Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Freezes - svchost.exe uses 100% cpu


  • This topic is locked This topic is locked
14 replies to this topic

#1 Underattacked09

Underattacked09

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 22 November 2010 - 11:40 AM

I believe my computer got infected with an virus afte my son was playing some games at a game site. The problem is that my computer will boot and 5 to 6 mins later it will freeze up and everything will get lock up. I am also getting a "Generic Host Process for Win32 Services" warning pop up on the screen. I also see that one of the svchost.exe is consuming a huge amount of cpu usage before the computer locks up. I am not successful in suspending the process because it will only delay the computer locks up.

I have AVG as my AV program and I also use Malwarebtyes to try to locate this virus. Both programs said that my computer clean after the scan. I have also tried a system recovery point but to no success in getting rid of this virus.

I have search thru this forum and others on the internet, but non has a definitive solution. Some has point to other software to search out the virus in the registry but in the end it was not for free.

If I have missed some other posts desribing a similar situation as mine and there is a resolution to the problem then please direct it to me, otherwise I really appreciate your help.

Please find the attached DDS result.

Thanks in advance.

DDS (Ver_10-11-10.01) - NTFSx86
Run by TL at 21:43:00.00 on Sun 11/21/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2438 [GMT -8:00]

AV: AVG Anti-Virus Free Edition 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IPSecMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\dcmsvc\dcmsvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\SafeCfg.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\TL\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://finance.yahoo.com/
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/mywaybiz
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
EB: {FE54FA40-D68C-11D2-98FA-00C0F0318AFE} - No File
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\nero\data\xtras\mssysmgr.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [GameShadow] c:\program files\gameshadow\GameShadow.exe /q
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [hplampc] c:\windows\system32\hplampc.exe
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [NPSStartup]
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [msci] c:\docume~1\tl\locals~1\temp\2009919144339_mcinfo.exe /insfin
mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe
mRun: [dcmsvc] c:\program files\dcmsvc\dcmsvc.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\tl\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\tl\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe
StartupFolder: c:\docume~1\tl\startm~1\programs\startup\warner~1.lnk - c:\program files\warner bros. digital copy manager\Warner Bros. Digital Copy Manager.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\netgear prosafe vpn client\SafeCfg.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264404150781
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264404043796
DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli gavuzeyi.dll
Hosts: 91.212.127.226 winguard2009.microsoft.com
Hosts: 91.212.127.226 winguard-2009.com
Hosts: 91.212.127.226 www.winguard-2009.com

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 298448]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-8-5 12872]
R1 saskutil;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 67656]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-10-11 6104656]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-9-10 265400]
R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [2010-2-1 521786]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-5-1 181544]
R2 fsusbexservice;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-7-5 233472]
R2 IPSECDRV;SafeNet IPSec Plugin;c:\windows\system32\drivers\IpSecDrv.sys [2010-2-1 119864]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\drivers\vap.sys [2008-9-11 36188]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-7-5 36608]
S3 hp4200c;%usbscan.SvcDesc%;c:\windows\system32\drivers\hp4200c.sys [2006-11-27 9312]
S3 sasenum;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 12872]

=============== Created Last 30 ================

2010-11-22 00:07:42 -------- d-----w- C:\ProcessExplorer
2010-11-21 22:26:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\RegCure
2010-11-21 04:36:56 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-11-21 04:36:56 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-19 02:11:44 5582383 ----a-w- C:\UVRT-v1.6.0.0-Installer.exe
2010-11-19 00:17:34 15459304 ----a-w- C:\DVDFab8050.exe
2010-11-11 06:03:53 -------- d-----w- C:\ATT U-VERSE
2010-11-08 16:14:02 -------- d-----w- C:\FLV
2010-11-08 16:10:10 -------- d-----w- c:\docume~1\tl\applic~1\AnvSoft
2010-11-03 15:14:18 -------- d-----w- c:\docume~1\tl\applic~1\Southwest Airlines
2010-11-03 15:14:12 8192 ----a-r- c:\docume~1\tl\applic~1\microsoft\installer\{84031a18-ba9a-4156-a74f-e05b52ddfce2}\Icon84031A18.exe
2010-11-03 15:14:09 -------- d-----w- c:\program files\Southwest Airlines
2010-11-03 15:12:00 6599680 ----a-w- C:\DingInstall-1.05.exe
2010-10-30 22:13:58 -------- d-----w- C:\Canon
2010-10-23 21:52:55 -------- d-----w- c:\docume~1\tl\applic~1\Unity
2010-10-23 21:51:56 -------- d-----w- c:\docume~1\tl\locals~1\applic~1\Unity
2010-10-23 21:51:52 -------- d-----w- c:\program files\Unity

==================== Find3M ====================

2010-11-07 16:51:59 87608 ----a-w- c:\docume~1\tl\applic~1\inst.exe
2010-11-07 16:51:59 47360 ----a-w- c:\docume~1\tl\applic~1\pcouffin.sys
2010-09-18 19:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-09 13:38:01 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38:01 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 15:57:57 389120 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST380013 rev.8.12 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A98E446]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a994504]; MOV EAX, [0x8a994580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8AC88AB8]
3 CLASSPNP[0xBA168FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A7E1C80]
\Driver\iaStor[0x8ACA7680] -> IRP_MJ_CREATE -> 0x8A98E446
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskST380013AS______________________________8.12____#4&244ba08&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\iaStor DriverStartIo -> 0x8A98E292
user != kernel MBR !!!
sectors 156249998 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 21:45:01.84 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:11 AM

Posted 01 December 2010 - 02:24 AM

Hello and welcome to Bleeping Computer :welcome:

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log



Regards,
Georgi :hello:

cXfZ4wS.png


#3 Underattacked09

Underattacked09
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 02 December 2010 - 08:24 PM

Hi,

The infection has not been resolved and I will run the log for you tonight.

Thanks,

#4 Underattacked09

Underattacked09
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 03 December 2010 - 12:15 AM

Hi,

I have followed your instruction and re-ran the DDS scan and here are their results. However, when I tried running the GMER program I got the blue screen of death.

'A problem has been detected and windows has been shut down to prevent damage ot your computer.
BAD_POOL_HEADER.............'

I have disabled the AVG 2011 as instructed and I ran the DeFogger program before trying to run the GMER program. I tried several times and every time the program caused the computer to crash.

DDS (Ver_10-11-10.01) - NTFSx86
Run by TL at 20:45:55.17 on Thu 12/02/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2463 [GMT -8:00]

AV: AVG Anti-Virus Free Edition 2011 *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\dcmsvc\dcmsvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IPSecMon.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\SafeCfg.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\TL\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://finance.yahoo.com/
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/mywaybiz
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
EB: {FE54FA40-D68C-11D2-98FA-00C0F0318AFE} - No File
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\nero\data\xtras\mssysmgr.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [GameShadow] c:\program files\gameshadow\GameShadow.exe /q
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [hplampc] c:\windows\system32\hplampc.exe
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [NPSStartup]
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [msci] c:\docume~1\tl\locals~1\temp\2009919144339_mcinfo.exe /insfin
mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe
mRun: [dcmsvc] c:\program files\dcmsvc\dcmsvc.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\tl\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\tl\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe
StartupFolder: c:\docume~1\tl\startm~1\programs\startup\warner~1.lnk - c:\program files\warner bros. digital copy manager\Warner Bros. Digital Copy Manager.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\netgear prosafe vpn client\SafeCfg.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264404150781
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264404043796
DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli gavuzeyi.dll
Hosts: 91.212.127.226 winguard2009.microsoft.com
Hosts: 91.212.127.226 winguard-2009.com
Hosts: 91.212.127.226 www.winguard-2009.com

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 298448]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-8-5 12872]
R1 saskutil;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 67656]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-10-11 6104656]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-9-10 265400]
R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [2010-2-1 521786]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-5-1 181544]
R2 fsusbexservice;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-7-5 233472]
R2 IPSECDRV;SafeNet IPSec Plugin;c:\windows\system32\drivers\IpSecDrv.sys [2010-2-1 119864]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\drivers\vap.sys [2008-9-11 36188]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-7-5 36608]
S3 hp4200c;%usbscan.SvcDesc%;c:\windows\system32\drivers\hp4200c.sys [2006-11-27 9312]
S3 sasenum;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 12872]

=============== Created Last 30 ================

2010-11-22 00:07:42 -------- d-----w- C:\ProcessExplorer
2010-11-21 22:26:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\RegCure
2010-11-21 04:36:56 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-11-21 04:36:56 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-19 02:11:44 5582383 ----a-w- C:\UVRT-v1.6.0.0-Installer.exe
2010-11-19 00:17:34 15459304 ----a-w- C:\DVDFab8050.exe
2010-11-11 06:03:53 -------- d-----w- C:\ATT U-VERSE
2010-11-08 16:14:02 -------- d-----w- C:\FLV
2010-11-08 16:10:10 -------- d-----w- c:\docume~1\tl\applic~1\AnvSoft
2010-11-03 15:14:18 -------- d-----w- c:\docume~1\tl\applic~1\Southwest Airlines
2010-11-03 15:14:12 8192 ----a-r- c:\docume~1\tl\applic~1\microsoft\installer\{84031a18-ba9a-4156-a74f-e05b52ddfce2}\Icon84031A18.exe
2010-11-03 15:14:09 -------- d-----w- c:\program files\Southwest Airlines
2010-11-03 15:12:00 6599680 ----a-w- C:\DingInstall-1.05.exe

==================== Find3M ====================

#5 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:11 AM

Posted 03 December 2010 - 10:52 AM

Hello Underattacked09, My names Syler and I will be helping you to solve your malware issues.


Download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If any suspicious items are found, let it skip them for now
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)



We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\*. /mp /s
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    drivers32
    CREATERESTOREPOINT

  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


Then please post back here with the following logs:

  • TDSSKiller log
  • OTL.txt
  • Extra.txt

Thanks

unite.jpg


#6 Underattacked09

Underattacked09
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 03 December 2010 - 11:54 PM

Hi Syler,

Thanks for your help in advance.

I ran the programs as you have instructed and it looked like it had found the malware and cured it, but I need you to confirm it for me.

Here are the logs from the TDSSKiller and OTL.

