Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirects and Generic Host Process crash


  • This topic is locked This topic is locked
44 replies to this topic

#1 Pagan1n1

Pagan1n1

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 16 July 2010 - 04:34 AM

(My posts do not seem to be going through fully as I keep getting a connection was reset error and only part of my message pastes, I'll wait for a response before trying again, thanks)

Hi,
Over the past week I've been experiencing redirects in Google along with a "Generic Host Process" crash every time I boot up the computer (the 2 issues started simultaneously). Once the crash occurs, my sound card stops working and all Windows XP visual styles disappear and Windows goes back to looking very "Windows 98". I've posted/attached the DDS logs, but Gmer has been crashing/restarting during the scan so I'm unable to post that. Malwarebytes, Spy bot S&D and Avira anti virus have been unable to find anything. Thanks for any help!

DDS (Ver_10-03-17.01) - NTFSx86
Run by Rich Skibinsky at 5:16:36.65 on Fri 07/09/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2379 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: CA Personal Firewall *disabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\DeltaIITray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ooVoo\oovoo.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
E:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Digidesign\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
F:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
G:\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Burn4Free Toolbar Helper: {60bf5ee3-0105-4858-ad98-17c19f86b042} - c:\program files\burn4free toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Burn4Free Toolbar: {55faf0f2-44d4-425f-b5f5-6b275b621eab} - c:\program files\burn4free toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\common files\viewpoint\toolbar runtime\3.9.0\IEViewBar.dll
uRun: [ooVoo.exe] c:\program files\oovoo\oovoo.exe /minimized
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [M-Audio Taskbar Icon] c:\windows\system32\DeltaIITray.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\

Removed 1 post containing only redundant content, merged 2 posts removing redundant content. ~ OB

Attached Files


Edited by Orange Blossom, 18 July 2010 - 03:39 PM.


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:07 PM

Posted 22 July 2010 - 05:51 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    user32.dll
    ws2_32.dll
    /md5stop
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.

Since you're having issues with GMER< please try GMER in safe mode. If that doesn't work, try in safe mode, but uncheck 'devices'. If all else fails, try in safe mode and only check 'files' and 'sections'


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 Pagan1n1

Pagan1n1
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 23 July 2010 - 02:29 AM

Hi etavares,
Great to hear from you. I'll have both logs up for you tomorrow, just wanted to reply to make sure you know I still need the help. Thanks!


#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:07 PM

Posted 23 July 2010 - 06:43 PM

ok, thanks! i'll keep an eye out.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 Pagan1n1

Pagan1n1
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 23 July 2010 - 11:05 PM

Hey again,
Ok, I've attached the full OTL log. I've also attached a partial GMER log. I let GMER run in safe mode for 10 hours and it was still slowly going through files so I stopped at that point. I had "Devices" unchecked for that scan. Thanks!

Attached Files

  • Attached File  GMER.log   3.21KB   5 downloads
  • Attached File  OTL.Txt   182.2KB   7 downloads


#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:07 PM

Posted 24 July 2010 - 06:21 AM

OK, I can't open your OTL log...my virus scanner is detecting a trojan. Can you please copy and paste the OTL log in your reply? It's better anyway, it has code tags that make it difficult to read if it's attached.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 Pagan1n1

Pagan1n1
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 24 July 2010 - 10:49 AM

Just tried to post the log, but after I click to post it I get a "Connection was reset" error and only part of the log I pasted shows up in the post. Let me try posting it from another computer and see if that makes a difference.

Edited by Pagan1n1, 24 July 2010 - 10:54 AM.


#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:07 PM

Posted 24 July 2010 - 11:39 AM

OK, good idea. i'll keep an eye out for the log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:07 PM

Posted 29 July 2010 - 06:13 PM

still with me?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#10 Pagan1n1

Pagan1n1
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 01 August 2010 - 03:38 PM

Hey again,
Sorry for the delay, been a crazy week. Thanks for sticking around. Logs are coming later tonight!

#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:07 PM

Posted 01 August 2010 - 03:49 PM

ok, i'll keep an eye out. thanks for letting me know!


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 Pagan1n1

Pagan1n1
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 05 August 2010 - 12:50 PM

Ok, here we go. I'm on another computer so I'm going to paste the logs and we will see how it goes. First is the DDS log.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Rich Skibinsky at 5:16:36.65 on Fri 07/09/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2379 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: CA Personal Firewall *disabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\DeltaIITray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ooVoo\oovoo.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
E:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Digidesign\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
F:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
G:\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Burn4Free Toolbar Helper: {60bf5ee3-0105-4858-ad98-17c19f86b042} - c:\program files\burn4free toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Burn4Free Toolbar: {55faf0f2-44d4-425f-b5f5-6b275b621eab} - c:\program files\burn4free toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\common files\viewpoint\toolbar runtime\3.9.0\IEViewBar.dll
uRun: [ooVoo.exe] c:\program files\oovoo\oovoo.exe /minimized
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [M-Audio Taskbar Icon] c:\windows\system32\DeltaIITray.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261800721500
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: PFW - UmxWnp.Dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\richsk~1\applic~1\mozilla\firefox\profiles\i3met8sz.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2009-4-19 16384]
R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2007-10-18 93712]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-9 64288]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-6-30 11608]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2007-3-21 61960]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2007-3-16 45064]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2007-10-18 114704]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-6-30 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-6-30 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-6-30 60936]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2007-10-18 134672]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2007-11-2 65552]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-6 1352832]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2007-10-4 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2007-3-5 275976]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-2-16 24652]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-3-26 54960]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2007-9-2 33792]
R3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\MAudioDelta.sys [2010-4-1 302472]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2007-9-12 88840]
S2 TinaKey;TinaKey; [x]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;e:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-26 25832]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys --> c:\windows\system32\drivers\ivusb.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-1-6 38224]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PPCtlPriv;PPCtlPriv;"c:\program files\ca\ca internet security suite\ca anti-spyware\ppctlpriv.exe" --> c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

=============== Created Last 30 ================

2010-07-09 08:49:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-09 08:48:58 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-09 08:44:54 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{65893B95-F47B-4483-B883-86BA181E9B54}
2010-07-09 08:44:12 0 d-----w- c:\program files\Lavasoft
2010-07-09 08:38:42 0 d--h--w- c:\docume~1\alluse~1\applic~1\{624294E5-E0E5-4EFD-A333-C1D4E7225D06}
2010-07-09 07:25:00 205449 ----a-w- c:\documents and settings\rich skibinsky\.recently-used.xbel
2010-07-06 12:14:30 0 d-----w- c:\docume~1\richsk~1\applic~1\SUPERAntiSpyware.com
2010-07-06 12:14:30 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-07-06 12:14:24 0 d-----w- c:\program files\SUPERAntiSpyware
2010-07-06 11:33:31 0 d-----w- c:\program files\Trend Micro
2010-07-06 11:25:33 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 17:35:02 0 d-----w- c:\docume~1\richsk~1\applic~1\Avira
2010-06-30 17:30:24 0 d-----w- c:\windows\system32\NtmsData
2010-06-30 17:27:43 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-06-30 17:27:41 0 d-----w- c:\program files\Avira
2010-06-30 17:27:41 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-06-29 22:07:29 112 ----a-w- c:\docume~1\alluse~1\applic~1\5I3Yf8.dat
2010-06-16 07:40:39 54156 ---ha-w- c:\windows\QTFont.qfn
2010-06-16 07:40:39 1409 ----a-w- c:\windows\QTFont.for
2010-06-15 07:10:13 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{0431FA92-08E5-47E9-950C-61AAE87BAD26}
2010-06-15 06:14:56 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{9B069D1C-ECB9-4D1B-A782-7D5DDA2045D6}
2010-06-15 06:13:12 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{B5F0C192-874D-49A8-88D7-8431E3714756}

