTube - Those Rich Old White Guys.URL
[2010/03/20 00:06:28 | 000,000,096 | ---- | C] () -- C:\Documents and Settings\Tom.BLACK-WIDOW\Desktop\Jon Stewart - Glenn Beck - Epic Parody Mediaite.URL
[2010/03/18 21:21:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tom.BLACK-WIDOW\defogger_reenable
[2010/03/18 05:58:57 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cac6819fdef3b0.job
[2010/03/17 08:33:38 | 000,023,811 | ---- | C] () -- C:\Documents and Settings\Tom.BLACK-WIDOW\My Documents\Edmund Hortin Death Notice.pdf
[2010/03/16 08:51:19 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Tom.BLACK-WIDOW\Local Settings\Application Data\housecall.guid.cache
[2010/03/15 09:15:34 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/15 09:15:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/15 09:15:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/15 09:15:34 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/15 09:15:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/11 19:58:09 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Tom.BLACK-WIDOW\Desktop\HijackThis.lnk
[2010/01/04 19:24:41 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/01/04 19:24:41 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010/01/04 19:24:41 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/01/04 19:24:41 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2008/10/14 20:59:53 | 000,257,536 | ---- | C] () -- C:\WINDOWS\BiImg.dll
[2008/10/14 20:59:53 | 000,110,592 | ---- | C] () -- C:\WINDOWS\JPEG32.DLL
[2008/10/14 20:59:52 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\BiMResNT.dll
[2008/10/10 11:29:33 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/09/28 21:22:08 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2008/08/05 09:15:50 | 000,001,958 | ---- | C] () -- C:\WINDOWS\aopr.ini
[2008/05/23 12:13:41 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/02/28 20:08:43 | 000,000,032 | ---- | C] () -- C:\WINDOWS\MS Office 2007 Pro Plus & Expression Web.INI
[2008/01/18 23:05:09 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/01/18 23:05:09 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/01/18 23:05:09 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/01/18 23:05:08 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/12/19 20:38:07 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/11/13 22:59:20 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2007/11/13 22:59:19 | 000,696,320 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2007/08/07 04:52:58 | 000,025,312 | ---- | C] () -- C:\WINDOWS\System32\DivXVfWCodec.dll.vir
[2007/08/07 04:52:50 | 000,025,312 | ---- | C] () -- C:\WINDOWS\System32\SamsungVfWCodec.dll.vir
[2007/08/07 04:52:14 | 000,443,104 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/08/07 04:52:02 | 000,066,272 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2007/06/28 19:33:17 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\ptevideo.dll
[2007/06/26 12:33:28 | 000,000,066 | ---- | C] () -- C:\WINDOWS\MP3 WAV OGG WMA AC3 to CD Burner.INI
[2007/06/22 17:52:25 | 000,000,054 | ---- | C] () -- C:\WINDOWS\JascCmdFile.INI
[2007/06/11 14:17:51 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/06/04 16:07:55 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\QTSBandwidthCache
[2007/05/25 17:02:38 | 000,000,169 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2007/05/23 22:26:55 | 000,001,571 | ---- | C] () -- C:\WINDOWS\Faxcpp1.ini
[2007/05/23 22:26:55 | 000,000,422 | ---- | C] () -- C:\WINDOWS\Faxcpp.ini
[2007/05/23 22:26:21 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\Image32.dll
[2007/05/23 22:26:21 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Png32.dll
[2007/05/23 22:26:21 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2007/05/23 22:26:21 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Tga32.dll
[2007/05/23 22:26:21 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Pcx32.dll
[2007/05/23 22:26:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\Twscan32.dll
[2007/05/22 14:00:46 | 000,000,510 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/05/22 12:37:35 | 000,000,092 | ---- | C] () -- C:\WINDOWS\MFPD.INI
[2007/05/22 12:33:26 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Tom.BLACK-WIDOW\Local Settings\Application Data\FASTWiz.html
[2007/05/22 12:31:32 | 000,030,428 | ---- | C] () -- C:\Documents and Settings\Tom.BLACK-WIDOW\Local Settings\Application Data\FASTWiz.log
[2007/05/22 12:01:27 | 000,000,528 | ---- | C] () -- C:\WINDOWS\WinInit.INI
[2007/05/22 08:38:39 | 000,202,752 | ---- | C] () -- C:\Documents and Settings\Tom.BLACK-WIDOW\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/25 13:31:36 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2006/10/22 13:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 13:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 13:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 13:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/09/19 15:50:42 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2003/07/28 16:19:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2003/07/28 16:19:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2002/05/15 23:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 18:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2010/03/18 16:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CutList Plus
[2010/03/18 16:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileAndFolderProtector_S
[2007/03/21 16:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2007/04/16 13:03:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PicturesToExe
[2007/03/21 16:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2006/05/03 17:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Southwest Airlines
[2004/03/03 15:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2007/02/05 10:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Video32
[2005/01/20 19:35:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{9F2E1130-016E-4D98-BF17-AA8307E75FA2}
[2009/12/30 11:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Acronis
[2009/09/16 07:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Azureus
[2009/11/30 16:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\boost_interprocess
[2007/06/01 18:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CutList Plus
[2009/01/07 16:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Diskeeper Corporation
[2008/08/20 16:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DriverScanner
[2009/07/23 14:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\GARMIN
[2007/11/14 14:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\iolo
[2008/05/23 14:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MailFrontier
[2007/05/25 07:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PicturesToExe
[2010/01/04 19:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Simply Super Software
[2010/03/18 21:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2009/07/24 20:54:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ulead Systems
[2009/08/11 07:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\USBSRService
[2007/06/01 18:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Video32
[2007/05/22 10:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
[2008/08/20 16:19:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{E9405398-E712-430B-B9AA-DD1F9505008B}
[2006/10/20 20:13:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Azureus
[2007/11/14 14:13:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\iolo
[2004/07/06 21:14:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\.BitTornado
[2005/08/15 12:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Alien Skin
[2007/05/06 16:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Azureus
[2007/04/26 08:54:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\CutList Plus
[2004/12/24 00:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\FeedReader
[2006/10/03 08:07:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\gtopala
[2007/01/02 09:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\IsolatedStorage
[2004/01/29 10:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Kazaa Lite
[2004/01/29 09:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Leadertech
[2004/05/20 20:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Levit & James, Inc
[2005/04/12 22:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\NASA
[2004/04/08 13:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Neo-Modus.com
[2007/03/21 16:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Nuance
[2007/04/30 16:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Opera
[2005/02/24 10:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Pictographics
[2007/02/27 15:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\System Requirements Lab
[2005/12/07 08:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\theimagingfactory
[2004/03/03 15:19:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\Ulead Systems
[2009/07/01 10:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\uTorrent
[2009/12/30 11:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Acronis
[2008/10/31 14:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Alien Skin
[2010/03/12 14:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Azureus
[2007/09/12 11:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\CutList Plus
[2009/03/10 19:59:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Forte
[2009/08/06 21:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\GARMIN
[2009/11/02 18:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\ImTOO Software Studio
[2009/01/30 10:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\IObit
[2007/11/14 14:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\iolo
[2008/05/23 12:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\MailFrontier
[2009/11/30 16:57:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Multi File Downloader
[2008/06/05 23:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Netscape
[2008/11/19 15:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Nik Software
[2008/02/28 21:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\OfficeUpdate12
[2009/03/03 09:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\OpenOffice.org
[2009/03/09 21:35:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\OverDrive
[2009/12/01 16:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\PenProtect
[2007/05/23 21:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Pictographics
[2007/06/20 17:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\PicturesToExe
[2009/04/01 08:18:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Quicken WillMaker
[2010/01/04 19:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Simply Super Software
[2009/07/24 20:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Ulead Systems
[2008/08/20 16:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Uniblue
[2008/01/14 16:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\URSoft
[2009/08/11 07:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\USBSafelyRemove
[2010/03/16 09:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\uTorrent