2010/12/03 20:27:58.0015 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01
2010/12/03 20:27:58.0015 ================================================================================
2010/12/03 20:27:58.0015 SystemInfo:
2010/12/03 20:27:58.0015
2010/12/03 20:27:58.0015 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/03 20:27:58.0015 Product type: Workstation
2010/12/03 20:27:58.0015 ComputerName: LOFAMILY
2010/12/03 20:27:58.0015 UserName: TL
2010/12/03 20:27:58.0015 Windows directory: C:\WINDOWS
2010/12/03 20:27:58.0015 System windows directory: C:\WINDOWS
2010/12/03 20:27:58.0015 Processor architecture: Intel x86
2010/12/03 20:27:58.0015 Number of processors: 1
2010/12/03 20:27:58.0015 Page size: 0x1000
2010/12/03 20:27:58.0015 Boot type: Normal boot
2010/12/03 20:27:58.0015 ================================================================================
2010/12/03 20:27:58.0218 Initialize success
2010/12/03 20:28:12.0546 ================================================================================
2010/12/03 20:28:12.0546 Scan started
2010/12/03 20:28:12.0546 Mode: Manual;
2010/12/03 20:28:12.0546 ================================================================================
2010/12/03 20:28:12.0781 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
2010/12/03 20:28:12.0859 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/12/03 20:28:12.0875 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/03 20:28:12.0921 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/03 20:28:12.0953 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/12/03 20:28:13.0000 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/03 20:28:13.0046 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/03 20:28:13.0062 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/12/03 20:28:13.0093 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/12/03 20:28:13.0109 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/12/03 20:28:13.0140 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/12/03 20:28:13.0156 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/12/03 20:28:13.0187 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/12/03 20:28:13.0218 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/12/03 20:28:13.0265 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/12/03 20:28:13.0281 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/12/03 20:28:13.0343 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/12/03 20:28:13.0375 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/12/03 20:28:13.0390 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/12/03 20:28:13.0421 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/12/03 20:28:13.0468 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/03 20:28:13.0500 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/03 20:28:13.0562 ati2mtag (f0d0b0cdec0be32d775f404cac2604bf) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/12/03 20:28:13.0609 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/03 20:28:13.0640 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/03 20:28:13.0687 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
2010/12/03 20:28:13.0734 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2010/12/03 20:28:13.0765 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2010/12/03 20:28:13.0796 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2010/12/03 20:28:13.0828 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2010/12/03 20:28:13.0875 Avgldx86 (1119e5bec6e749e0d292f0f84d48edba) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2010/12/03 20:28:13.0906 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2010/12/03 20:28:13.0937 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2010/12/03 20:28:13.0968 Avgtdix (2fd3e3a57fb90679a3a83eeed0360cfd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2010/12/03 20:28:14.0000 b57w2k (4826fcf97c47b361a2e2f68cd487a19e) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/12/03 20:28:14.0093 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/12/03 20:28:14.0125 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/03 20:28:14.0187 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/12/03 20:28:14.0218 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/12/03 20:28:14.0250 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/03 20:28:14.0265 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/03 20:28:14.0312 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/03 20:28:14.0375 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/12/03 20:28:14.0406 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/12/03 20:28:14.0468 Crypto (c56a413535292d9e43c563bbf946cbc1) C:\WINDOWS\system32\drivers\Crypto.sys
2010/12/03 20:28:14.0515 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/12/03 20:28:14.0546 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/12/03 20:28:14.0578 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/03 20:28:14.0640 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/03 20:28:14.0718 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/03 20:28:14.0750 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/03 20:28:14.0796 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/03 20:28:14.0859 DNE (c86fbf607445bf693450d84b775f168c) C:\WINDOWS\system32\DRIVERS\dne2000.sys
2010/12/03 20:28:14.0906 DniVap (88ea1b2acdd0536661d67fdd2f030dd2) C:\WINDOWS\system32\DRIVERS\vap.sys
2010/12/03 20:28:14.0937 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/12/03 20:28:15.0000 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/03 20:28:15.0031 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
2010/12/03 20:28:15.0062 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
2010/12/03 20:28:15.0171 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2010/12/03 20:28:15.0312 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2010/12/03 20:28:15.0421 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
2010/12/03 20:28:15.0531 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/12/03 20:28:15.0625 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/03 20:28:15.0703 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/03 20:28:15.0734 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/03 20:28:15.0796 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/03 20:28:15.0843 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/03 20:28:15.0890 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
2010/12/03 20:28:15.0984 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/03 20:28:16.0046 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/03 20:28:16.0109 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/12/03 20:28:16.0156 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/03 20:28:16.0218 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/03 20:28:16.0265 hp4200c (9add235b564d7b3d27d97cb13ede8c0a) C:\WINDOWS\system32\DRIVERS\hp4200c.sys
2010/12/03 20:28:16.0312 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/12/03 20:28:16.0375 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/03 20:28:16.0437 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/12/03 20:28:16.0468 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/12/03 20:28:16.0484 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/03 20:28:16.0531 iaStor (d7731536e183b4397402ca6f9e1d52f7) C:\WINDOWS\system32\drivers\iaStor.sys
2010/12/03 20:28:16.0578 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/03 20:28:16.0640 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/12/03 20:28:16.0687 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/03 20:28:16.0718 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/03 20:28:16.0765 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/03 20:28:16.0796 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/03 20:28:16.0828 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/03 20:28:16.0859 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/03 20:28:16.0906 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/03 20:28:16.0953 IPSECDRV (e101e53684f0f3da7558e0c2dbee2a6f) C:\WINDOWS\system32\Drivers\IPSECDRV.sys
2010/12/03 20:28:17.0000 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/03 20:28:17.0046 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/03 20:28:17.0093 itchfltr (8f1ba487b35f0c8f637e05113aa815f8) C:\WINDOWS\system32\DRIVERS\itchfltr.sys
2010/12/03 20:28:17.0140 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/03 20:28:17.0171 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/03 20:28:17.0203 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/03 20:28:17.0265 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/03 20:28:17.0343 LCcfltr (fb5e7a5c86c0b58aa155487b141b8457) C:\WINDOWS\system32\Drivers\LCcFltr.Sys
2010/12/03 20:28:17.0375 LHidUsb (a8742865e15a57b426efcc5ff744d6d3) C:\WINDOWS\system32\Drivers\LHidUsb.Sys
2010/12/03 20:28:17.0468 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/03 20:28:17.0515 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/03 20:28:17.0578 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/03 20:28:17.0640 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/03 20:28:17.0671 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/03 20:28:17.0703 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/12/03 20:28:17.0734 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/03 20:28:17.0812 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/03 20:28:17.0875 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
2010/12/03 20:28:17.0906 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/03 20:28:17.0984 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/03 20:28:18.0015 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/03 20:28:18.0046 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/03 20:28:18.0078 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/03 20:28:18.0109 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/12/03 20:28:18.0171 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/03 20:28:18.0218 MXOPSWD (216ac775320f64de28cfeb7c179c4ff9) C:\WINDOWS\system32\DRIVERS\mxopswd.sys
2010/12/03 20:28:18.0250 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/12/03 20:28:18.0296 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/03 20:28:18.0328 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/12/03 20:28:18.0375 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/03 20:28:18.0406 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/03 20:28:18.0437 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/03 20:28:18.0468 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/03 20:28:18.0531 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/03 20:28:18.0562 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/03 20:28:18.0609 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/12/03 20:28:18.0671 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/03 20:28:18.0718 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/03 20:28:18.0781 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/03 20:28:18.0984 nv (ce34061a298bfb4ebd1a0bb8592dc977) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/12/03 20:28:19.0171 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/03 20:28:19.0203 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/03 20:28:19.0265 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/12/03 20:28:19.0296 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2010/12/03 20:28:19.0343 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/03 20:28:19.0375 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/03 20:28:19.0406 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/03 20:28:19.0453 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2010/12/03 20:28:19.0500 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/03 20:28:19.0578 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/03 20:28:19.0609 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/03 20:28:19.0656 Pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\Pcouffin.sys
2010/12/03 20:28:19.0796 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/12/03 20:28:19.0828 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/12/03 20:28:19.0921 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/03 20:28:19.0953 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/03 20:28:19.0984 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/03 20:28:20.0031 PxHelp20 (db3b30c3a4cdcf07e164c14584d9d0f2) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/03 20:28:20.0078 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/12/03 20:28:20.0093 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/12/03 20:28:20.0125 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/12/03 20:28:20.0156 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/12/03 20:28:20.0187 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/12/03 20:28:20.0218 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/03 20:28:20.0265 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/03 20:28:20.0312 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/03 20:28:20.0343 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/03 20:28:20.0406 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/03 20:28:20.0437 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/03 20:28:20.0484 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/03 20:28:20.0531 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/03 20:28:20.0562 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/03 20:28:20.0687 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/12/03 20:28:20.0703 sasenum (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2010/12/03 20:28:20.0750 saskutil (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2010/12/03 20:28:20.0843 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/03 20:28:20.0906 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2010/12/03 20:28:20.0984 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/03 20:28:21.0031 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/03 20:28:21.0078 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/03 20:28:21.0156 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/12/03 20:28:21.0187 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/12/03 20:28:21.0234 smwdm (86c4d93b7b7818d066c52fdb03c6c921) C:\WINDOWS\system32\drivers\smwdm.sys
2010/12/03 20:28:21.0281 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/12/03 20:28:21.0312 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/03 20:28:21.0343 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/03 20:28:21.0406 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/03 20:28:21.0468 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2010/12/03 20:28:21.0500 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2010/12/03 20:28:21.0531 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/12/03 20:28:21.0562 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/03 20:28:21.0609 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/03 20:28:21.0671 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/12/03 20:28:21.0687 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/12/03 20:28:21.0718 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/12/03 20:28:21.0750 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/12/03 20:28:21.0812 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/03 20:28:21.0890 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/03 20:28:21.0953 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/03 20:28:21.0984 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/03 20:28:22.0015 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/03 20:28:22.0078 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
2010/12/03 20:28:22.0125 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
2010/12/03 20:28:22.0140 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
2010/12/03 20:28:22.0187 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
2010/12/03 20:28:22.0218 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
2010/12/03 20:28:22.0250 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
2010/12/03 20:28:22.0265 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
2010/12/03 20:28:22.0296 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
2010/12/03 20:28:22.0312 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
2010/12/03 20:28:22.0359 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/12/03 20:28:22.0421 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/03 20:28:22.0453 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/12/03 20:28:22.0500 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/03 20:28:22.0593 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/03 20:28:22.0625 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/03 20:28:22.0687 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/03 20:28:22.0750 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/03 20:28:22.0812 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/03 20:28:22.0843 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/03 20:28:22.0875 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/03 20:28:22.0906 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/03 20:28:22.0968 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/12/03 20:28:23.0000 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/12/03 20:28:23.0015 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/03 20:28:23.0062 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/03 20:28:23.0140 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/03 20:28:23.0265 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/12/03 20:28:23.0312 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/12/03 20:28:23.0359 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/12/03 20:28:23.0421 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/03 20:28:23.0453 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/03 20:28:23.0546 \HardDisk1 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/03 20:28:23.0562 ================================================================================
2010/12/03 20:28:23.0562 Scan finished
2010/12/03 20:28:23.0562 ================================================================================
2010/12/03 20:28:23.0578 Detected object count: 1
2010/12/03 20:28:45.0156 \HardDisk1 - will be cured after reboot
2010/12/03 20:28:45.0156 Rootkit.Win32.TDSS.tdl4(\HardDisk1) - User select action: Cure
2010/12/03 20:28:52.0109 Deinitialize succes