==================== Find3M ====================

2010-07-09 08:50:42 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-07-09 08:49:38 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7
2010-07-09 08:49:38 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6
2010-07-09 08:49:38 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5
2010-07-09 08:49:38 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4
2010-07-09 08:49:38 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3
2010-07-09 08:49:38 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2
2010-07-09 08:49:38 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1
2010-07-09 08:49:38 185560 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0
2010-04-26 19:58:12 256512 ----a-w- c:\windows\PEV.exe
2008-05-26 03:12:30 604 ---ha-w- c:\program files\STLL Notifier
2004-10-01 19:00:16 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2003-09-16 05:19:48 99544 ----a-w- c:\windows\inf\virprn.exe
2003-09-16 05:19:48 18950 ----a-w- c:\windows\inf\virpntd.dll
2003-09-16 05:19:48 10240 ----a-w- c:\windows\inf\virport.dll
2003-09-16 05:19:46 90624 ----a-w- c:\windows\inf\prtproc.dll

============= FINISH: 5:17:32.54 ===============


#13 Pagan1n1

Pagan1n1
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 05 August 2010 - 12:54 PM

Here is the partial GMER log. OTL coming next.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-23 23:52:24
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: F:\TEMP\awrcraow.sys


---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[624] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 007F000A
.text C:\WINDOWS\system32\svchost.exe[624] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 0080000A
.text C:\WINDOWS\system32\svchost.exe[624] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 5 Bytes JMP 007E000C
.text C:\WINDOWS\system32\svchost.exe[624] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00FD000A
.text C:\WINDOWS\Explorer.EXE[972] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 00A2000A
.text C:\WINDOWS\Explorer.EXE[972] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 00B0000A
.text C:\WINDOWS\Explorer.EXE[972] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 5 Bytes JMP 00A1000C

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths@Directory C:\Documents and Settings\Rich Skibinsky\Local Settings\Temporary Internet Files\Content.IE5
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1@CachePath C:\Documents and Settings\Rich Skibinsky\Local Settings\Temporary Internet Files\Content.IE5\Cache1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2@CachePath C:\Documents and Settings\Rich Skibinsky\Local Settings\Temporary Internet Files\Content.IE5\Cache2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3@CachePath C:\Documents and Settings\Rich Skibinsky\Local Settings\Temporary Internet Files\Content.IE5\Cache3
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4@CachePath C:\Documents and Settings\Rich Skibinsky\Local Settings\Temporary Internet Files\Content.IE5\Cache4
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{57939192-2B5A-41E6-EE50-7161B79174C3}


#14 Pagan1n1

Pagan1n1
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 05 August 2010 - 12:56 PM

OTL logfile created on: 7/23/2010 3:06:19 AM - Run 4
OTL by OldTimer - Version 3.2.9.1 Folder = G:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 0.79 Gb Free Space | 1.62% Space Free | Partition Type: NTFS
Drive D: | 123.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 249.26 Gb Total Space | 50.69 Gb Free Space | 20.34% Space Free | Partition Type: NTFS
Drive F: | 298.10 Gb Total Space | 0.54 Gb Free Space | 0.18% Space Free | Partition Type: NTFS
Drive G: | 298.07 Gb Total Space | 24.01 Gb Free Space | 8.05% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUPERCOMPUTER
Current User Name: Rich Skibinsky
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - G:\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\b89613c1-0306-4e06-bac5-adcf835864eb.com (SUPERAntiSpyware.com)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\ooVoo\ooVoo.exe (ooVoo LLC)
PRC - C:\WINDOWS\system32\DeltaIITray.exe ()
PRC - C:\WINDOWS\system32\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\WINDOWS\system32\vmnat.exe (VMware, Inc.)
PRC - F:\Program Files\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe (CA, Inc.)
PRC - E:\Program Files\Digidesign\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
PRC - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe (CA)
PRC - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe (CA)
PRC - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe (CA)
PRC - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - E:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe (Amazon.com)
PRC - C:\WINDOWS\system32\DivXCodecUpdateChecker.exe (DivX, Inc.)
PRC - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe (CA)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


========== Modules (SafeList) ==========

MOD - G:\Downloads\OTL(2).exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcInj.dll (Logitech Inc.)


========== Win32 Services (SafeList) ==========

SRV - (PPCtlPriv) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe File not found
SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File not found
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (0206981279838869mcinstcleanup) McAfee Application Installer Cleanup (0206981279838869) -- C:\WINDOWS\temp\0206981279838869mcinst.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (DAUpdaterSvc) -- E:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (VMnetDHCP) -- C:\WINDOWS\system32\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\WINDOWS\system32\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- F:\Program Files\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (ufad-ws60) -- F:\Program Files\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (DigiRefresh) -- E:\Program Files\Digidesign\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
SRV - (digiSPTIService) -- E:\Program Files\Digidesign\Digidesign\Pro Tools\digiSPTIService.exe (Digidesign, A Division of Avid Technology, Inc.)
SRV - (UmxFwHlp) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe (CA)
SRV - (UmxCfg) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe (CA)
SRV - (UmxAgent) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe (CA)
SRV - (CaCCProvSP) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (CA, Inc.)
SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\logishrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (ADVService) -- E:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe (Amazon.com)
SRV - (UmxPol) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe (CA)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (lxcg_device) -- C:\WINDOWS\System32\lxcgcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV - (SABKUTIL) -- C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys File not found
DRV - (ivusb) -- C:\WINDOWS\System32\DRIVERS\ivusb.sys File not found
DRV - (DELTA) Service for Delta Driver (WDM) -- C:\WINDOWS\System32\DRIVERS\delta.sys File not found
DRV - (catchme) -- F:\TEMP\catchme.sys File not found
DRV - (SysProtDrv.sys) -- C:\Documents and Settings\Rich Skibinsky\Desktop\SysProtDrv.sys ()
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (TPkd) -- C:\WINDOWS\System32\drivers\tpkd.sys (PACE Anti-Piracy, Inc.)
DRV - (DELTAII) Service for M-Audio Delta Driver (WDM) -- C:\WINDOWS\system32\drivers\MAudioDelta.sys (Avid Technology, Inc.)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (vmci) -- C:\WINDOWS\system32\drivers\vmci.sys (VMware, Inc.)
DRV - (vmkbd) -- C:\WINDOWS\system32\drivers\VMkbd.sys (VMware, Inc.)
DRV - (vmx86) -- C:\WINDOWS\system32\drivers\vmx86.sys (VMware, Inc.)
DRV - (hcmon) -- C:\WINDOWS\system32\drivers\hcmon.sys (VMware, Inc.)
DRV - (VMnetuserif) -- C:\WINDOWS\system32\drivers\vmnetuserif.sys (VMware, Inc.)
DRV - (VMparport) -- C:\WINDOWS\system32\drivers\vmparport.sys (VMware, Inc.)
DRV - (VMnetBridge) -- C:\WINDOWS\system32\drivers\vmnetbridge.sys (VMware, Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (vstor2-ws60) -- F:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.)
DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (mcdbus) -- C:\WINDOWS\system32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (KmxSbx) -- C:\WINDOWS\system32\drivers\KmxSbx.sys (CA)
DRV - (KmxFw) -- C:\WINDOWS\system32\drivers\KmxFw.sys (CA)
DRV - (KmxCF) -- C:\WINDOWS\system32\drivers\KmxCF.sys (CA)
DRV - (KmxStart) -- C:\WINDOWS\System32\DRIVERS\kmxstart.sys (CA)
DRV - (KmxCfg) -- C:\WINDOWS\system32\drivers\KmxCfg.sys (CA)
DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (LVcKap) -- C:\WINDOWS\system32\drivers\Lvckap.sys (Logitech Inc.)
DRV - (LVUVC) Logitech QuickCam Fusion(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\WINDOWS\system32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (KmxAgent) -- C:\WINDOWS\system32\drivers\KmxAgent.sys (CA)
DRV - (KmxFile) -- C:\WINDOWS\system32\drivers\KmxFile.sys (CA)
DRV - (DigiFilter) -- C:\WINDOWS\system32\drivers\DigiFilt.sys (Digidesign, A Division of Avid Technology, Inc.)
DRV - (HECI) Intel® -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (e1express) Intel® -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (sfng32) -- C:\WINDOWS\system32\drivers\sfng32.sys (Sonic Focus, Inc)
DRV - (FileDisk) -- C:\WINDOWS\System32\drivers\filedisk.sys (Bo BrantÚn)
DRV - (CLEDX) -- C:\WINDOWS\system32\drivers\cledx.sys (Team H2O)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555