========== Purity Check ==========



========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >
[2009/12/30 11:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Acronis
[2010/02/01 16:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
[2009/01/24 16:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
[2008/03/02 18:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
[2009/07/24 21:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVS4YOU
[2009/09/16 07:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Azureus
[2009/11/30 16:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\boost_interprocess
[2007/06/01 18:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CutList Plus
[2009/01/07 16:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Diskeeper Corporation
[2008/08/20 16:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DriverScanner
[2007/08/14 16:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet
[2009/07/23 14:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\GARMIN
[2007/05/22 21:18:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
[2007/08/24 00:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Gtek
[2009/01/22 14:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Intuit
[2007/11/14 14:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\iolo
[2007/05/22 14:17:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ipswitch
[2010/02/09 17:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
[2008/05/22 09:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
[2008/07/17 08:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
[2008/05/23 14:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MailFrontier
[2009/01/16 09:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2009/02/05 20:45:39 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
[2010/03/10 08:10:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
[2007/09/07 12:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NVIDIA
[2007/05/25 07:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PicturesToExe
[2010/01/04 19:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Simply Super Software
[2010/01/25 12:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2010/02/10 12:49:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
[2009/02/10 09:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sunbelt
[2009/12/17 14:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
[2010/03/18 21:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2009/07/24 20:54:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ulead Systems
[2009/08/11 07:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\USBSRService
[2007/06/01 18:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Video32
[2007/06/25 10:30:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage
[2007/05/22 10:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
[2008/08/20 16:19:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{E9405398-E712-430B-B9AA-DD1F9505008B}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2008/08/20 02:35:11 | 002,645,597 | ---- | M] (Uniblue Systems Ltd. ) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{E9405398-E712-430B-B9AA-DD1F9505008B}\DriverScanner_Setup.exe
[2009/11/11 14:13:48 | 000,242,976 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Intuit\Quicken\INET\Common\patch\Update\QWPATCH.EXE
[2008/01/25 18:16:30 | 000,034,080 | ---- | M] (Intuit Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Intuit\Quicken\Sku\Deluxe\Custom\billmind.exe
[2008/01/25 18:16:33 | 000,034,080 | ---- | M] (Intuit Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Intuit\Quicken\Sku\HaB\Custom\billmind.exe
[2008/01/25 18:16:34 | 000,034,080 | ---- | M] (Intuit Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Intuit\Quicken\Sku\Premier\Custom\billmind.exe
[2007/12/20 15:23:00 | 000,072,264 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.321\English\setup.exe
[2010/01/10 18:24:52 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

< %APPDATA%\*. >
[2009/12/30 11:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Acronis
[2008/03/28 18:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Adobe
[2007/05/25 11:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Ahead
[2008/10/31 14:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Alien Skin
[2007/06/04 16:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Apple Computer
[2009/07/24 21:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\AVS4YOU
[2010/03/12 14:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Azureus
[2007/09/12 11:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\CutList Plus
[2008/02/16 14:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\DivX
[2010/01/21 17:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\dvdcss
[2009/03/10 19:59:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Forte
[2009/08/06 21:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\GARMIN
[2007/05/22 12:42:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Google
[2007/08/24 00:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\GTek
[2007/05/24 09:00:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Help
[2007/05/21 12:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Identities
[2009/11/02 18:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\ImTOO Software Studio
[2007/10/31 22:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\InstallShield
[2008/04/14 22:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Intuit
[2009/01/30 10:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\IObit
[2007/11/14 14:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\iolo
[2007/05/22 14:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Ipswitch
[2007/05/23 21:37:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Jasc Software Inc
[2007/06/08 11:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Lavasoft
[2007/05/21 17:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Macromedia
[2008/05/23 12:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\MailFrontier
[2009/01/16 09:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Malwarebytes
[2009/05/27 14:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Media Player Classic
[2009/12/02 21:43:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Microsoft
[2008/06/17 15:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Mozilla
[2009/11/30 16:57:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Multi File Downloader
[2008/06/05 23:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Netscape
[2008/11/19 15:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Nik Software
[2008/02/28 21:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\OfficeUpdate12
[2009/03/03 09:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\OpenOffice.org
[2008/07/10 10:53:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\OpenOffice.org2
[2009/03/09 21:35:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\OverDrive
[2010/01/26 15:35:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\PC Tools
[2009/12/01 16:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\PenProtect
[2007/05/23 21:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Pictographics
[2007/06/20 17:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\PicturesToExe
[2009/04/01 08:18:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Quicken WillMaker
[2010/01/04 19:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Simply Super Software
[2007/05/22 09:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Sun
[2009/02/10 09:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Sunbelt
[2009/12/17 14:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\SUPERAntiSpyware.com
[2010/01/11 18:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\U3
[2009/07/24 20:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Ulead Systems
[2008/08/20 16:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Uniblue
[2008/01/14 16:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\URSoft
[2009/08/11 07:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\USBSafelyRemove
[2010/03/16 09:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\uTorrent
[2010/03/13 18:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\vlc
[2007/05/23 16:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Webroot
[2010/01/05 16:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\WinRAR