OTL Log

OTL logfile created on: 12/3/2010 8:34:33 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\TL\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.04 Gb Total Space | 8.81 Gb Free Space | 12.40% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 116.39 Gb Free Space | 24.99% Space Free | Partition Type: NTFS

Computer Name: LOFAMILY | User Name: TL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/03 08:43:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TL\Desktop\OTL.exe
PRC - [2010/10/27 20:08:53 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/10/11 11:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/10/11 11:58:12 | 000,725,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/10/06 16:24:38 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/10/06 16:24:36 | 001,065,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2010/10/06 16:24:08 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/09/15 04:29:10 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010/09/10 00:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/09/07 02:50:22 | 001,047,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2009/10/23 19:34:36 | 000,827,904 | ---- | M] () -- C:\Program Files\dvd43\DVD43_Tray.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/05/01 13:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/05/01 13:35:10 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/04/07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files\dcmsvc\dcmsvc.exe
PRC - [2009/02/05 14:00:56 | 000,098,304 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2009/02/05 08:30:06 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\SYSTEM32\FsUsbExService.Exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/13 14:02:32 | 000,156,976 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2007/07/13 14:01:40 | 000,169,264 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
PRC - [2006/06/22 13:15:48 | 000,462,848 | ---- | M] (Southwest Airlines) -- C:\Program Files\Southwest Airlines\Ding\Ding.exe
PRC - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2004/12/14 03:44:16 | 000,032,256 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
PRC - [2004/12/14 01:12:02 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2004/11/11 17:50:15 | 000,212,992 | ---- | M] (Ahead Software) -- C:\Program Files\Nero\data\Xtras\mssysmgr.exe
PRC - [2004/10/14 12:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004/08/11 13:22:52 | 000,065,588 | ---- | M] (SafeNet) -- C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\SafeCfg.exe
PRC - [2004/08/11 13:22:46 | 000,057,398 | ---- | M] (SafeNet) -- C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IPSecMon.exe
PRC - [2004/08/11 13:22:44 | 000,319,538 | ---- | M] (SafeNet) -- C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IreIKE.exe
PRC - [2004/06/29 08:23:32 | 000,135,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
PRC - [2004/06/29 08:22:56 | 000,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
PRC - [2004/03/18 08:33:26 | 000,892,928 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\iTouch.exe
PRC - [2004/01/06 22:01:00 | 000,110,592 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe


========== Modules (SafeList) ==========

MOD - [2010/12/03 08:43:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TL\Desktop\OTL.exe
MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/12/25 08:08:00 | 001,507,328 | ---- | M] () -- C:\WINDOWS\SYSTEM32\nview.dll
MOD - [2008/12/25 08:08:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nvwddi.dll
MOD - [2004/03/18 08:26:50 | 000,004,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\itchhk.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/10/11 11:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/09/10 00:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/05/01 13:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/02/05 08:30:06 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\SYSTEM32\FsUsbExService.Exe -- (fsusbexservice)
SRV - [2008/04/07 08:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (servicelayer)
SRV - [2007/07/13 14:02:32 | 000,156,976 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2004/08/11 13:22:46 | 000,057,398 | ---- | M] (SafeNet) [Auto | Running] -- C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IPSecMon.exe -- (IPSECMON)
SRV - [2004/08/11 13:22:44 | 000,319,538 | ---- | M] (SafeNet) [Auto | Running] -- C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IreIKE.exe -- (IreIKE)
SRV - [2004/06/29 08:22:56 | 000,073,852 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (usbaapl)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\LMouKE.Sys -- (LMouKE)
DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 02:49:00 | 000,298,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/07 02:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 02:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 02:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 20:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 20:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 20:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/05/26 18:28:23 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (saskutil)
DRV - [2010/02/19 06:53:25 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/19 06:53:25 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (sasenum)
DRV - [2009/11/06 17:26:57 | 000,018,816 | ---- | M] (RIF) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dvd43llh.sys -- (dvd43llh)
DRV - [2009/02/05 08:30:06 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008/12/25 08:08:00 | 006,301,344 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2008/04/13 10:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\61883.sys -- (61883)
DRV - [2008/04/13 10:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\avc.sys -- (Avc)
DRV - [2008/04/13 10:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\msdv.sys -- (MSDV)
DRV - [2008/04/13 10:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 10:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/09/17 14:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/05/03 12:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mxopswd.sys -- (MXOPSWD)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2004/12/05 22:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/12/05 22:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/12/05 22:05:00 | 000,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/12/05 22:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/12/05 22:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/12/05 22:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/12/05 22:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/12/05 22:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/12/05 22:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/01 00:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/22 23:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/09/17 07:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/08/25 10:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/11 12:01:40 | 000,119,864 | ---- | M] (SafeNet) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IpSecDrv.sys -- (IPSECDRV)
DRV - [2004/07/30 13:20:44 | 000,000,136 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\Crypto.sig -- (Crypto)
DRV - [2004/07/14 08:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 08:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2004/06/29 08:17:16 | 000,477,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2004/05/29 14:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
DRV - [2004/03/10 12:42:24 | 000,012,953 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\itchfltr.sys -- (itchfltr)
DRV - [2004/03/03 08:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Lhidusb.sys -- (LHidUsb)
DRV - [2004/03/03 08:50:00 | 000,014,095 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LCCFLTR.SYS -- (LCcfltr)
DRV - [2003/09/05 14:35:02 | 000,139,604 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dne2000.sys -- (DNE)
DRV - [2002/11/08 10:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/12/14 15:26:06 | 000,036,188 | ---- | M] (Deterministic Networks Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\vap.sys -- (DniVap) SafeNet WAN Miniport (VA)
DRV - [2001/08/17 11:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 11:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 11:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 11:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 11:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 10:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 10:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 10:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 10:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 10:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 10:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 10:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 10:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 10:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 10:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/02/18 10:09:56 | 000,009,312 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\hp4200c.sys -- (hp4200c)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/10/25 14:08:00 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/10/29 21:23:09 | 000,000,151 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 winguard2009.microsoft.com
O1 - Hosts: 91.212.127.226 winguard-2009.com
O1 - Hosts: 91.212.127.226 www.winguard-2009.com
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe ()
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe ()
O4 - HKLM..\Run: [hplampc] C:\WINDOWS\SYSTEM32\hplampc.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] File not found
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [msci] C:\DOCUME~1\TL\LOCALS~1\Temp\2009919144339_mcinfo.exe File not found
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\SYSTEM32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [GameShadow] C:\Program Files\GameShadow\GameShadow.exe File not found
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files\Nero\data\Xtras\mssysmgr.exe (Ahead Software)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR ProSafe VPN Client.lnk = C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\SafeCfg.exe (SafeNet)
O4 - Startup: C:\Documents and Settings\TL\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\TL\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
O4 - Startup: C:\Documents and Settings\TL\Start Menu\Programs\Startup\Warner Bros.lnk = C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_21.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab (Disney Online Games ActiveX Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264404150781 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264404043796 (MUWebControl Class)
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} http://mediaplayer.walmart.com/installer/install.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: PackageCab http://ak.imgag.com/imgag/cp/install/AxCtp2.cab (Reg Error: Key error.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\TL\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\TL\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 10:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{819c1a5b-ba2a-11dc-b4a3-001111ec85dc}\Shell\AutoRun\command - "" = BOOTEX\thumbcache_131.exe
O33 - MountPoints2\{819c1a5b-ba2a-11dc-b4a3-001111ec85dc}\Shell\explore\command - "" = BOOTEX/thumbcache_131.exe
O33 - MountPoints2\{819c1a5b-ba2a-11dc-b4a3-001111ec85dc}\Shell\open\command - "" = .////BOOTEX/thumbcache_131.exe
O33 - MountPoints2\{ec4b6af1-6350-11da-afbb-00038a000015}\Shell\AutoRun\command - "" = G:\BOOTEX\thumbcache_131.exe -- File not found
O33 - MountPoints2\{ec4b6af1-6350-11da-afbb-00038a000015}\Shell\explore\command - "" = G:\BOOTEX\thumbcache_131.exe -- File not found
O33 - MountPoints2\{ec4b6af1-6350-11da-afbb-00038a000015}\Shell\open\command - "" = G:\.\\BOOTEX\thumbcache_131.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 30 Days ==========