IE - HKU\S-1-5-21-861567501-839522115-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-861567501-839522115-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-861567501-839522115-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-861567501-839522115-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {43c35458-c907-439b-bcfd-07d373834689}:2.2.1
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.21.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: okim@okcupid.com:1.2.2
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: texpertension@texperts.com:1.0.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/19 00:38:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/06 07:25:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2009/10/13 00:54:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins

[2009/01/29 02:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\Mozilla\Extensions
[2010/07/22 14:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\Mozilla\Firefox\Profiles\i3met8sz.default\extensions
[2010/06/07 17:41:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rich Skibinsky\Application Data\Mozilla\Firefox\Profiles\i3met8sz.default\extensions\{43c35458-c907-439b-bcfd-07d373834689}
[2010/06/07 17:41:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Rich Skibinsky\Application Data\Mozilla\Firefox\Profiles\i3met8sz.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/06/07 17:41:34 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Rich Skibinsky\Application Data\Mozilla\Firefox\Profiles\i3met8sz.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/07/11 18:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\Mozilla\Firefox\Profiles\i3met8sz.default\extensions\foxyproxy@eric.h.jung
[2010/06/07 17:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\Mozilla\Firefox\Profiles\i3met8sz.default\extensions\okim@okcupid.com
[2010/06/07 17:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\Mozilla\Firefox\Profiles\i3met8sz.default\extensions\texpertension@texperts.com
[2009/10/13 00:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\Mozilla\Sunbird\Profiles\3mcw6loa.default\extensions
[2008/12/12 14:23:54 | 000,002,158 | ---- | M] () -- C:\Documents and Settings\Rich Skibinsky\Application Data\Mozilla\Firefox\Profiles\i3met8sz.default\searchplugins\MySpace.xml
[2010/07/23 02:53:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/12 00:58:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/05/31 20:32:58 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2007/08/29 17:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/07/12 00:58:24 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/06/13 15:07:46 | 006,276,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll

O1 HOSTS File: ([2010/07/03 17:32:28 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Burn4Free Toolbar Helper) - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20100719003802.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Burn4Free Toolbar) - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll ()
O3 - HKU\S-1-5-21-861567501-839522115-682003330-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-861567501-839522115-682003330-1003\..\Toolbar\WebBrowser: (Burn4Free Toolbar) - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\DeltaIITray.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKU\S-1-5-21-861567501-839522115-682003330-1003..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-861567501-839522115-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-861567501-839522115-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-861567501-839522115-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-861567501-839522115-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - F:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - F:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab (CDownloadCtrl Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1261800721500 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\WINDOWS\System32\UmxWNP.dll (CA)
O20 - Winlogon\Notify\stp68_2007: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/02/10 14:28:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/07/15 15:40:07 | 000,000,045 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Amazon Unbox.lnk - E:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe - (Amazon.com)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^Rich Skibinsky^Start Menu^Programs^Startup^.protected - C:\Documents and Settings\Rich Skibinsky\Start Menu\Programs\Startup\.pro - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Rich Skibinsky^Start Menu^Programs^Startup^Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^Rich Skibinsky^Start Menu^Programs^Startup^AutoClick.lnk - C:\Program Files\AutoClick\AutoClick.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^Rich Skibinsky^Start Menu^Programs^Startup^Dropbox.lnk - C:\Documents and Settings\Rich Skibinsky\Application Data\Dropbox\bin\Dropbox.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^Rich Skibinsky^Start Menu^Programs^Startup^MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe - (MagicISO, Inc.)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeUpdater - hkey= - key= - C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeUpdater6 - hkey= - key= - C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AIM - hkey= - key= - C:\Program Files\AIM\aim.exe -cnetwait.odl File not found
MsConfig - StartUpReg: avgnt - hkey= - key= - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
MsConfig - StartUpReg: BitTorrent DNA - hkey= - key= - C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
MsConfig - StartUpReg: cafwc - hkey= - key= - C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe (CA, Inc.)
MsConfig - StartUpReg: capfasem - hkey= - key= - C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe (CA, Inc.)
MsConfig - StartUpReg: capfupgrade - hkey= - key= - C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe (CA, Inc.)
MsConfig - StartUpReg: cctray - hkey= - key= - C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe (CA, Inc.)
MsConfig - StartUpReg: DigidesignMMERefresh - hkey= - key= - E:\Program Files\Digidesign\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
MsConfig - StartUpReg: EzPrint - hkey= - key= - C:\Program Files\Lexmark 2300 Series\ezprint.exe (Lexmark International Inc.)
MsConfig - StartUpReg: FaxCenterServer - hkey= - key= - C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
MsConfig - StartUpReg: H2O - hkey= - key= - C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
MsConfig - StartUpReg: igndlm.exe - hkey= - key= - C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
MsConfig - StartUpReg: IntelAudioStudio - hkey= - key= - C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe (Intel Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: ivhtjjvj - hkey= - key= - C:\Documents and Settings\Rich Skibinsky\Local Settings\Application Data\tqiyxx\lrfasftav.exe File not found
MsConfig - StartUpReg: LogitechCommunicationsManager - hkey= - key= - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
MsConfig - StartUpReg: lxcgmon.exe - hkey= - key= - C:\Program Files\Lexmark 2300 Series\lxcgmon.exe (Lexmark International, Inc.)
MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe File not found
MsConfig - StartUpReg: RGSC - hkey= - key= - F:\steam\steamapps\common\grand theft auto iv\RGSC\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig - StartUpReg: Steam - hkey= - key= - E:\Program Files\Steam\Steam.exe (Valve Corporation)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe File not found
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Program Files\SUPERAntiSpyware\b89613c1-0306-4e06-bac5-adcf835864eb.com (SUPERAntiSpyware.com)
MsConfig - StartUpReg: UserFaultCheck - hkey= - key= - File not found
MsConfig - StartUpReg: vmware-tray - hkey= - key= - F:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
MsConfig - StartUpReg: Yahoo! Pager - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: Midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mp42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.VMnc - C:\WINDOWS\System32\vmnc.dll (VMware, Inc.)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (59123355860598784)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/22 18:47:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/07/19 00:38:02 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/07/19 00:38:00 | 000,385,880 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/07/19 00:38:00 | 000,312,616 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/07/19 00:38:00 | 000,152,320 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/07/19 00:38:00 | 000,095,568 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/07/19 00:38:00 | 000,088,480 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/07/19 00:38:00 | 000,083,496 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/07/19 00:38:00 | 000,082,952 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/07/19 00:38:00 | 000,055,456 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/07/19 00:38:00 | 000,051,688 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/07/19 00:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
[2010/07/19 00:37:57 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2010/07/19 00:37:49 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/07/19 00:34:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/07/15 13:25:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/07/15 13:25:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/07/15 02:08:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/12 00:58:33 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/12 00:58:33 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/12 00:58:33 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/07/12 00:58:33 | 000,073,728 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/12 00:58:22 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/07/10 15:02:28 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/07/10 15:02:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/07/10 14:31:02 | 000,000,000 | ---D | C] -- C:\Sun
[2010/07/10 14:26:39 | 000,000,000 | ---D | C] -- C:\Mozilla
[2010/07/10 14:26:03 | 000,000,000 | --SD | C] -- C:\WINDOWS\Temporary Internet Files
[2010/07/09 04:49:15 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/07/09 04:48:58 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/07/09 04:46:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rich Skibinsky\Local Settings\Application Data\Sunbelt Software
[2010/07/09 04:44:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}
[2010/07/09 04:44:12 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/07/09 04:44:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/07/09 04:38:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{624294E5-E0E5-4EFD-A333-C1D4E7225D06}
[2010/07/09 04:02:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/06 08:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rich Skibinsky\Application Data\SUPERAntiSpyware.com
[2010/07/06 08:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/06 08:14:24 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/06 07:33:31 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/06 07:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/06 07:25:33 | 000,423,656 | ---- | C] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/03 17:36:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/07/02 09:16:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple
[2010/06/30 16:42:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Real
[2010/06/30 13:35:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rich Skibinsky\Application Data\Avira
[2010/06/30 13:30:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/06/30 13:27:46 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/06/30 13:27:43 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/06/30 13:27:43 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/06/30 13:27:43 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/06/30 13:27:42 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/06/30 13:27:41 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/06/29 18:05:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\MySpace
[2010/06/27 01:07:02 | 000,070,858 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Rich Skibinsky\Desktop\GooredFix.exe
[2010/06/26 08:58:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/06/26 08:58:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/06/26 07:15:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/06/25 18:55:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/25 18:55:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/15 03:10:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{0431FA92-08E5-47E9-950C-61AAE87BAD26}
[2010/06/15 02:14:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{9B069D1C-ECB9-4D1B-A782-7D5DDA2045D6}
[2010/06/15 02:13:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{B5F0C192-874D-49A8-88D7-8431E3714756}
[2010/06/13 01:29:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rich Skibinsky\Desktop\New Folder (4)
[2010/06/03 01:38:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rich Skibinsky\Desktop\Desktop Photos and Audio
[2010/05/27 15:57:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rich Skibinsky\My Documents\My ooVoo
[2010/05/16 23:27:02 | 000,000,000 | ---D | C] -- C:\videodvdmaker