< %APPDATA%\*.exe /s >
[2009/08/06 21:14:42 | 007,077,888 | ---- | M] () -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\GARMIN\RMU\RmuSetup.exe
[2009/07/29 13:51:27 | 000,013,502 | R--- | M] () -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Microsoft\Installer\{08365B6E-F1DC-458F-A47E-FD99109118CD}\ARPPRODUCTICON.exe
[2009/09/16 11:46:33 | 000,025,214 | R--- | M] () -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ARPPRODUCTICON.exe
[2009/09/16 11:46:33 | 000,025,214 | R--- | M] () -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
[2009/09/16 11:46:33 | 000,025,214 | R--- | M] () -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
[2009/09/16 11:46:33 | 000,025,214 | R--- | M] () -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
[2009/09/16 11:46:33 | 000,025,214 | R--- | M] () -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
[2009/09/16 11:46:33 | 000,025,214 | R--- | M] () -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Microsoft\Installer\{9509674F-3972-11DE-806D-005056806466}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
[2008/01/14 18:18:14 | 000,002,166 | R--- | M] () -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Microsoft\Installer\{E08EC542-BC5F-4F26-BBB9-E426BA007A31}\ARPPRODUCTICON.exe
[2008/01/14 18:18:14 | 000,000,766 | R--- | M] () -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Microsoft\Installer\{E08EC542-BC5F-4F26-BBB9-E426BA007A31}\Uninstall.exe_E08EC542BC5F4F26BBB9E426BA007A31.exe
[2008/01/14 18:18:14 | 000,002,166 | R--- | M] () -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Microsoft\Installer\{E08EC542-BC5F-4F26-BBB9-E426BA007A31}\USBDriver.exe_E08EC542BC5F4F26BBB9E426BA007A31.exe
[2009/07/29 13:20:08 | 000,013,502 | R--- | M] () -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\Microsoft\Installer\{E33350DF-0A12-4387-B6E8-128C08C0F1FF}\ARPPRODUCTICON.exe
[2007/10/23 10:27:20 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\U3\temp\cleanup.exe
[2007/10/23 10:22:56 | 003,350,528 | -H-- | M] (SanDisk Corporation) -- C:\Documents and Settings\Tom.BLACK-WIDOW\Application Data\U3\temp\Launchpad Removal.exe

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/01/05 17:24:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/01/05 17:24:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/01/05 17:24:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/01/05 17:24:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys
[2004/08/04 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys
[2004/08/04 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IDECHNDR.SYS >
[2002/10/15 01:00:00 | 000,101,431 | ---- | M] (Intel Corporation) MD5=7D2B8BE9E89628663C1FB571F7C34062 -- C:\WINDOWS\system32\drivers\IdeChnDr.sys

< MD5 for: LOGEVENT.DLL >
[2004/08/04 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\logevent.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/05/09 06:53:40 | 000,430,080 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\vbscript.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> d:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe:SummaryInformation
@Alternate Data Stream - 257 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0CE7F3C9
@Alternate Data Stream - 188 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C895616B
@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B3D74A13
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
< End of report >