[2010/12/03 20:33:45 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\TL\Desktop\OTL.exe
[2010/12/03 20:27:50 | 001,344,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\TL\Desktop\TDSSKiller.exe
[2010/12/02 20:50:22 | 000,000,000 | ---D | C] -- C:\gmer
[2010/11/21 16:07:42 | 000,000,000 | ---D | C] -- C:\ProcessExplorer
[2010/11/21 14:26:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/11/20 21:23:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/11/20 21:22:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/11/20 17:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/11/20 13:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/11/20 13:23:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/11/18 16:17:34 | 015,459,304 | ---- | C] (Fengtao Software Inc. ) -- C:\DVDFab8050.exe
[2010/11/10 22:03:53 | 000,000,000 | ---D | C] -- C:\ATT U-VERSE
[2010/11/08 08:14:02 | 000,000,000 | ---D | C] -- C:\FLV
[2010/11/08 08:10:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TL\My Documents\Any DVD Converter Professional
[2010/11/08 08:10:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TL\Application Data\AnvSoft
[2009/11/06 17:38:40 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\TL\Application Data\pcouffin.sys
[1979/12/31 21:00:00 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/03 20:30:39 | 000,206,492 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/12/03 20:30:31 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/12/03 20:30:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/12/03 20:30:01 | 3219,296,256 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/03 08:43:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TL\Desktop\OTL.exe
[2010/12/02 20:51:37 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\TL\defogger_reenable
[2010/12/02 20:42:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/12/02 17:20:50 | 000,288,107 | ---- | M] () -- C:\gmer.zip
[2010/12/02 17:17:34 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\TL\Desktop\Defogger.exe
[2010/12/02 12:29:14 | 001,344,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\TL\Desktop\TDSSKiller.exe
[2010/11/21 21:25:58 | 099,807,193 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2010/11/21 18:21:50 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\TL\Desktop\dds.scr
[2010/11/21 16:07:23 | 001,836,413 | ---- | M] () -- C:\ProcessExplorer.zip
[2010/11/21 10:48:25 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/18 18:11:44 | 005,582,383 | ---- | M] () -- C:\UVRT-v1.6.0.0-Installer.exe
[2010/11/18 16:18:23 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\TL\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab 8.lnk
[2010/11/18 16:18:23 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\TL\Desktop\DVDFab 8.lnk
[2010/11/18 16:17:34 | 015,459,304 | ---- | M] (Fengtao Software Inc. ) -- C:\DVDFab8050.exe
[2010/11/08 10:32:38 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\TL\Desktop\gmer.exe
[2010/11/07 08:51:59 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\TL\Application Data\inst.exe
[2010/11/07 08:51:59 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\TL\Application Data\pcouffin.sys
[2010/11/07 08:51:59 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\TL\Application Data\pcouffin.cat
[2010/11/07 08:51:59 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\TL\Application Data\pcouffin.inf
[2010/11/07 06:07:53 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/11/07 06:07:53 | 000,066,656 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/11/05 08:30:02 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\TL\My Documents\PDVD_MediaDisc.PlayList
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,011,168 | -H-- | C] () -- C:\WINDOWS\System32\fuluvufa
[2010/12/02 20:51:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\TL\defogger_reenable
[2010/12/02 20:50:22 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\TL\Desktop\gmer.exe
[2010/12/02 20:50:13 | 000,288,107 | ---- | C] () -- C:\gmer.zip
[2010/12/02 20:50:03 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\TL\Desktop\Defogger.exe
[2010/11/21 21:29:04 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\TL\Desktop\dds.scr
[2010/11/21 21:21:46 | 3219,296,256 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/21 16:07:08 | 001,836,413 | ---- | C] () -- C:\ProcessExplorer.zip
[2010/11/18 18:11:44 | 005,582,383 | ---- | C] () -- C:\UVRT-v1.6.0.0-Installer.exe
[2010/03/19 19:11:00 | 000,009,364 | -HS- | C] () -- C:\Documents and Settings\TL\Local Settings\Application Data\Jd7i63U6u
[2010/03/19 19:11:00 | 000,009,364 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\Jd7i63U6u
[2010/02/01 20:27:30 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2009/11/06 17:38:40 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\inst.exe
[2009/11/06 17:38:40 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\pcouffin.cat
[2009/11/06 17:38:40 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\pcouffin.inf
[2009/11/06 17:38:40 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\pcouffin.log
[2009/07/05 08:57:25 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009/07/05 08:57:25 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009/07/05 08:57:16 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\$_hpcst$.hpc
[2009/04/26 06:03:42 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2009/01/05 14:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/12/25 08:08:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/12/25 08:08:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/12/25 08:08:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/12/25 08:08:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/10/25 16:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/08/04 09:37:18 | 000,000,273 | ---- | C] () -- C:\WINDOWS\PICKLIST.INI
[2007/08/04 09:31:33 | 000,000,301 | ---- | C] () -- C:\WINDOWS\MIREPAIR.INI
[2007/08/04 09:31:33 | 000,000,058 | ---- | C] () -- C:\WINDOWS\MITCHELL.INI
[2007/08/04 09:31:19 | 000,005,106 | ---- | C] () -- C:\WINDOWS\ODWIN.INI
[2007/08/04 09:31:19 | 000,000,754 | ---- | C] () -- C:\WINDOWS\BTI.INI
[2007/03/28 19:16:24 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/01/09 22:15:31 | 000,000,019 | ---- | C] () -- C:\WINDOWS\MSMAIL32.INI
[2006/12/23 21:25:17 | 000,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/11/28 19:30:49 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\hpgt42.dll
[2006/11/27 22:26:36 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2006/11/27 22:26:36 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2006/11/27 22:26:09 | 000,015,047 | ---- | C] () -- C:\WINDOWS\HPSETUP.INI
[2006/09/16 09:58:52 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\FixVTS.ini
[2006/04/15 11:09:07 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/03/26 14:43:23 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000A18_VTS_1.IFO
[2006/03/26 14:43:23 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000A18_VTS_0.IFO
[2006/02/16 20:58:12 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000DE0_VTS_1.IFO
[2006/02/16 20:58:12 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000DE0_VTS_0.IFO
[2006/02/16 19:58:03 | 000,000,098 | ---- | C] () -- C:\WINDOWS\VPPLAYS.INI
[2005/12/18 14:56:28 | 000,088,064 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000144_VTS_1.IFO
[2005/12/18 14:56:28 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000144_VTS_0.IFO
[2005/10/09 13:17:00 | 000,088,064 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000458_VTS_2.IFO
[2005/10/09 13:17:00 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000458_VTS_3.IFO
[2005/10/09 13:17:00 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000458_VTS_1.IFO
[2005/10/09 13:17:00 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000458_VTS_0.IFO
[2005/10/05 19:34:52 | 000,059,392 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\000005D4_VTS_1.IFO
[2005/10/05 19:34:52 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\000005D4_VTS_2.IFO
[2005/10/05 19:34:52 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\000005D4_VTS_0.IFO
[2005/10/05 19:09:53 | 000,059,392 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E00_VTS_1.IFO
[2005/10/05 19:09:53 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E00_VTS_2.IFO
[2005/10/05 19:09:53 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E00_VTS_0.IFO
[2005/10/05 10:56:05 | 000,086,016 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\000005FC_VTS_2.IFO
[2005/10/05 10:56:05 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\000005FC_VTS_3.IFO
[2005/10/05 10:56:05 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\000005FC_VTS_1.IFO
[2005/10/05 10:56:05 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\000005FC_VTS_0.IFO
[2005/09/30 19:44:41 | 000,059,392 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E58_VTS_1.IFO
[2005/09/30 19:44:41 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E58_VTS_2.IFO
[2005/09/30 19:44:41 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E58_VTS_3.IFO
[2005/09/30 19:44:41 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E58_VTS_0.IFO
[2005/09/21 19:41:41 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/09/20 17:30:35 | 000,000,023 | ---- | C] () -- C:\WINDOWS\CANDYLND.INI
[2005/09/20 16:06:11 | 000,000,068 | ---- | C] () -- C:\WINDOWS\TONKA_SR.INI
[2005/09/20 06:35:18 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2005/09/20 06:35:18 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2005/09/20 06:35:18 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2005/09/04 12:39:24 | 000,000,374 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/09/02 22:08:19 | 000,246,272 | ---- | C] () -- C:\Documents and Settings\TL\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/24 08:53:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BBCAuto.INI
[2005/07/31 15:39:14 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2005/07/25 06:19:53 | 000,001,053 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2005/07/24 05:36:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2005/07/12 20:29:00 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000AE8_VTS_6.IFO
[2005/07/12 20:29:00 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000AE8_VTS_5.IFO
[2005/07/12 20:29:00 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000AE8_VTS_4.IFO
[2005/07/12 20:29:00 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000AE8_VTS_3.IFO
[2005/07/12 20:29:00 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000AE8_VTS_2.IFO
[2005/07/12 20:28:59 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000AE8_VTS_1.IFO
[2005/07/12 20:28:59 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000AE8_VTS_0.IFO
[2005/07/12 19:38:22 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E40_VTS_1.IFO
[2005/07/12 19:38:22 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E40_VTS_6.IFO
[2005/07/12 19:38:22 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E40_VTS_5.IFO
[2005/07/12 19:38:22 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E40_VTS_4.IFO
[2005/07/12 19:38:22 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E40_VTS_3.IFO
[2005/07/12 19:38:22 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E40_VTS_2.IFO
[2005/07/12 19:38:21 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E40_VTS_0.IFO
[2005/07/12 19:37:16 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F44_VTS_6.IFO
[2005/07/12 19:37:16 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F44_VTS_5.IFO
[2005/07/12 19:37:16 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F44_VTS_4.IFO
[2005/07/12 19:37:16 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F44_VTS_3.IFO
[2005/07/12 19:37:15 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F44_VTS_1.IFO
[2005/07/12 19:37:15 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F44_VTS_0.IFO
[2005/07/12 19:37:15 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F44_VTS_2.IFO
[2005/07/12 19:35:41 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000684_VTS_6.IFO
[2005/07/12 19:35:41 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000684_VTS_5.IFO
[2005/07/12 19:35:41 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000684_VTS_4.IFO
[2005/07/12 19:35:41 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000684_VTS_3.IFO
[2005/07/12 19:35:40 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000684_VTS_1.IFO
[2005/07/12 19:35:40 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000684_VTS_0.IFO
[2005/07/12 19:35:40 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000684_VTS_2.IFO
[2005/07/12 18:45:23 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F70_VTS_6.IFO
[2005/07/12 18:45:22 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F70_VTS_1.IFO
[2005/07/12 18:45:22 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F70_VTS_5.IFO
[2005/07/12 18:45:22 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F70_VTS_4.IFO
[2005/07/12 18:45:22 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F70_VTS_3.IFO
[2005/07/12 18:45:22 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F70_VTS_2.IFO
[2005/07/12 18:45:21 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F70_VTS_0.IFO
[2005/07/10 17:46:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/06/29 19:02:09 | 000,000,137 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2005/06/29 18:58:51 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2005/06/27 20:25:32 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\TL\Local Settings\Application Data\fusioncache.dat
[2005/06/27 08:33:03 | 000,001,441 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2005/06/26 21:43:35 | 000,000,051 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2005/06/26 20:53:01 | 000,000,508 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/26 20:43:39 | 000,000,214 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/06/26 20:39:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2005/06/26 20:35:03 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS3g.DLL
[2005/04/12 16:53:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/04/12 16:51:34 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/04/12 16:21:06 | 000,000,367 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/28 05:08:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 10:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 10:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/04 02:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[1997/09/12 00:00:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ODBCMON.DLL
[1997/09/12 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/09/12 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1979/12/31 21:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\*. /mp /s >