[2010/05/16 23:27:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rich Skibinsky\Application Data\Video DVD Maker FREE
[2010/05/16 23:26:19 | 000,000,000 | ---D | C] -- C:\Program Files\Video DVD Maker
[2010/05/16 23:03:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rich Skibinsky\Application Data\Nero
[2010/05/16 23:03:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rich Skibinsky\Local Settings\Application Data\Xenocode
[2010/05/04 22:18:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rich Skibinsky\Application Data\ooVoo Details
[2010/05/04 22:18:50 | 000,000,000 | ---D | C] -- C:\Program Files\ooVoo
[2010/05/01 07:27:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{C2686527-0D57-4F0B-ADAB-EE203CA30FC6}
[2010/05/01 07:23:26 | 001,870,336 | ---- | C] (Native Instruments Software Synthesis GmbH) -- C:\WINDOWS\System32\bconvert.dll
[2005/07/25 15:31:30 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgserv.dll
[2005/07/25 15:27:22 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcglmpm.dll
[2005/07/25 15:26:58 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgcomm.dll
[2005/07/25 15:25:26 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgpplc.dll
[2005/07/25 15:24:46 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgcomc.dll
[2005/07/25 15:24:14 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgprox.dll
[2005/07/25 15:19:36 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcgusb1.dll
[8 C:\Documents and Settings\Rich Skibinsky\My Documents\*.tmp files -> C:\Documents and Settings\Rich Skibinsky\My Documents\*.tmp -> ]
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/21 11:48:20 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\exhk.sys
[2010/07/20 01:37:53 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\Rich Skibinsky\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/19 08:15:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/19 08:00:21 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/19 08:00:20 | 000,000,752 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/19 08:00:20 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/19 07:58:58 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/19 07:58:40 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/19 07:58:20 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2010/07/19 07:57:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/19 07:57:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/07/19 07:56:28 | 021,909,504 | ---- | M] () -- C:\Documents and Settings\Rich Skibinsky\ntuser.dat
[2010/07/19 07:56:26 | 000,185,560 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2010/07/19 07:56:26 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2010/07/19 07:56:26 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2010/07/19 07:56:26 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2010/07/19 07:56:26 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2010/07/19 07:56:26 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2010/07/19 07:56:26 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2010/07/19 07:56:26 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2010/07/16 14:46:06 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Rich Skibinsky\ntuser.ini
[2010/07/16 14:38:13 | 000,044,288 | ---- | M] () -- C:\Documents and Settings\Rich Skibinsky\Desktop\SysProtDrv.sys
[2010/07/16 06:27:27 | 000,000,008 | ---- | M] () -- C:\WINDOWS\System32\mswin32.ocx
[2010/07/15 06:10:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/07/12 00:58:24 | 000,423,656 | ---- | M] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/12 00:58:24 | 000,153,376 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/12 00:58:24 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/12 00:58:24 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/07/12 00:58:24 | 000,073,728 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/10 14:51:38 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/10 14:25:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/09 11:03:33 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Rich Skibinsky\Desktop\rkill(2).com
[2010/07/09 04:48:58 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/07/09 04:44:51 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\Rich Skibinsky\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/07/09 04:44:51 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/07/09 03:25:00 | 000,205,449 | ---- | M] () -- C:\Documents and Settings\Rich Skibinsky\.recently-used.xbel
[2010/07/07 12:44:59 | 000,050,737 | ---- | M] () -- C:\Documents and Settings\Rich Skibinsky\Desktop\27188_105597049472285_100000659710972_107499_881683_n.jpg
[2010/07/06 13:28:45 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/07/06 13:28:44 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/07/06 08:14:26 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/06 07:33:31 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Rich Skibinsky\Desktop\HijackThis.lnk
[2010/07/03 17:32:28 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/02 09:16:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/02 02:32:25 | 000,000,091 | ---- | M] () -- C:\WINDOWS\BBW_INFO.INI
[2010/06/30 13:28:07 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/06/30 10:47:18 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\5I3Yf8.dat
[2010/06/28 18:12:12 | 002,812,460 | ---- | M] () -- C:\Documents and Settings\Rich Skibinsky\Desktop\Letting you Go-02.mp3
[2010/06/28 06:07:45 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/06/27 01:28:01 | 000,143,732 | ---- | M] () -- C:\Documents and Settings\Rich Skibinsky\Desktop\ent-zac-efron-600x400.jpg
[2010/06/27 01:07:02 | 000,070,858 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Rich Skibinsky\Desktop\GooredFix.exe
[2010/06/26 11:10:51 | 003,720,968 | R--- | M] () -- C:\Documents and Settings\Rich Skibinsky\Desktop\ComboFix.exe
[2010/06/24 04:07:49 | 000,054,901 | ---- | M] () -- C:\Documents and Settings\Rich Skibinsky\My Documents\resume as sounds.pdf
[2010/06/24 04:00:18 | 000,054,909 | ---- | M] () -- C:\Documents and Settings\Rich Skibinsky\Desktop\RichSkibinsky-Resume.pdf
[2010/06/24 03:59:32 | 000,034,331 | ---- | M] () -- C:\Documents and Settings\Rich Skibinsky\Desktop\RichSkibinsky-CoverLetter.pdf
[2010/06/24 03:58:49 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Rich Skibinsky\My Documents\~$cv.doc
[2010/06/24 03:58:20 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Rich Skibinsky\My Documents\resume as sounds.doc
[2010/06/24 02:54:54 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Rich Skibinsky\My Documents\cv.doc
[2010/06/22 01:05:23 | 000,000,096 | ---- | M] () -- C:\WINDOWS\System32\w3data.vss
[2010/06/22 01:05:23 | 000,000,096 | ---- | M] () -- C:\WINDOWS\msocreg32.dat
[2010/06/20 04:40:52 | 000,066,156 | ---- | M] () -- C:\Documents and Settings\Rich Skibinsky\Desktop\9297321.jpg
[2010/06/20 04:17:52 | 000,021,006 | ---- | M] () -- C:\Documents and Settings\Rich Skibinsky\Desktop\92973 edited.jpg
[2010/06/20 04:07:00 | 000,021,272 | ---- | M] () -- C:\Documents and Settings\Rich Skibinsky\Desktop\92973.jpg
[2010/06/19 23:53:09 | 000,157,579 | ---- | M] () -- C:\Documents and Settings\Rich Skibinsky\Desktop\3me_n.jpg
[2010/06/19 23:45:40 | 000,073,351 | ---- | M] () -- C:\Documents and Settings\Rich Skibinsky\Desktop\34018_405857573758_567098758_4483028_565023_n.jpg
[2010/06/19 23:44:55 | 000,058,645 | ---- | M] () -- C:\Documents and Settings\Rich Skibinsky\Desktop\34018_405857673758_567098758_4483038_45229_n.jpg
[2010/06/16 03:40:39 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/06/16 00:48:47 | 000,000,549 | ---- | M] () -- C:\Documents and Settings\Rich Skibinsky\Desktop\AAMS.lnk
[2010/06/15 02:14:55 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Kore Player.lnk
[2010/06/15 02:13:11 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Service Center.lnk
[2010/06/13 01:14:34 | 000,701,110 | ---- | M] () -- C:\Documents and Settings\Rich Skibinsky\Desktop\061300005400.jpg
[2010/06/11 03:49:31 | 000,518,746 | ---- | M] () -- C:\Documents and Settings\Rich Skibinsky\Desktop\Jennpark5 Edited.jpg
[2010/06/11 03:47:33 | 000,538,466 | ---- | M] () -- C:\Documents and Settings\Rich Skibinsky\Desktop\Jennpark5 ah.jpg
[2010/06/11 03:07:32 | 000,294,213 | ---- | M] () -- C:\Documents and Settings\Rich Skibinsky\Desktop\Jennpark5.jpg
[2010/05/31 20:32:58 | 000,385,880 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/05/31 20:32:58 | 000,312,616 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/05/31 20:32:58 | 000,152,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/05/31 20:32:58 | 000,095,568 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/05/31 20:32:58 | 000,088,480 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/05/31 20:32:58 | 000,083,496 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/05/31 20:32:58 | 000,082,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/05/31 20:32:58 | 000,055,456 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/05/31 20:32:58 | 000,051,688 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/05/31 20:32:58 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/05/23 00:23:43 | 000,250,606 | ---- | M] () -- C:\Documents and Settings\Rich Skibinsky\Desktop\picture344.xcf
[2010/05/17 00:21:06 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Rich Skibinsky\My Documents\Rich Skibins16.doc
[2010/05/16 23:26:24 | 000,000,652 | ---- | M] () -- C:\Documents and Settings\Rich Skibinsky\Application Data\Microsoft\Internet Explorer\Quick Launch\VideoDVDMaker FREE.lnk
[2010/05/16 23:06:22 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/16 20:21:01 | 000,000,578 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/05/04 22:18:50 | 000,000,467 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ooVoo.lnk
[2010/05/01 07:27:52 | 000,000,625 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Massive.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[8 C:\Documents and Settings\Rich Skibinsky\My Documents\*.tmp files -> C:\Documents and Settings\Rich Skibinsky\My Documents\*.tmp -> ]
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/21 11:48:20 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\exhk.sys
[2010/07/19 00:38:34 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2010/07/16 14:38:13 | 000,044,288 | ---- | C] () -- C:\Documents and Settings\Rich Skibinsky\Desktop\SysProtDrv.sys
[2010/07/16 14:38:00 | 000,145,408 | ---- | C] () -- C:\Documents and Settings\Rich Skibinsky\Desktop\SysProt.exe
[2010/07/15 01:43:45 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Rich Skibinsky\Desktop\gmer.exe