_______________________________________________________________


OTL Extras logfile created on: 3/27/2010 1:09:04 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Tom.BLACK-WIDOW\Desktop\Cleaners
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 311.00 Mb Available Physical Memory | 41.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0K:\pagefile.sys 1500 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.41 Gb Total Space | 3.27 Gb Free Space | 13.39% Space Free | Partition Type: NTFS
Drive D: | 37.76 Gb Total Space | 23.89 Gb Free Space | 63.27% Space Free | Partition Type: NTFS
Drive E: | 127.74 Gb Total Space | 33.52 Gb Free Space | 26.24% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 7.81 Gb Total Space | 4.11 Gb Free Space | 52.59% Space Free | Partition Type: NTFS
Drive I: | 9.77 Gb Total Space | 2.42 Gb Free Space | 24.75% Space Free | Partition Type: NTFS
Drive J: | 128.01 Gb Total Space | 8.37 Gb Free Space | 6.54% Space Free | Partition Type: NTFS
Drive K: | 9.77 Gb Total Space | 1.73 Gb Free Space | 17.67% Space Free | Partition Type: NTFS
Drive L: | 14.65 Gb Total Space | 12.27 Gb Free Space | 83.80% Space Free | Partition Type: NTFS
Drive M: | 23.44 Gb Total Space | 21.50 Gb Free Space | 91.74% Space Free | Partition Type: NTFS