< %SYSTEMDRIVE%\*.exe >
[2005/07/20 04:54:13 | 002,855,080 | ---- | M] () -- C:\aawsepersonal.exe
[2006/12/23 21:29:05 | 000,535,640 | ---- | M] () -- C:\AOLDNLD.EXE
[2009/04/16 12:10:30 | 015,480,417 | ---- | M] (Any-Video-Converter.com ) -- C:\avc-free.exe
[2010/03/20 05:45:40 | 000,891,248 | ---- | M] (AVG Technologies) -- C:\avg_free_stb_all_9_40_cnet.exe
[2009/04/12 07:56:35 | 054,364,552 | ---- | M] (Online Media Technologies Ltd. ) -- C:\AVSVideoConverter.exe
[2010/01/13 21:29:52 | 000,505,064 | ---- | M] (Warner Bros.) -- C:\DigitalCopyBD.exe
[2010/11/03 07:12:00 | 006,599,680 | ---- | M] () -- C:\DingInstall-1.05.exe
[2009/04/15 19:13:34 | 000,366,184 | ---- | M] (Digital River, Inc.) -- C:\Download_UltimateSuiteReg.exe
[2006/03/16 20:32:17 | 000,521,403 | ---- | M] ( ) -- C:\DVD43_3-7-0_Setup.exe
[2006/06/07 17:50:19 | 000,526,018 | ---- | M] ( ) -- C:\DVD43_3-9-0_Setup.exe
[2009/11/06 15:50:36 | 000,568,900 | ---- | M] ( ) -- C:\DVD43_4-6-0_Setup.exe
[2009/11/06 16:15:16 | 013,107,968 | ---- | M] (Fengtao Software Inc. ) -- C:\DVDFab6125.exe
[2010/06/22 19:47:07 | 013,833,720 | ---- | M] (Fengtao Software Inc. ) -- C:\DVDFab7070.exe
[2010/11/18 16:17:34 | 015,459,304 | ---- | M] (Fengtao Software Inc. ) -- C:\DVDFab8050.exe
[2009/07/03 16:02:46 | 003,342,809 | ---- | M] () -- C:\eMule0.49c-Installer.exe
[2010/01/17 19:30:28 | 008,087,352 | ---- | M] (Mozilla) -- C:\Firefox Setup 3.5.7.exe
[2009/04/12 18:03:50 | 004,998,707 | ---- | M] () -- C:\flvplayer_setup.exe
[2009/04/16 12:15:50 | 006,529,156 | ---- | M] () -- C:\HandBrake-0.9.3-Win_GUI.exe
[2006/10/23 21:26:39 | 015,520,048 | ---- | M] (Microsoft Corporation) -- C:\IE7-WindowsXP-x86-enu.exe
[2005/09/04 14:15:23 | 006,765,354 | ---- | M] () -- C:\InCD-4.3.20.1.exe
[2009/08/15 14:54:10 | 077,976,864 | ---- | M] (Apple Inc.) -- C:\iTunesSetup1.exe
[2003/12/27 16:23:00 | 000,332,288 | ---- | M] () -- C:\keygen.exe
[2009/02/06 18:22:54 | 002,737,808 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
[2005/09/21 11:47:43 | 000,344,064 | ---- | M] (ahead software gmbh
im stoeckmaedle 6
76307 karlsbad, germany
Phone: ++49-7248-911-800
Fax: ++49-7248-911-888
e-mail: info@ahead.de) -- C:\mp3pro_11925727tommylo_33yahooco_3668.exe
[2005/09/04 14:05:33 | 034,235,626 | ---- | M] () -- C:\Nero-6.6.0.16.exe
[2005/09/27 17:27:52 | 001,346,688 | ---- | M] (Gteko Ltd.) -- C:\NetSet.exe
[2005/09/04 14:20:05 | 007,545,056 | ---- | M] () -- C:\NMP-1.4.0.35.exe
[2005/09/04 14:37:52 | 037,492,192 | ---- | M] () -- C:\NVE-3.1.0.16.exe
[2005/06/30 18:56:12 | 003,360,364 | ---- | M] () -- C:\PartyPokerSetup.exe
[2006/06/02 14:22:42 | 002,977,559 | ---- | M] () -- C:\PgcEdit.exe
[2008/01/27 11:09:20 | 001,506,795 | ---- | M] () -- C:\PotC-setup.exe
[2005/09/08 20:00:43 | 008,145,920 | ---- | M] () -- C:\puttrace.exe
[2008/09/24 21:26:10 | 001,346,560 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd. ) -- C:\sdfv2003.exe
[2010/06/27 13:25:03 | 014,249,472 | ---- | M] () -- C:\SeaToolsforWindowsSetup-1202.exe
[2006/06/07 19:53:07 | 000,899,414 | ---- | M] () -- C:\SetupDVDDecrypter_3.5.4.0.exe
[2010/05/09 13:46:40 | 177,128,988 | ---- | M] () -- C:\SGalaxy184.exe
[2010/06/10 20:01:06 | 006,259,064 | ---- | M] (Microsoft Corporation) -- C:\Silverlight.exe
[2006/11/27 22:24:41 | 036,422,256 | ---- | M] () -- C:\sj655en.exe
[2008/09/24 21:34:53 | 002,074,384 | ---- | M] (Hewlett-Packard ) -- C:\SP27608.exe
[2009/06/01 05:30:21 | 012,302,014 | ---- | M] (InstallShield Software Corporation) -- C:\streetsmartpro42.exe
[2010/11/18 18:11:44 | 005,582,383 | ---- | M] () -- C:\UVRT-v1.6.0.0-Installer.exe
[2008/06/26 10:17:54 | 009,533,951 | ---- | M] (Macrovision Corporation) -- C:\ViewMate.10.0.30.exe
[2009/04/17 17:49:31 | 010,272,854 | ---- | M] () -- C:\VioVideoConverterSetup.exe
[2009/03/06 15:11:58 | 001,234,120 | ---- | M] () -- C:\wrar380.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 3567 bytes -> C:\WINDOWS\Prairie Wind.bmp:juzdij
@Alternate Data Stream - 1097 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3A27B60F

< End of report >

Extra log

OTL Extras logfile created on: 12/3/2010 8:34:33 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\TL\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.04 Gb Total Space | 8.81 Gb Free Space | 12.40% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 116.39 Gb Free Space | 24.99% Space Free | Partition Type: NTFS

Computer Name: LOFAMILY | User Name: TL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9999:TCP" = 9999:TCP:LocalSubNet:Enabled:DNA
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IreIKE.exe" = C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IreIKE.exe:*:Enabled:IreIke -- (SafeNet)
"C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\ViewLog.exe" = C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog -- (SafeNet)
"C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\CmonApp.exe" = C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp -- (SafeNet)
"C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\vpn.exe" = C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager -- (SafeNet)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Schwab\SSPro\SSPro.exe" = C:\Program Files\Schwab\SSPro\SSPro.exe:*:Enabled:StreetSmart ProŽ -- (Charles Schwab & Co., Inc.)
"C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe" = C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime -- (Ahead software AG)
"C:\Program Files\Canon\ZoomBrowser EX\Program\ZoomBrowser.exe" = C:\Program Files\Canon\ZoomBrowser EX\Program\ZoomBrowser.exe:*:Enabled:ZoomBrowser -- ()
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\dvd43\DVD43_Tray.exe" = C:\Program Files\dvd43\DVD43_Tray.exe:*:Enabled:dvd43_tray -- ()
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IreIKE.exe" = C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IreIKE.exe:*:Enabled:IreIke -- (SafeNet)
"C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\ViewLog.exe" = C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog -- (SafeNet)
"C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\CmonApp.exe" = C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp -- (SafeNet)
"C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\vpn.exe" = C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager -- (SafeNet)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0323CB96-221A-4042-84A3-93EDE47099FC}" = AVG 2011
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{07287123-b8ac-41ce-8346-3d777245c35b}" = Bonjour
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1A258E63-8DF5-4ADB-9832-38A0121D65EB}" = AVG 2011
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 21
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}" = TurboTax ItsDeductible 2005
"{2F931B84-0CEE-11D1-AA7D-0080AD1AC47A}" = NETGEAR ProSafe VPN Client
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A347920-4AFC-11D5-9FB0-800649886934}" = SDFormatter
"{664708B3-C730-11D5-ADE7-00B0D07D157A}" = StreetSmart Pro
"{6811caa0-bf12-11d4-9ea1-0050bae317e1}" = PowerDVD
"{6956856f-b6b3-4be0-ba0b-8f495be32033}" = Apple Software Update
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}" = Macromedia Shockwave Player
"{7e84fac8-c518-40f9-9807-7455301d6d25}" = SamsungConnectivityCableDriver
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING!
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{901D1286-529B-48A9-8DDD-4A60CF9E9BF1}" = H&R Block Tax Offer
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Application Accelerator
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{994E24A6-EC47-4201-8D0B-D4563B7AD66B}" = CivCity
"{99ecf41f-5cca-42bd-b8b8-a8333e2e2944}" = iTunes
"{9E694B64-864C-4F22-8229-12D53CA93E94}" = Video Explosion Deluxe
"{A1BC8E02-6B5B-4B4A-A75F-B27A16918C2B}" = DiscWizard for Windows
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13
"{ac599724-5755-48c1-abe7-abb857652930}" = PC Connectivity Solution
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D6BB50-1911-11DB-6784-0DE05EAD18BE}" = VIDEO GAME TYCOON : Gold Edition
"{c78eac6f-7a73-452e-8134-dbb2165c5a68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cddcbbf1-2703-46bc-938b-bcc81a1eeaaa}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5E5682B-2798-457B-BBF7-0892B58EFF3A}" = Maxtor Manager
"{D9C2B5E2-4E89-4BD2-AFAA-772E37FA1ADF}" = Netflix Preview Player
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E6F019F1-DFB6-4853-A87D-6E31624755A9}" = Seagate Manager Installer
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{e9ed0801-253d-4fe9-ab20-f63defe72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"{f193fc0e-9e18-40fc-a974-509a1bdd240a}" = Samsung New PC Studio
"1Click DVD Copy_is1" = 1Click DVD Copy 4.2.9.2
"3a5defa413dde699dba6ebe0a63534aca524d30f" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"6194c28a8f62dd817ea1b918e6e46e806a21b452" = Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65b6fe5418ce28f4d72543fb2d964c3cec83f161" = Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.0 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Illustrator 8.0" = Adobe Illustrator 8.0
"Adobe Illustrator CS2" = Adobe Illustrator CS2
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Alphabet Express" = Alphabet Express
"Any Video Converter_is1" = Any Video Converter 2.7.2
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2011
"AviSynth" = AviSynth 2.5
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANONBJ_Deinstall_CNMCP3g.DLL" = Canon S900
"CopyToDVD_is1" = CopyToDVD
"CSCLIB" = Canon Camera Support Core Library
"dcmsvc_is1" = dcmsvc 1.0
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVD43_is1" = DVD43 v4.6.0
"DVDFab 8_is1" = DVDFab 8.0.5.0 (18/11/2010)
"EOS Utility" = Canon Utilities EOS Utility
"FLV Player" = FLV Player 2.0 (build 25)
"HandBrake" = HandBrake 0.9.3
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP PrecisionScan LT Software" = HP PrecisionScan LT Software
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"InstallShield_{D5E5682B-2798-457B-BBF7-0892B58EFF3A}" = Maxtor Manager
"InstallShield_{E6F019F1-DFB6-4853-A87D-6E31624755A9}" = Seagate Manager Installer
"installshield_{e9ed0801-253d-4fe9-ab20-f63defe72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"installshield_{f193fc0e-9e18-40fc-a974-509a1bdd240a}" = Samsung New PC Studio
"Lego Star Wars: The Complete Saga: Prima Official eGuide" = Lego Star Wars: The Complete Saga: Prima Official eGuide
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyWaySearchAssistantDE" = My Way Search Assistant
"Nero PhotoShow Express" = Nero PhotoShow Express
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NG Explorer Ghost Fleet 1.0.0" = NG Explorer Ghost Fleet
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PartyPoker" = PartyPoker
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"samsung mobile composite device" = SAMSUNG Mobile Composite Device Software
"samsung mobile phone usb driver" = Samsung Mobile phone USB driver Software
"samsung mobile usb modem" = SAMSUNG Mobile USB Modem Software
"samsung mobile usb modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Shattered Galaxy" = Shattered Galaxy
"SpongeBob SquarePants Diner Dash 2" = SpongeBob SquarePants Diner Dash 2
"StreetPlugin" = Learn2 Player (Uninstall Only)
"TurboTax 2009" = TurboTax 2009
"UnityWebPlayer" = Unity Web Player
"ViewpointMediaPlayer" = Viewpoint Media Player
"VioVideoConverter" = Vio Video Converter 1.0
"walmart mp3 music downloads" = Walmart MP3 Music Downloads
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for TL
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/21/2010 6:21:11 PM | Computer Name = LOFAMILY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 11/21/2010 9:18:35 PM | Computer Name = LOFAMILY | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module mshtml.dll, version 7.0.6000.17092, fault address 0x0010724a.