[2010/07/10 11:23:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/09 11:03:33 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Rich Skibinsky\Desktop\rkill(2).com
[2010/07/09 10:59:48 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/07/09 04:49:17 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/09 04:44:51 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\Rich Skibinsky\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/07/09 04:44:51 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/07/09 03:25:00 | 000,205,449 | ---- | C] () -- C:\Documents and Settings\Rich Skibinsky\.recently-used.xbel
[2010/07/07 12:44:59 | 000,050,737 | ---- | C] () -- C:\Documents and Settings\Rich Skibinsky\Desktop\27188_105597049472285_100000659710972_107499_881683_n.jpg
[2010/07/06 08:14:26 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/06 07:39:22 | 021,909,504 | ---- | C] () -- C:\Documents and Settings\Rich Skibinsky\ntuser.dat
[2010/07/06 07:33:31 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Rich Skibinsky\Desktop\HijackThis.lnk
[2010/06/30 13:28:07 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/06/29 18:07:29 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\5I3Yf8.dat
[2010/06/28 18:12:10 | 002,812,460 | ---- | C] () -- C:\Documents and Settings\Rich Skibinsky\Desktop\Letting you Go-02.mp3
[2010/06/27 01:28:01 | 000,143,732 | ---- | C] () -- C:\Documents and Settings\Rich Skibinsky\Desktop\ent-zac-efron-600x400.jpg
[2010/06/26 11:10:49 | 003,720,968 | R--- | C] () -- C:\Documents and Settings\Rich Skibinsky\Desktop\ComboFix.exe
[2010/06/24 04:06:08 | 000,054,901 | ---- | C] () -- C:\Documents and Settings\Rich Skibinsky\My Documents\resume as sounds.pdf
[2010/06/24 04:00:18 | 000,054,909 | ---- | C] () -- C:\Documents and Settings\Rich Skibinsky\Desktop\RichSkibinsky-Resume.pdf
[2010/06/24 03:59:31 | 000,034,331 | ---- | C] () -- C:\Documents and Settings\Rich Skibinsky\Desktop\RichSkibinsky-CoverLetter.pdf
[2010/06/24 03:58:49 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Rich Skibinsky\My Documents\~$cv.doc
[2010/06/24 02:58:29 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Rich Skibinsky\My Documents\resume as sounds.doc
[2010/06/24 01:58:53 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Rich Skibinsky\My Documents\cv.doc
[2010/06/20 04:40:52 | 000,066,156 | ---- | C] () -- C:\Documents and Settings\Rich Skibinsky\Desktop\9297321.jpg
[2010/06/20 04:17:52 | 000,021,006 | ---- | C] () -- C:\Documents and Settings\Rich Skibinsky\Desktop\92973 edited.jpg
[2010/06/20 04:07:00 | 000,021,272 | ---- | C] () -- C:\Documents and Settings\Rich Skibinsky\Desktop\92973.jpg
[2010/06/19 23:53:09 | 000,157,579 | ---- | C] () -- C:\Documents and Settings\Rich Skibinsky\Desktop\3me_n.jpg
[2010/06/19 23:45:40 | 000,073,351 | ---- | C] () -- C:\Documents and Settings\Rich Skibinsky\Desktop\34018_405857573758_567098758_4483028_565023_n.jpg
[2010/06/19 23:44:55 | 000,058,645 | ---- | C] () -- C:\Documents and Settings\Rich Skibinsky\Desktop\34018_405857673758_567098758_4483038_45229_n.jpg
[2010/06/16 03:40:39 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/06/16 03:40:39 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/06/15 02:14:55 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Kore Player.lnk
[2010/06/15 02:13:11 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Service Center.lnk
[2010/06/13 01:14:33 | 000,701,110 | ---- | C] () -- C:\Documents and Settings\Rich Skibinsky\Desktop\061300005400.jpg
[2010/06/11 03:47:32 | 000,538,466 | ---- | C] () -- C:\Documents and Settings\Rich Skibinsky\Desktop\Jennpark5 ah.jpg
[2010/06/11 03:32:46 | 000,518,746 | ---- | C] () -- C:\Documents and Settings\Rich Skibinsky\Desktop\Jennpark5 Edited.jpg
[2010/06/11 03:07:31 | 000,294,213 | ---- | C] () -- C:\Documents and Settings\Rich Skibinsky\Desktop\Jennpark5.jpg
[2010/05/23 00:23:43 | 000,250,606 | ---- | C] () -- C:\Documents and Settings\Rich Skibinsky\Desktop\picture344.xcf
[2010/05/17 00:21:06 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Rich Skibinsky\My Documents\Rich Skibins16.doc
[2010/05/16 23:26:24 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\Rich Skibinsky\Application Data\Microsoft\Internet Explorer\Quick Launch\VideoDVDMaker FREE.lnk
[2010/05/04 22:18:50 | 000,000,467 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ooVoo.lnk
[2010/05/01 07:27:52 | 000,000,625 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Massive.lnk
[2010/05/01 00:45:51 | 011,512,832 | ---- | C] () -- C:\Documents and Settings\Rich Skibinsky\Desktop\Superior Drummer.dll
[2010/03/01 02:30:55 | 000,002,240 | ---- | C] () -- C:\WINDOWS\LENDIG.sys
[2009/10/19 15:11:14 | 000,000,101 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/10/06 20:56:20 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2009/10/06 20:55:29 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2009/10/06 20:55:28 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2009/10/06 20:49:35 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\virport.dll
[2009/07/21 23:00:58 | 000,055,856 | R--- | C] () -- C:\WINDOWS\System32\vnetinst.dll
[2009/06/19 20:06:22 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009/04/19 01:12:08 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2009/03/30 22:54:49 | 000,000,124 | ---- | C] () -- C:\WINDOWS\VocALign.INI
[2009/03/09 16:13:43 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2008/12/03 00:11:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/12/03 00:11:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/12/03 00:11:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/12/03 00:11:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/11/29 11:13:12 | 000,015,040 | ---- | C] () -- C:\WINDOWS\System32\uddriver.sys
[2008/10/28 18:40:48 | 000,173,552 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008/08/08 00:38:08 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2007/12/26 01:39:50 | 000,000,324 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/12/18 00:46:05 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2007/12/18 00:45:56 | 000,000,511 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/10/20 00:30:18 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2007/10/20 00:07:21 | 000,000,491 | ---- | C] () -- C:\WINDOWS\3DHOME.INI
[2007/10/10 17:37:09 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/10/10 17:37:09 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/09/25 15:11:30 | 000,000,122 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/09/23 13:24:57 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/09/10 14:04:11 | 000,000,005 | ---- | C] () -- C:\WINDOWS\dkopikhk.ini
[2007/08/28 14:30:27 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\libssl32.dll
[2007/08/10 06:33:55 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/07/18 18:42:42 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/07/05 06:35:33 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\KERNELO2.DLL
[2007/06/14 18:15:42 | 001,581,056 | ---- | C] () -- C:\WINDOWS\System32\QtCore4.dll
[2007/05/25 09:05:18 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\QtNetwork4.dll
[2007/05/25 09:04:00 | 006,365,184 | ---- | C] () -- C:\WINDOWS\System32\QtGui4.dll
[2007/05/16 01:12:06 | 000,000,091 | ---- | C] () -- C:\WINDOWS\BBW_INFO.INI
[2007/05/11 17:12:54 | 000,058,163 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/04/22 20:15:29 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/04/22 20:01:47 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/03/18 12:33:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/28 20:26:50 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\mswin32.drv
[2007/02/28 20:26:09 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\Hyperman.dll
[2007/02/23 22:41:34 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2007/02/23 22:41:34 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2007/02/13 21:51:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2006/10/21 13:59:59 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll
[2006/10/03 11:53:03 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\com.fxpansion.fxshared.dll
[2006/09/24 14:53:54 | 000,268,242 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-parse.dll
[2006/09/24 14:53:42 | 002,518,779 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-enc.dll
[2006/09/24 14:52:04 | 000,030,693 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-int.dll
[2005/11/17 13:57:30 | 000,258,560 | ---- | C] () -- C:\WINDOWS\System32\MusicTagsAX.dll
[2005/10/14 23:10:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\comLyricGetter.dll
[2005/07/07 05:12:28 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcgvs.dll
[2004/03/18 18:40:32 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/03/18 18:40:24 | 000,667,648 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2004/02/01 15:21:56 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\Uncommon.dll
[2003/08/07 16:01:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2002/05/28 02:33:57 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll
[2002/04/22 20:33:14 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2008/03/17 19:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2009/12/26 01:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2010/01/07 00:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2009/05/03 00:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2009/06/06 21:48:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Games
[2009/12/24 23:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\East West
[2008/11/07 17:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fallout3
[2007/08/28 14:22:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
[2008/03/10 20:11:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2009/03/29 01:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Overloud
[2009/12/24 23:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2009/10/06 20:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2009/05/13 01:17:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2009/07/06 03:40:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2007/10/10 17:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/08/27 20:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temporary
[2010/05/13 16:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Toontrack
[2008/02/24 03:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2007/02/17 00:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/04/13 14:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YoGen
[2010/06/15 03:10:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0431FA92-08E5-47E9-950C-61AAE87BAD26}
[2010/03/04 23:42:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{235C56CA-353F-4166-9F03-DC83C5C57131}