Computer Name: BLACK-WIDOW
Current User Name: Tom
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "D:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "D:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [compress] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Notepad] -- Reg Error: Value error.
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" = D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe:*:Enabled:Kaspersky Anti-Virus -- (Kaspersky Lab)
"C:\Program Files\Windows Media Player\wmplayer.exe" = C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player -- (Microsoft Corporation)
"D:\Program Files\Azureus\Azureus.exe" = D:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- (Azureus Inc)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service -- (Zone Labs, LLC)
"D:\Program Files\WM Recorder 10\WMR90.exe" = D:\Program Files\WM Recorder 10\WMR90.exe:*:Enabled:Windows Media ™ Stream Recorder -- (NetFor2 and Applian Technologies Inc.)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"D:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe" = D:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"D:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe" = D:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"D:\Program Files\Azureas\Vuze\Azureus.exe" = D:\Program Files\Azureas\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{065AA582-2C24-47EA-9B1D-6104FCD4BAD0}" = Eudora
"{08365B6E-F1DC-458F-A47E-FD99109118CD}" = Kodak DIGITAL ROC Professional Plug-In 2.0.0
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18DF995F-2ACC-47E4-A33B-A703F4D39E92}" =
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{294B5513-9A4D-414C-ABC9-6D6656D1C32D}" = Keypict Photo Search
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2CCBABCB-6427-4A55-B091-49864623C43F}" =
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{301CC8D1-FE75-41ED-9B11-41F006110950}" = Garmin City Navigator North America NT 2010.10 Update
"{34D6EED8-7650-4E1C-BC26-F5B2DDE185C6}" = OverDrive Media Console
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3BAC6780-EAA2-012B-AE74-000000000000}" = TurboTax 2009 wohiper
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = Bluetooth Software
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{47BA74C5-1890-4ED2-954A-AD11186D8E26}" = Garmin TOPO U.S. 2008
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{593D4F8A-5F11-4901-A74A-6E7971E45790}" = Diskeeper 2009 Pro Premier
"{5AE68DC3-F16E-457D-947A-092D614C7ABD}_is1" = Spy Sweeper
"{5BAA1731-B992-48B6-A44E-7DF111698957}_is1" = GiliSoft USB Stick Encryption 2.0.0
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62369F2F77534556AEF4C58152E3BDE5}" =
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{677A19B8-446D-4797-A071-977A30EAD01D}" = Winternals Administrator's Pak
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{875F9A42-D47B-43E6-BA68-29D1895188D5}_is1" = Dynamic Auto-Painter 2.0.7
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9509674F-3972-11DE-806D-005056806466}" = Google Earth
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9984DF60-1C5B-11D3-ACA1-908A4FC10801}" = Intel Application Accelerator
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A254D625} PicturesToExe 5.6 Beta 12_is1" = PicturesToExe 5.6 Beta 12
"{A254D625} PicturesToExe 6.0 Beta 21_is1" = PicturesToExe 6.0 Beta 21
"{A254D625} PicturesToExe 6.0_is1" = PicturesToExe 6.0
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D58580-EA01-11D3-9318-008048B86EFE}" = Turtle Beach Santa Cruz Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB18B0BA-A08F-48B8-8D0E-AA9DDDCA22EA}" =
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.1
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Professional 2007
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF32FB61-AB9C-423B-A3E0-724A167953D9}" = TurboTax 2008 wohiper
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B3783869-5D14-4838-A042-910DF816D070}" = Xara3D6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BFB8C7BE-3BFA-446C-9F3E-3AFBA5BC1033}" = Nero 7 Ultra Edition
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis True Image Home
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D521C206-C457-4AE3-A0E0-072D37E2A580}" = OneTouch Software