Error - 11/22/2010 1:38:34 AM | Computer Name = LOFAMILY | Source = Application Hang | ID = 1002
Description = Hanging application notepad.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/22/2010 12:13:07 PM | Computer Name = LOFAMILY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 11/22/2010 12:13:07 PM | Computer Name = LOFAMILY | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 11/22/2010 12:13:57 PM | Computer Name = LOFAMILY | Source = MsiInstaller | ID = 11402
Description = Product: Microsoft Office Visio Professional 2003 -- Error 1402. Setup
cannot open the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS.
Verify that you have sufficient permissions to access the registry or contact
your Information Technology department for assistance.

Error - 11/22/2010 12:14:25 PM | Computer Name = LOFAMILY | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Visio Professional 2003 - Update 'Visio
2003 Service Pack 3 (SP3): VISIOSP3' could not be installed. Error code 1603. Windows
Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

Error - 11/22/2010 12:20:55 PM | Computer Name = LOFAMILY | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 11/25/2010 12:54:59 PM | Computer Name = LOFAMILY | Source = MsiInstaller | ID = 11402
Description = Product: Microsoft Office Visio Professional 2003 -- Error 1402. Setup
cannot open the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS.
Verify that you have sufficient permissions to access the registry or contact
your Information Technology department for assistance.

Error - 11/25/2010 12:55:23 PM | Computer Name = LOFAMILY | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Visio Professional 2003 - Update 'Visio
2003 Service Pack 3 (SP3): VISIOSP3' could not be installed. Error code 1603. Windows
Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

[ OSession Events ]
Error - 7/4/2010 1:36:16 PM | Computer Name = LOFAMILY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13318
seconds with 120 seconds of active time. This session ended with a crash.

Error - 8/5/2010 9:20:56 PM | Computer Name = LOFAMILY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 83
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/3/2010 12:44:43 AM | Computer Name = LOFAMILY | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 12/3/2010 12:55:24 AM | Computer Name = LOFAMILY | Source = System Error | ID = 1003
Description = Error code 00000019, parameter1 00000020, parameter2 8995b320, parameter3
8995bb48, parameter4 1b050010.

Error - 12/3/2010 12:55:28 AM | Computer Name = LOFAMILY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 12/3/2010 12:59:20 AM | Computer Name = LOFAMILY | Source = System Error | ID = 1003
Description = Error code 00000019, parameter1 00000020, parameter2 89a01168, parameter3
89a01990, parameter4 1b0501ca.

Error - 12/3/2010 12:59:24 AM | Computer Name = LOFAMILY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 12/3/2010 1:18:38 AM | Computer Name = LOFAMILY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 12/3/2010 1:18:40 AM | Computer Name = LOFAMILY | Source = System Error | ID = 1003
Description = Error code 00000019, parameter1 00000020, parameter2 89882460, parameter3
89882c88, parameter4 1b050027.

Error - 12/4/2010 12:18:42 AM | Computer Name = LOFAMILY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 12/4/2010 12:25:36 AM | Computer Name = LOFAMILY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 12/4/2010 12:31:06 AM | Computer Name = LOFAMILY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep


< End of report >

#7 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:11 AM

Posted 04 December 2010 - 11:26 AM

It looks like we have got the main threat, their is still a bit to clean up in your logs though. Can you tell me how your computer is running now and if you are still having any problems?


Download and Run FlashDisinfector
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
    O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
    O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] File not found
    O4 - HKLM..\Run: [msci] C:\DOCUME~1\TL\LOCALS~1\Temp\2009919144339_mcinfo.exe File not found
    O4 - HKLM..\Run: [NPSStartup] File not found
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
    O4 - HKCU..\Run: [GameShadow] C:\Program Files\GameShadow\GameShadow.exe File not found
    O4 - Startup: C:\Documents and Settings\TL\Start Menu\Programs\Startup\Warner Bros.lnk = C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe File not found
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O16 - DPF: PackageCab http://ak.imgag.com/imgag/cp/install/AxCtp2.cab (Reg Error: Key error.)
    O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
    [2010/11/18 18:11:44 | 005,582,383 | ---- | M] () -- C:\UVRT-v1.6.0.0-Installer.exe
    [2099/01/01 12:00:00 | 000,011,168 | -H-- | C] () -- C:\WINDOWS\System32\fuluvufa
    [2010/03/19 19:11:00 | 000,009,364 | -HS- | C] () -- C:\Documents and Settings\TL\Local Settings\Application Data\Jd7i63U6u
    [2010/03/19 19:11:00 | 000,009,364 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\Jd7i63U6u
    [2003/12/27 16:23:00 | 000,332,288 | ---- | M] () -- C:\keygen.exe
    @Alternate Data Stream - 3567 bytes -> C:\WINDOWS\Prairie Wind.bmp:juzdij
    @Alternate Data Stream - 1097 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3A27B60F
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusOverride"=dword:00000000
    "FirewallOverride"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall"=dword:00000001
    "DisableNotifications"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=dword:00000001
    "DisableNotifications"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"=-
    "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"=-
    "C:\Program Files\America Online 9.0\waol.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]]
    "C:\Program Files\AVG\AVG8\avgupd.exe"=-
    "C:\Program Files\AVG\AVG8\avgnsx.exe"=-
    "C:\WINDOWS\explorer.exe"=-
    :Commands
    [Resethosts]
    [emptytemp]
    [emptyflash]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it in your reply.
  • Then also run a new OTL scan by clicking Run Scan and post the new OTL log.

unite.jpg


#8 Underattacked09

Underattacked09
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 04 December 2010 - 10:12 PM

Hi Syler,

The computer is running O.K. now like before. Here is the fixed log.

ll processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Logitech Hardware Abstraction Layer deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\msci deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GameShadow deleted successfully.
C:\Documents and Settings\TL\Start Menu\Programs\Startup\Warner Bros.lnk moved successfully.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Starting removal of ActiveX control PackageCab
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\PackageCab\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\PackageCab\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\PackageCab\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\exefile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\UVRT-v1.6.0.0-Installer.exe moved successfully.
C:\WINDOWS\SYSTEM32\fuluvufa moved successfully.
C:\Documents and Settings\TL\Local Settings\Application Data\Jd7i63U6u moved successfully.
C:\Documents and Settings\All Users\Application Data\Jd7i63U6u moved successfully.
C:\keygen.exe moved successfully.
ADS C:\WINDOWS\Prairie Wind.bmp:juzdij deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3A27B60F deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusOverride"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallOverride"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\"EnableFirewall"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\"DisableNotifications"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\"EnableFirewall"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\"DisableNotifications"|dword:00000000 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Administrator.LOFAMILY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 150183 bytes
->Flash cache emptied: 41620 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 10457196 bytes
->Flash cache emptied: 2929 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 165758452 bytes
->Flash cache emptied: 17496 bytes

User: TL
->Temp folder emptied: 1756831895 bytes
->Temporary Internet Files folder emptied: 60247505 bytes
->Java cache emptied: 29121075 bytes
->Flash cache emptied: 2531156 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 3244049 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14923325 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 78170862 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2,023.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.LOFAMILY
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: TL
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 12042010_180155

Files\Folders moved on Reboot...
C:\Documents and Settings\TL\Local Settings\Temporary Internet Files\Content.IE5\S6JUL1L0\page__p__2028368__fromsearch__1[1].html moved successfully.
C:\Documents and Settings\TL\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.

Registry entries deleted on Reboot...

OTL Log

OTL logfile created on: 12/4/2010 7:04:47 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\TL\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.04 Gb Total Space | 10.54 Gb Free Space | 14.84% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 116.39 Gb Free Space | 24.99% Space Free | Partition Type: NTFS

Computer Name: LOFAMILY | User Name: TL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/03 21:10:20 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/12/03 08:43:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TL\Desktop\OTL.exe
PRC - [2010/11/10 19:08:04 | 000,724,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/11/10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/10/27 05:15:24 | 001,073,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2010/10/27 05:14:50 | 001,047,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:57:54 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010/10/22 04:57:38 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/10/22 04:56:56 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2009/10/23 19:34:36 | 000,827,904 | ---- | M] () -- C:\Program Files\dvd43\DVD43_Tray.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/05/01 13:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/05/01 13:35:10 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/04/07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files\dcmsvc\dcmsvc.exe
PRC - [2009/02/05 14:00:56 | 000,098,304 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2009/02/05 08:30:06 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\SYSTEM32\FsUsbExService.Exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/13 14:02:32 | 000,156,976 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2007/07/13 14:01:40 | 000,169,264 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
PRC - [2006/06/22 13:15:48 | 000,462,848 | ---- | M] (Southwest Airlines) -- C:\Program Files\Southwest Airlines\Ding\Ding.exe
PRC - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2004/12/14 03:44:16 | 000,032,256 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
PRC - [2004/12/14 01:12:02 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2004/11/11 17:50:15 | 000,212,992 | ---- | M] (Ahead Software) -- C:\Program Files\Nero\data\Xtras\mssysmgr.exe
PRC - [2004/10/14 12:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004/08/11 13:22:52 | 000,065,588 | ---- | M] (SafeNet) -- C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\SafeCfg.exe
PRC - [2004/08/11 13:22:46 | 000,057,398 | ---- | M] (SafeNet) -- C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IPSecMon.exe
PRC - [2004/08/11 13:22:44 | 000,319,538 | ---- | M] (SafeNet) -- C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IreIKE.exe
PRC - [2004/06/29 08:23:32 | 000,135,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
PRC - [2004/06/29 08:22:56 | 000,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
PRC - [2004/03/18 08:33:26 | 000,892,928 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\iTouch.exe