[2010/07/09 04:38:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{624294E5-E0E5-4EFD-A333-C1D4E7225D06}
[2010/07/09 04:44:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}
[2007/05/17 15:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{75EE35BC-E993-41FD-9DBA-9AD37F50E521}
[2010/06/15 02:14:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{9B069D1C-ECB9-4D1B-A782-7D5DDA2045D6}
[2009/12/13 04:22:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{9D92E4DF-0CEE-44D4-A4FE-2B4A438E1607}
[2010/06/15 02:13:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{B5F0C192-874D-49A8-88D7-8431E3714756}
[2010/05/01 07:27:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{C2686527-0D57-4F0B-ADAB-EE203CA30FC6}
[2007/06/28 16:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}
[2007/02/12 19:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\Aim
[2007/08/29 22:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\Applied Acoustics Systems
[2008/04/30 14:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\Bioshock
[2009/01/20 18:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\BitTorrent
[2008/03/12 16:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\BitTorrent DNA
[2009/05/03 01:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\Cakewalk
[2008/07/07 15:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\Command & Conquer 3 Tiberium Wars Demo
[2010/01/24 23:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\Digidesign
[2009/08/28 18:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\DNA
[2010/06/02 16:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\Dropbox
[2008/01/01 18:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\Electronic Arts
[2010/03/02 15:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\FileZilla
[2008/05/25 21:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\Free Download Manager
[2010/07/09 04:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\FrostWire
[2009/09/08 20:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\GetRightToGo
[2007/04/30 17:02:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\GlobalSCAPE
[2010/07/09 04:38:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\gtk-2.0
[2007/02/10 15:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\InterTrust
[2009/09/05 17:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\NationRed
[2007/08/31 12:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\NetMedia Providers
[2010/05/04 22:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\ooVoo Details
[2009/08/03 16:49:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\Opera
[2010/03/19 20:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\Orbit
[2009/12/24 23:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\PACE Anti-Piracy
[2009/10/06 20:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\pdf995
[2009/05/13 01:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\Propellerhead Software
[2007/08/31 12:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\Publish Providers
[2009/10/06 19:27:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\Sony
[2007/05/17 15:45:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\Stamps.com Internet Postage
[2007/09/02 23:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\Steinberg
[2009/05/23 11:04:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\Synful
[2008/12/21 02:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\SystemRequirementsLab
[2010/05/13 16:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\Toontrack
[2007/12/28 05:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\Turbine
[2008/05/08 19:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\Ubisoft
[2010/05/16 23:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\Video DVD Maker FREE
[2007/02/13 00:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\Viewpoint
[2009/12/15 04:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\Waves
[2007/02/28 20:20:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\Waves Audio
[2010/01/02 20:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rich Skibinsky\Application Data\Waves Preferences
[2010/07/10 14:51:38 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 20:11:52 | 000,357,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2008/04/13 20:11:52 | 000,205,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2008/04/13 20:11:54 | 000,251,904 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.sys /90 >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/02/10 10:04:33 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/02/10 10:04:33 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/02/10 10:04:33 | 000,901,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2009/07/21 23:00:14 | 000,001,024 | ---- | M] () -- C:\.rnd
[2007/09/04 09:24:53 | 000,050,493 | ---- | M] () -- C:\02 The Baying of the Hounds.aam
[2007/09/04 09:20:59 | 000,039,657 | ---- | M] () -- C:\03 Pull Harder on the Strings of Your Martyr.aam
[2010/07/10 14:50:08 | 000,001,848 | ---- | M] () -- C:\aaw7boot.log
[2009/03/11 16:20:04 | 000,000,050 | ---- | M] () -- C:\AlchemyConfig1.txt
[2008/11/21 16:04:04 | 002,983,695 | ---- | M] () -- C:\aurmp3.mp3
[2007/02/10 14:28:33 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/03/23 01:10:42 | 004,059,648 | ---- | M] () -- C:\BibleCodeOracleInstall.msi
[2010/01/06 13:31:34 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/07/19 08:00:21 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2007/02/28 19:58:29 | 000,035,876 | ---- | M] () -- C:\caavsetupLog.txt
[2010/01/07 00:19:13 | 000,065,501 | ---- | M] () -- C:\caisslog.txt
[2004/08/04 00:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/07/06 07:52:53 | 000,032,724 | ---- | M] () -- C:\ComboFix.txt
[2007/02/10 14:28:33 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/02/10 14:28:33 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/12 00:52:42 | 000,010,104 | ---- | M] () -- C:\JavaRa.log
[2008/04/13 20:11:56 | 000,051,051 | -HS- | M] () -- C:\log1.txt
[2008/04/13 20:11:56 | 000,000,031 | -HS- | M] () -- C:\log2.txt
[2008/04/13 20:11:56 | 000,142,196 | -HS- | M] () -- C:\log3.txt
[2008/04/13 20:11:56 | 000,000,205 | -HS- | M] () -- C:\log5.txt
[2009/12/30 03:36:45 | 000,001,447 | ---- | M] () -- C:\lxcg.log
[2010/06/02 16:48:17 | 000,025,152 | ---- | M] () -- C:\lxcgscan.log
[2010/06/26 09:04:39 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2008/03/11 21:09:13 | 001,407,113 | ---- | M] () -- C:\MixDemo.mp3
[2007/02/10 14:28:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/11/28 13:10:49 | 003,691,300 | ---- | M] () -- C:\NewKelseySong.mp3
[2006/02/28 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/12/26 00:46:01 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/19 07:57:44 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009/07/16 01:39:16 | 000,001,087 | ---- | M] () -- C:\ppc.cfg
[2007/11/27 00:03:55 | 000,002,016 | ---- | M] () -- C:\rapport.txt
[2010/07/06 07:27:10 | 000,000,457 | ---- | M] () -- C:\rkill.log
[2008/03/11 20:38:58 | 002,650,654 | ---- | M] () -- C:\RockDemo-Master.mp3
[2007/02/16 02:35:34 | 000,000,172 | ---- | M] () -- C:\sigmatel.log
[2008/11/21 00:07:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/11/27 22:14:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/12/07 16:01:47 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2008/12/10 14:30:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2008/12/11 13:07:14 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2008/12/21 02:54:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2008/12/21 03:15:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2008/12/21 03:26:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2008/12/22 15:03:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2008/12/23 00:27:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2008/12/23 01:42:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2008/12/23 04:29:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2008/10/29 14:00:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2008/10/29 14:13:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2008/10/30 19:22:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2008/11/05 20:42:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2008/11/05 20:46:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2008/11/10 21:22:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2008/11/10 21:27:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2008/11/20 13:16:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2008/11/21 00:07:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/11/27 22:14:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/12/07 16:01:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2008/12/10 14:30:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2008/12/11 13:07:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2008/12/21 02:54:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2008/12/21 03:15:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2008/12/21 03:26:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2008/12/22 15:03:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2008/12/23 00:27:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2008/12/23 01:42:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2008/12/23 04:29:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2008/10/29 14:00:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2008/10/29 14:13:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2008/10/30 19:22:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2008/11/05 20:42:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2008/11/05 20:46:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2008/11/10 21:22:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2008/11/10 21:27:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2008/11/20 13:16:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2007/02/10 15:08:45 | 000,000,090 | ---- | M] () -- C:\storage.log
[2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2010/07/03 16:39:59 | 000,002,656 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_03.07.2010_16.39.59_log.txt
[2010/07/06 06:59:58 | 000,002,656 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_06.07.2010_06.59.57_log.txt
[2010/07/16 05:40:44 | 000,002,712 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_16.07.2010_05.40.43_log.txt
[2009/07/05 05:19:42 | 000,131,205 | ---- | M] () -- C:\VETlog.dmp
[2009/07/05 05:19:42 | 000,005,730 | ---- | M] () -- C:\VETlog.txt
[2007/11/27 13:15:13 | 000,000,254 | ---- | M] () -- C:\VundoFix.txt
[2007/03/26 18:12:41 | 000,000,140 | ---- | M] () -- C:\YServer.txt
[2008/03/15 00:23:05 | 039,592,098 | ---- | M] () -- C:\[Book] Aebersold - 50 - 11 - So What - Fast Version.wav