"{D6160F37-7638-4E56-9774-F3C88F30A4A9}" =
"{D9DA2DF6-8CB6-4E3C-A29E-FAECFBA3E9A7}" = Garmin POI Loader
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E08EC542-BC5F-4F26-BBB9-E426BA007A31}" = OneTouch USB Driver
"{E33350DF-0A12-4387-B6E8-128C08C0F1FF}" = Kodak DIGITAL GEM Airbrush Professional Plug-In 2.0.0
"{E6B1F8A7-2EF2-47DC-B7D4-BA7E0C885D56}" =
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E6E88DF4-E0F1-4AA7-912D-74223AA6B70F}" = DriverScan
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" =
"{EA6EB7D0-C920-4434-B43D-0DDD0AF8F497}" = Garmin MapSource
"{F3ECED46-91CC-4F44-9917-9A20085D5D26}" = Debugging Tools for Windows
"3ivX" = 3ivX MPEG-4 5.0.1 Video CODEC
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"8461-7759-5462-8226" = Vuze
"AddressBook" =
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AnswerWorks 5.0 English Runtime" =
"Audio Recorder Platinum_is1" = Audio Recorder Platinum 4.21
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Editor 4_is1" = AVS Video Editor 4
"AZZ Cardfile" = AZZ Cardfile
"Branding" =
"CCleaner" = CCleaner
"Citi Virtual Account Numbers" = Citi Virtual Account Numbers
"Connection Manager" =
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro_is1" = Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07
"CuteFTP" =
"Daniusoft Media Converter Ultimate_is1" = Daniusoft Media Converter Ultimate(Build 2.5.2.0)
"DirectAnimation" =
"DirectDrawEx" =
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Driver Magician_is1" = Driver Magician 3.27
"DXM_Runtime" =
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"File and Folder Protector_is1" = File and Folder Protector v3.4
"Focus Magic" = Focus Magic
"Fontcore" =
"Forte Agent" = Forté Agent
"FTP Voyager_is1" =
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Earth Pro 4.2" = Google Earth Pro 4.2
"HaaliMkx" = Haali Media Splitter
"HijackThis" = HijackThis 2.0.2
"ICW" =
"IE4Data" =
"IE5BAKEX" =
"IEData" =
"InstallShield Uninstall Information" =
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"LTWinModem" = Lucent Win Modem
"Magic FLAC to MP3 Converter_is1" = Magic FLAC to MP3 Converter 3.71
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" =
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MobileOptionPack" =
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSI30a-KB884016" =
"MSI30-Beta1" =
"MSI30-Beta2" =
"MSI30-KB884016" =
"MSI30-RC1" =
"MSI30-RC2" =
"MSI31-Beta" =
"MSI31-RC1" =
"MultiExtractor" = MultiExtractor
"Neat Image_is1" = Neat Image v5 Demo (with plug-in)
"Nero - Burning Rom!UninstallKey" =
"NeroVision!UninstallKey" =
"Net2Phone CommCenter" = Net2Phone CommCenter
"NetMeeting" =
"NVIDIA Drivers" = NVIDIA Drivers
"OutlookExpress" =
"PCHealth" =
"pdfFactory Pro" = pdfFactory Pro
"PE Builder_is1" = PE Builder 3.1.10a
"PFConfig" = PFConfig 1.0.142
"Picasa 3" = Picasa 3
"PicturesToExe 5.1" = PicturesToExe 5.1
"PicturesToExe 5.1 Beta 1" = PicturesToExe 5.1 Beta 1
"PicturesToExe 5.5" = PicturesToExe 5.5
"PowerISO" = PowerISO
"Quicken WillMaker Plus 2009" = Quicken WillMaker Plus 2009
"Recover My Files_is1" = Recover My Files
"RegistryBooster 2_is1" = Uniblue RegistryBooster 2
"SchedulingAgent" =
"Sharpener Pro 3.0" = Sharpener Pro 3.0
"ShockwaveFlash" =
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"Spyware Doctor" = Spyware Doctor 5.5
"sscr_is1" = Cryptainer
"Trojan Remover_is1" = Trojan Remover 6.8.1
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax Premier 2007" = TurboTax Premier 2007
"TweakGDS_is1" = TweakGDS version 1.1.3
"USB Safely Remove_is1" = USB Safely Remove 4.1
"UTTOPO" = Utah Topo Maps
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 1.0.1
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.0
"WinZip" = WinZip
"WM Recorder 12.1" = WM Recorder 12.1
"WMCSetup" =
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilisoft DVD Creator" = Xilisoft DVD Creator
"Xilisoft Video Converter" = Xilisoft Video Converter 3
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Your Uninstaller! 2008_is1" = Your Uninstaller! 2008 Version 6.0
"Zero Assumption Recovery_is1" = Zero Assumption Recovery Version 8.3
"ZoneAlarm Security Suite" = ZoneAlarm Security Suite