========== Modules (SafeList) ==========

MOD - [2010/12/03 08:43:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TL\Desktop\OTL.exe
MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/12/25 08:08:00 | 001,507,328 | ---- | M] () -- C:\WINDOWS\SYSTEM32\nview.dll
MOD - [2008/12/25 08:08:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nvwddi.dll
MOD - [2004/03/18 08:26:50 | 000,004,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\itchhk.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/11/10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/05/01 13:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/02/05 08:30:06 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\SYSTEM32\FsUsbExService.Exe -- (fsusbexservice)
SRV - [2008/04/07 08:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (servicelayer)
SRV - [2007/07/13 14:02:32 | 000,156,976 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2004/08/11 13:22:46 | 000,057,398 | ---- | M] (SafeNet) [Auto | Running] -- C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IPSecMon.exe -- (IPSECMON)
SRV - [2004/08/11 13:22:44 | 000,319,538 | ---- | M] (SafeNet) [Auto | Running] -- C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IreIKE.exe -- (IreIKE)
SRV - [2004/06/29 08:22:56 | 000,073,852 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (usbaapl)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\LMouKE.Sys -- (LMouKE)
DRV - [2010/11/09 22:20:58 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 02:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 02:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 02:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 20:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 20:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 20:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/05/26 18:28:23 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (saskutil)
DRV - [2010/02/19 06:53:25 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/19 06:53:25 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (sasenum)
DRV - [2009/11/06 17:26:57 | 000,018,816 | ---- | M] (RIF) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dvd43llh.sys -- (dvd43llh)
DRV - [2009/02/05 08:30:06 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008/12/25 08:08:00 | 006,301,344 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2008/04/13 10:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\61883.sys -- (61883)
DRV - [2008/04/13 10:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\avc.sys -- (Avc)
DRV - [2008/04/13 10:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\msdv.sys -- (MSDV)
DRV - [2008/04/13 10:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 10:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/09/17 14:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/05/03 12:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mxopswd.sys -- (MXOPSWD)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2004/12/05 22:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/12/05 22:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/12/05 22:05:00 | 000,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/12/05 22:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/12/05 22:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/12/05 22:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/12/05 22:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/12/05 22:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/12/05 22:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/01 00:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/22 23:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/09/17 07:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/08/25 10:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/11 12:01:40 | 000,119,864 | ---- | M] (SafeNet) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IpSecDrv.sys -- (IPSECDRV)
DRV - [2004/07/30 13:20:44 | 000,000,136 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\Crypto.sig -- (Crypto)
DRV - [2004/07/14 08:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 08:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2004/06/29 08:17:16 | 000,477,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2004/05/29 14:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
DRV - [2004/03/10 12:42:24 | 000,012,953 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\itchfltr.sys -- (itchfltr)
DRV - [2004/03/03 08:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Lhidusb.sys -- (LHidUsb)
DRV - [2004/03/03 08:50:00 | 000,014,095 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LCCFLTR.SYS -- (LCcfltr)
DRV - [2003/09/05 14:35:02 | 000,139,604 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dne2000.sys -- (DNE)
DRV - [2002/11/08 10:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/12/14 15:26:06 | 000,036,188 | ---- | M] (Deterministic Networks Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\vap.sys -- (DniVap) SafeNet WAN Miniport (VA)
DRV - [2001/08/17 11:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 11:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 11:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 11:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 11:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 10:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 10:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 10:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 10:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 10:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 10:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 10:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 10:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 10:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 10:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/02/18 10:09:56 | 000,009,312 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\hp4200c.sys -- (hp4200c)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/12/03 21:00:27 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/12/04 18:02:00 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe ()
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe ()
O4 - HKLM..\Run: [hplampc] C:\WINDOWS\SYSTEM32\hplampc.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\SYSTEM32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files\Nero\data\Xtras\mssysmgr.exe (Ahead Software)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR ProSafe VPN Client.lnk = C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\SafeCfg.exe (SafeNet)
O4 - Startup: C:\Documents and Settings\TL\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\TL\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_21.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab (Disney Online Games ActiveX Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264404150781 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264404043796 (MUWebControl Class)
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} http://mediaplayer.walmart.com/installer/install.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\TL\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\TL\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 10:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/12/04 17:54:12 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/12/04 17:54:12 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{819c1a5b-ba2a-11dc-b4a3-001111ec85dc}\Shell\AutoRun\command - "" = BOOTEX\thumbcache_131.exe
O33 - MountPoints2\{819c1a5b-ba2a-11dc-b4a3-001111ec85dc}\Shell\explore\command - "" = BOOTEX/thumbcache_131.exe
O33 - MountPoints2\{819c1a5b-ba2a-11dc-b4a3-001111ec85dc}\Shell\open\command - "" = .////BOOTEX/thumbcache_131.exe
O33 - MountPoints2\{ec4b6af1-6350-11da-afbb-00038a000015}\Shell\AutoRun\command - "" = G:\BOOTEX\thumbcache_131.exe -- File not found
O33 - MountPoints2\{ec4b6af1-6350-11da-afbb-00038a000015}\Shell\explore\command - "" = G:\BOOTEX\thumbcache_131.exe -- File not found
O33 - MountPoints2\{ec4b6af1-6350-11da-afbb-00038a000015}\Shell\open\command - "" = G:\.\\BOOTEX\thumbcache_131.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/04 18:01:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/04 17:54:12 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010/12/03 20:33:45 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\TL\Desktop\OTL.exe
[2010/12/03 20:27:50 | 001,344,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\TL\Desktop\TDSSKiller.exe
[2010/12/02 20:50:22 | 000,000,000 | ---D | C] -- C:\gmer
[2010/11/21 16:07:42 | 000,000,000 | ---D | C] -- C:\ProcessExplorer
[2010/11/21 14:26:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/11/20 21:23:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/11/20 21:22:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/11/20 17:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/11/20 13:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/11/20 13:23:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/11/18 16:17:34 | 015,459,304 | ---- | C] (Fengtao Software Inc. ) -- C:\DVDFab8050.exe
[2010/11/10 22:03:53 | 000,000,000 | ---D | C] -- C:\ATT U-VERSE
[2010/11/08 08:14:02 | 000,000,000 | ---D | C] -- C:\FLV
[2010/11/08 08:10:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TL\My Documents\Any DVD Converter Professional
[2010/11/08 08:10:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TL\Application Data\AnvSoft
[2009/11/06 17:38:40 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\TL\Application Data\pcouffin.sys
[1979/12/31 21:00:00 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll

========== Files - Modified Within 30 Days ==========

[2010/12/04 18:59:18 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/12/04 18:59:16 | 000,206,492 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/12/04 18:58:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/12/04 18:58:24 | 3219,296,256 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/04 18:02:00 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2010/12/04 17:53:45 | 100,967,222 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2010/12/04 17:52:02 | 000,132,597 | ---- | M] () -- C:\Flash_Disinfector.exe
[2010/12/03 21:00:36 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2010/12/03 08:43:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TL\Desktop\OTL.exe
[2010/12/02 20:51:37 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\TL\defogger_reenable
[2010/12/02 20:42:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/12/02 17:20:50 | 000,288,107 | ---- | M] () -- C:\gmer.zip
[2010/12/02 17:17:34 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\TL\Desktop\Defogger.exe
[2010/12/02 12:29:14 | 001,344,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\TL\Desktop\TDSSKiller.exe
[2010/11/21 18:21:50 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\TL\Desktop\dds.scr
[2010/11/21 16:07:23 | 001,836,413 | ---- | M] () -- C:\ProcessExplorer.zip
[2010/11/21 10:48:25 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/18 16:18:23 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\TL\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab 8.lnk
[2010/11/18 16:18:23 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\TL\Desktop\DVDFab 8.lnk
[2010/11/18 16:17:34 | 015,459,304 | ---- | M] (Fengtao Software Inc. ) -- C:\DVDFab8050.exe
[2010/11/09 22:20:58 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/11/08 10:32:38 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\TL\Desktop\gmer.exe
[2010/11/07 08:51:59 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\TL\Application Data\inst.exe
[2010/11/07 08:51:59 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\TL\Application Data\pcouffin.sys
[2010/11/07 08:51:59 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\TL\Application Data\pcouffin.cat
[2010/11/07 08:51:59 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\TL\Application Data\pcouffin.inf
[2010/11/07 06:07:53 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/11/07 06:07:53 | 000,066,656 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/11/05 08:30:02 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\TL\My Documents\PDVD_MediaDisc.PlayList