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/10/14 17:43:18 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2005/08/17 00:53:52 | 000,073,728 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxcgpp5c.dll

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2006/02/28 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/12/26 00:44:36 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/12/26 00:44:36 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2006/02/28 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/12/26 00:44:36 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/12/26 00:44:36 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006/02/28 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2006/02/28 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2006/05/11 12:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iaStor.sys
[2006/05/11 07:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\OemDir\iaStor.sys
[2006/05/11 12:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\system32\drivers\iaStor.sys
[2006/05/11 07:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\iaStor.sys
[2006/05/11 12:32:48 | 000,486,400 | ---- | M] (Intel Corporation) MD5=F20A3B8E3E72877088DD97566FFED546 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2006/02/28 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2006/02/28 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USER32.DLL >
[2005/03/02 14:19:56 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=1800F293BCCC8EDE8A70E12B88D80036 -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ERDNT\cache\user32.dll
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[2006/02/28 08:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2005/03/02 14:09:30 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=DE2DB164BBB35DB061AF0997E4499054 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll

< MD5 for: WS2_32.DLL >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2006/02/28 08:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 1410 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:ORHzjClZ2HJD8SMfeoqDEV
@Alternate Data Stream - 1408 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:yYkb8XkIOKxFQCGcgZ18xE2SPX
@Alternate Data Stream - 1406 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:yXLR70uwpfqgp4FVvOdYEtHYMU7kM
@Alternate Data Stream - 1398 bytes -> C:\Program Files\Outlook Express:SctfQtkXkn9vNF2gpx8L
@Alternate Data Stream - 1387 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:koDxJ0jEfqMmiBqOnLnTcx
@Alternate Data Stream - 1319 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:NKbjRp2un75YfSPCOfAtXxJ8t5wyTk
@Alternate Data Stream - 1309 bytes -> C:\Program Files\Common Files\System:kOSJ02PFHiGSODqMESY6LiyRUh
@Alternate Data Stream - 1293 bytes -> C:\Program Files\Common Files\Microsoft Shared:y25tnIfFlRhgfuVtiqra2VE6
@Alternate Data Stream - 1260 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:8SupqNVFE1xFBeDQvfzvoARIRjHZ
@Alternate Data Stream - 1252 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:JqaQI1Qk9bWDJFSjMfUt
@Alternate Data Stream - 1243 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:pSOWVkA12j3HpIbXZ3D1rEL
@Alternate Data Stream - 1227 bytes -> C:\Program Files\WindowsUpdate:CpNz6cAt0eVSisG5Au8hLn
@Alternate Data Stream - 1199 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:oMNC0LMnA9zaiEVJvQm19hFL3h
@Alternate Data Stream - 1183 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:fzN4fHSE3YPKa4khLPoiygKxNVAt
@Alternate Data Stream - 1168 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:KwEmgSIjqccqNziEy3Qfze
@Alternate Data Stream - 1137 bytes -> C:\Program Files\Common Files\Microsoft Shared:JVH2Y6Jf3CnMNMnCYWD
@Alternate Data Stream - 1099 bytes -> C:\Documents and Settings\Rich Skibinsky\Local Settings\Application Data\8WSfkiVoX:rujNGOTkgH62PkNC28jLw7DKao
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B7BEAFF
@Alternate Data Stream - 1081 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:InIfnPwsdtq5gTu34qQ9T
< End of report >


#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:07 PM

Posted 05 August 2010 - 06:31 PM

Hello, Pagan1n1.

Are you running both McAfee and Avira AntiVir?






Ask Toolbar Warning"

I see you have the Ask.Com toolbar installed. This often comes bundled with spyware and is recommended you remove.

Please see here for more information:
http://www.bleepingcomputer.com/uninstall/...sk-Toolbar.html

If you would like to remove it, please go to add/Remove Programs and uninstall it.

I also suggest you uninstall ooVoo toolbar as well; which has trackware functionality.






Step 1

Next, please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.



Step 2

Please download MBRCheck by ad_13 and save it to your desktop.

Double-click to run. A window will pop up. If it says 'non-standard' or 'infected' MBR code detected, please type 3 for Exit for now and press Enter.

It will save a logfile on your desktop that starts with MBR, then has the date, etc. Please copy and paste the contents of that log in your reply.



Step 3

Download and run HAMeb_check.exe
Post the contents of the resulting log.

etavares

Edited by etavares, 05 August 2010 - 06:31 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users