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/2/2009 11:38:40 PM | Computer Name = BLACK-WIDOW | Source = Application Error | ID = 1000
Description = Faulting application quicktimeplayer.exe, version 7.62.14.0, faulting
module unknown, version 0.0.0.0, fault address 0x10001040.

Error - 11/2/2009 11:40:24 PM | Computer Name = BLACK-WIDOW | Source = Application Error | ID = 1000
Description = Faulting application quicktimeplayer.exe, version 7.62.14.0, faulting
module unknown, version 0.0.0.0, fault address 0x10001040.

Error - 11/3/2009 8:45:13 AM | Computer Name = BLACK-WIDOW | Source = Application Error | ID = 1000
Description = Faulting application quicktimeplayer.exe, version 7.62.14.0, faulting
module unknown, version 0.0.0.0, fault address 0x10001040.

Error - 3/23/2010 5:47:28 PM | Computer Name = BLACK-WIDOW | Source = Google Update | ID = 20
Description =

Error - 3/23/2010 5:47:29 PM | Computer Name = BLACK-WIDOW | Source = Google Update | ID = 20
Description =

Error - 3/23/2010 6:47:25 PM | Computer Name = BLACK-WIDOW | Source = Google Update | ID = 20
Description =

Error - 3/23/2010 6:47:26 PM | Computer Name = BLACK-WIDOW | Source = Google Update | ID = 20
Description =

Error - 3/23/2010 7:43:25 PM | Computer Name = BLACK-WIDOW | Source = Diskeeper | ID = 5
Description = Diskeeper Control Center - ERROR The Diskeeper News and Information
feature was unable to contact the Diskeeper Corporation web server. Ensure this
computer has Internet access. The Error Code is 5.

Error - 3/23/2010 7:47:25 PM | Computer Name = BLACK-WIDOW | Source = Google Update | ID = 20
Description =

Error - 3/23/2010 7:47:25 PM | Computer Name = BLACK-WIDOW | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 3/26/2010 8:00:31 PM | Computer Name = BLACK-WIDOW | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/26/2010 8:01:51 PM | Computer Name = BLACK-WIDOW | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 3/26/2010 8:01:51 PM | Computer Name = BLACK-WIDOW | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 3/26/2010 8:01:51 PM | Computer Name = BLACK-WIDOW | Source = Service Control Manager | ID = 7001
Description = The TrueVector Internet Monitor service depends on the vsdatant service
which failed to start because of the following error: %%31

Error - 3/26/2010 8:01:51 PM | Computer Name = BLACK-WIDOW | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
89355181 90679351 AFD Fips intelppm IPSec KLIF MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL
SCDEmu
StarOpen
Tcpip
vsdatant

Error - 3/26/2010 8:02:38 PM | Computer Name = BLACK-WIDOW | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 3/26/2010 8:04:53 PM | Computer Name = BLACK-WIDOW | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/26/2010 8:07:14 PM | Computer Name = BLACK-WIDOW | Source = Service Control Manager | ID = 7000
Description = The USB Safely Remove Assistant service failed to start due to the
following error: %%193

Error - 3/26/2010 8:07:14 PM | Computer Name = BLACK-WIDOW | Source = Service Control Manager | ID = 7000
Description = The Bluetooth Service service failed to start due to the following
error: %%193

Error - 3/26/2010 8:07:44 PM | Computer Name = BLACK-WIDOW | Source = Service Control Manager | ID = 7034
Description = The Cryptainer service service terminated unexpectedly. It has done
this 1 time(s).


< End of report >





#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 PM

Posted 29 March 2010 - 07:08 PM

Hello.

Sorry for the delay. Was doing some reading about your issue. Let's try to do the following.... We are going to reset your router and see if that helps.

You must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). You also need to reconfigure any security settings you had in place prior to the reset. Check out this site here for video tutorials on how to properly configure your router's encryption and security settings. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using. Or use OpenDNS.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 Warpspeed

Warpspeed
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 30 March 2010 - 08:14 AM

Hello EB,

Per your instructions, I have reset my Linksys router to its default settings and reconfigured the security settings. Right now the router seems to work fine. However, the Google redirects are as bad as before. Sometimes I can get a search link to open correctly by clicking (and closing the fake search portal) 4-5 times.

Something else is happening on the PC. The last few days it has been simply shutting down as I'm working. It happened 3 times yesterday. The machine simply went to a black screen and rebooted. I am unable to run Gmer in Normal mode. Somewhere in the middle of a scan the machine shuts off and reboots. I realize this may not have anything to do with the Google redirect problem, but I thought I'd mention it. This has not been a problem in the past.

I really appreciate your assistance in purging my computer of whatever has infected it.



#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 PM

Posted 30 March 2010 - 03:30 PM

Hello.

Can you get some screenshots on what you're talking about or provide some visuals that you can upload so I can see. I'm not exactly 100% sure what you're saying and what's exactly occurring right now.

Thanks.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 Warpspeed

Warpspeed
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 31 March 2010 - 09:09 AM

I apologize for my delayed response. I'm a bit over committed right now, but fixing the computer is high on my list of things I need to take care of. Using Google to attempt a search is really becoming a problem.

I used the PC quite heavily yesterday, i.e., I often had 2 or 3 Word documents open, my POP email program, and often 5-6 copies of Firefox with Google searches. There weren't any crashes. Of course, this doesn't mean anything, and the shutting down and rebooting may have nothing to do with the Google redirect issue.

I'll attempt to illustrate what happens when a browser redirect takes place. I've attached screenshots of the steps.

1. I insert the term "google hijack" in the Google toolbar. (Attachment 1)
2. There are over 1,500,000 returns on the term.
3. I select one from computing.net by right-clicking and selecting "open link in new tab" (Attachment 2)
3. Instead of returning results from computing.net it delivers a fake search portal, hXXp://onlythebes4you.com
(Attachment 3)

Additional information:
The redirect action is seemingly arbitrary. Sometimes, if I click on a link 4 or more times it finally doesn't redirect. Sometimes if I come back to to identical redirected link it returns the correct page. For example, I just went through the steps above and instead of going to hXXp://onlythebes4you.com, the link goes properly to hXXp://computing.net (Attachment 4)

Please let me know of anything else I can do to help us get rid of whatever has taken up residence in my computer. I'm grateful for your attention and knowledge.

Attached Files


Edited by extremeboy, 01 April 2010 - 09:10 PM.
Deactivate Links





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users