========== Files Created - No Company Name ==========

[2010/12/04 17:52:22 | 000,132,597 | ---- | C] () -- C:\Flash_Disinfector.exe
[2010/12/02 20:51:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\TL\defogger_reenable
[2010/12/02 20:50:22 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\TL\Desktop\gmer.exe
[2010/12/02 20:50:13 | 000,288,107 | ---- | C] () -- C:\gmer.zip
[2010/12/02 20:50:03 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\TL\Desktop\Defogger.exe
[2010/11/21 21:29:04 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\TL\Desktop\dds.scr
[2010/11/21 21:21:46 | 3219,296,256 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/21 16:07:08 | 001,836,413 | ---- | C] () -- C:\ProcessExplorer.zip
[2010/02/01 20:27:30 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2009/11/06 17:38:40 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\inst.exe
[2009/11/06 17:38:40 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\pcouffin.cat
[2009/11/06 17:38:40 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\pcouffin.inf
[2009/11/06 17:38:40 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\pcouffin.log
[2009/07/05 08:57:25 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009/07/05 08:57:25 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009/07/05 08:57:16 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\$_hpcst$.hpc
[2009/04/26 06:03:42 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2009/01/05 14:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/12/25 08:08:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/12/25 08:08:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/12/25 08:08:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/12/25 08:08:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/10/25 16:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/08/04 09:37:18 | 000,000,273 | ---- | C] () -- C:\WINDOWS\PICKLIST.INI
[2007/08/04 09:31:33 | 000,000,301 | ---- | C] () -- C:\WINDOWS\MIREPAIR.INI
[2007/08/04 09:31:33 | 000,000,058 | ---- | C] () -- C:\WINDOWS\MITCHELL.INI
[2007/08/04 09:31:19 | 000,005,106 | ---- | C] () -- C:\WINDOWS\ODWIN.INI
[2007/08/04 09:31:19 | 000,000,754 | ---- | C] () -- C:\WINDOWS\BTI.INI
[2007/03/28 19:16:24 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/01/09 22:15:31 | 000,000,019 | ---- | C] () -- C:\WINDOWS\MSMAIL32.INI
[2006/12/23 21:25:17 | 000,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/11/28 19:30:49 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\hpgt42.dll
[2006/11/27 22:26:36 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2006/11/27 22:26:36 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2006/11/27 22:26:09 | 000,015,047 | ---- | C] () -- C:\WINDOWS\HPSETUP.INI
[2006/09/16 09:58:52 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\FixVTS.ini
[2006/04/15 11:09:07 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/03/26 14:43:23 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000A18_VTS_1.IFO
[2006/03/26 14:43:23 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000A18_VTS_0.IFO
[2006/02/16 20:58:12 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000DE0_VTS_1.IFO
[2006/02/16 20:58:12 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000DE0_VTS_0.IFO
[2006/02/16 19:58:03 | 000,000,098 | ---- | C] () -- C:\WINDOWS\VPPLAYS.INI
[2005/12/18 14:56:28 | 000,088,064 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000144_VTS_1.IFO
[2005/12/18 14:56:28 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000144_VTS_0.IFO
[2005/10/09 13:17:00 | 000,088,064 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000458_VTS_2.IFO
[2005/10/09 13:17:00 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000458_VTS_3.IFO
[2005/10/09 13:17:00 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000458_VTS_1.IFO
[2005/10/09 13:17:00 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000458_VTS_0.IFO
[2005/10/05 19:34:52 | 000,059,392 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\000005D4_VTS_1.IFO
[2005/10/05 19:34:52 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\000005D4_VTS_2.IFO
[2005/10/05 19:34:52 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\000005D4_VTS_0.IFO
[2005/10/05 19:09:53 | 000,059,392 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E00_VTS_1.IFO
[2005/10/05 19:09:53 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E00_VTS_2.IFO
[2005/10/05 19:09:53 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E00_VTS_0.IFO
[2005/10/05 10:56:05 | 000,086,016 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\000005FC_VTS_2.IFO
[2005/10/05 10:56:05 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\000005FC_VTS_3.IFO
[2005/10/05 10:56:05 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\000005FC_VTS_1.IFO
[2005/10/05 10:56:05 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\000005FC_VTS_0.IFO
[2005/09/30 19:44:41 | 000,059,392 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E58_VTS_1.IFO
[2005/09/30 19:44:41 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E58_VTS_2.IFO
[2005/09/30 19:44:41 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E58_VTS_3.IFO
[2005/09/30 19:44:41 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E58_VTS_0.IFO
[2005/09/21 19:41:41 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/09/20 17:30:35 | 000,000,023 | ---- | C] () -- C:\WINDOWS\CANDYLND.INI
[2005/09/20 16:06:11 | 000,000,068 | ---- | C] () -- C:\WINDOWS\TONKA_SR.INI
[2005/09/20 06:35:18 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2005/09/20 06:35:18 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2005/09/20 06:35:18 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2005/09/04 12:39:24 | 000,000,374 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/09/02 22:08:19 | 000,246,272 | ---- | C] () -- C:\Documents and Settings\TL\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/24 08:53:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BBCAuto.INI
[2005/07/31 15:39:14 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2005/07/25 06:19:53 | 000,001,053 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2005/07/24 05:36:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2005/07/12 20:29:00 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000AE8_VTS_6.IFO
[2005/07/12 20:29:00 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000AE8_VTS_5.IFO
[2005/07/12 20:29:00 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000AE8_VTS_4.IFO
[2005/07/12 20:29:00 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000AE8_VTS_3.IFO
[2005/07/12 20:29:00 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000AE8_VTS_2.IFO
[2005/07/12 20:28:59 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000AE8_VTS_1.IFO
[2005/07/12 20:28:59 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000AE8_VTS_0.IFO
[2005/07/12 19:38:22 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E40_VTS_1.IFO
[2005/07/12 19:38:22 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E40_VTS_6.IFO
[2005/07/12 19:38:22 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E40_VTS_5.IFO
[2005/07/12 19:38:22 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E40_VTS_4.IFO
[2005/07/12 19:38:22 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E40_VTS_3.IFO
[2005/07/12 19:38:22 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E40_VTS_2.IFO
[2005/07/12 19:38:21 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E40_VTS_0.IFO
[2005/07/12 19:37:16 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F44_VTS_6.IFO
[2005/07/12 19:37:16 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F44_VTS_5.IFO
[2005/07/12 19:37:16 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F44_VTS_4.IFO
[2005/07/12 19:37:16 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F44_VTS_3.IFO
[2005/07/12 19:37:15 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F44_VTS_1.IFO
[2005/07/12 19:37:15 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F44_VTS_0.IFO
[2005/07/12 19:37:15 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F44_VTS_2.IFO
[2005/07/12 19:35:41 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000684_VTS_6.IFO
[2005/07/12 19:35:41 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000684_VTS_5.IFO
[2005/07/12 19:35:41 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000684_VTS_4.IFO
[2005/07/12 19:35:41 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000684_VTS_3.IFO
[2005/07/12 19:35:40 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000684_VTS_1.IFO
[2005/07/12 19:35:40 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000684_VTS_0.IFO
[2005/07/12 19:35:40 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000684_VTS_2.IFO
[2005/07/12 18:45:23 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F70_VTS_6.IFO
[2005/07/12 18:45:22 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F70_VTS_1.IFO
[2005/07/12 18:45:22 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F70_VTS_5.IFO
[2005/07/12 18:45:22 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F70_VTS_4.IFO
[2005/07/12 18:45:22 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F70_VTS_3.IFO
[2005/07/12 18:45:22 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F70_VTS_2.IFO
[2005/07/12 18:45:21 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F70_VTS_0.IFO
[2005/07/10 17:46:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/06/29 19:02:09 | 000,000,137 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2005/06/29 18:58:51 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2005/06/27 20:25:32 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\TL\Local Settings\Application Data\fusioncache.dat
[2005/06/27 08:33:03 | 000,001,441 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2005/06/26 21:43:35 | 000,000,051 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2005/06/26 20:53:01 | 000,000,508 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/26 20:43:39 | 000,000,214 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/06/26 20:39:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2005/06/26 20:35:03 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS3g.DLL
[2005/04/12 16:53:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/04/12 16:51:34 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/04/12 16:21:06 | 000,000,367 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/28 05:08:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 10:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 10:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/04 02:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[1997/09/12 00:00:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ODBCMON.DLL
[1997/09/12 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/09/12 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1979/12/31 21:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

< End of report >

Thanks for your help

#9 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:11 AM

Posted 05 December 2010 - 01:37 PM

Hi Underattacked09,

Your logs are looking better now, let's do one more check to make sure we got everything.


Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/clickz/news/1714488/viewpoint-plunge-into-adware

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.



Please download JavaRa and unzip it to your desktop.
Then Print these instructions as you won't have Internet access during this particular phase.

Close any instances of Internet Explorer before continuing
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English or the appropriate language...and click on Select.
  • JavaRa will open; Select Remove Older Versions, click yes, then ok.
  • A logfile will pop up, you can close it.
  • Now select Additional Tasks and check the following:

    Remove Useless JRE Files
    Remove Startup Entry

  • Click Go then ok to all the prompts, once done restart your computer.



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O33 - MountPoints2\{819c1a5b-ba2a-11dc-b4a3-001111ec85dc}\Shell\AutoRun\command - "" = BOOTEX\thumbcache_131.exe
    O33 - MountPoints2\{819c1a5b-ba2a-11dc-b4a3-001111ec85dc}\Shell\explore\command - "" = BOOTEX/thumbcache_131.exe
    O33 - MountPoints2\{819c1a5b-ba2a-11dc-b4a3-001111ec85dc}\Shell\open\command - "" = .////BOOTEX/thumbcache_131.exe
    O33 - MountPoints2\{ec4b6af1-6350-11da-afbb-00038a000015}\Shell\AutoRun\command - "" = G:\BOOTEX\thumbcache_131.exe -- File not found
    O33 - MountPoints2\{ec4b6af1-6350-11da-afbb-00038a000015}\Shell\explore\command - "" = G:\BOOTEX\thumbcache_131.exe -- File not found
    O33 - MountPoints2\{ec4b6af1-6350-11da-afbb-00038a000015}\Shell\open\command - "" = G:\.\\BOOTEX\thumbcache_131.exe -- File not found
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it in your reply.
  • Then also run a new OTL scan by clicking Run Scan and post the new OTL log.



Please do a scan with ESET OnlineScan

Note: If you run this in a browser other than IE you will be asked to download and install esetsmartinstaller_enu.exe
  • Click the Posted Image button.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser and allow it to install the ActiveX control.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


Then please post back with the OTL logs and ESET report.

unite.jpg


#10 Underattacked09

Underattacked09
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 06 December 2010 - 09:30 AM

Hi Syler,

I will post the result of the tests run tonight.

Thanks

#11 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:11 AM

Posted 06 December 2010 - 01:39 PM

Ok :thumbup2:

unite.jpg


#12 Underattacked09

Underattacked09
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 07 December 2010 - 01:56 AM

Hi Syler,

Here is the result from the test run.

OTL - FIX LOG

OTL logfile created on: 12/6/2010 8:21:40 PM - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\TL\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.04 Gb Total Space | 10.50 Gb Free Space | 14.78% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 116.37 Gb Free Space | 24.99% Space Free | Partition Type: NTFS

Computer Name: LOFAMILY | User Name: TL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/03 21:10:20 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/12/03 08:43:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TL\Desktop\OTL.exe
PRC - [2010/11/10 19:08:04 | 000,724,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/11/10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/10/27 05:15:24 | 001,073,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2010/10/27 05:14:50 | 001,047,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:57:54 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010/10/22 04:57:38 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/10/22 04:56:56 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2009/10/23 19:34:36 | 000,827,904 | ---- | M] () -- C:\Program Files\dvd43\DVD43_Tray.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/05/01 13:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/05/01 13:35:10 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/04/07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files\dcmsvc\dcmsvc.exe
PRC - [2009/02/05 14:00:56 | 000,098,304 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2009/02/05 08:30:06 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\SYSTEM32\FsUsbExService.Exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/13 14:02:32 | 000,156,976 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2007/07/13 14:01:40 | 000,169,264 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
PRC - [2006/06/22 13:15:48 | 000,462,848 | ---- | M] (Southwest Airlines) -- C:\Program Files\Southwest Airlines\Ding\Ding.exe
PRC - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2004/12/14 03:44:16 | 000,032,256 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
PRC - [2004/12/14 01:12:02 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2004/11/11 17:50:15 | 000,212,992 | ---- | M] (Ahead Software) -- C:\Program Files\Nero\data\Xtras\mssysmgr.exe
PRC - [2004/10/14 12:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004/08/11 13:22:52 | 000,065,588 | ---- | M] (SafeNet) -- C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\SafeCfg.exe
PRC - [2004/08/11 13:22:46 | 000,057,398 | ---- | M] (SafeNet) -- C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IPSecMon.exe
PRC - [2004/08/11 13:22:44 | 000,319,538 | ---- | M] (SafeNet) -- C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IreIKE.exe
PRC - [2004/06/29 08:22:56 | 000,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
PRC - [2004/03/18 08:33:26 | 000,892,928 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\iTouch.exe
PRC - [2004/01/06 22:01:00 | 000,110,592 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe


========== Modules (SafeList) ==========

MOD - [2010/12/03 08:43:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TL\Desktop\OTL.exe
MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/12/25 08:08:00 | 001,507,328 | ---- | M] () -- C:\WINDOWS\SYSTEM32\nview.dll
MOD - [2008/12/25 08:08:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nvwddi.dll
MOD - [2004/03/18 08:26:50 | 000,004,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\itchhk.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/11/10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/05/01 13:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/02/05 08:30:06 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\SYSTEM32\FsUsbExService.Exe -- (fsusbexservice)
SRV - [2008/04/07 08:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (servicelayer)
SRV - [2007/07/13 14:02:32 | 000,156,976 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2004/08/11 13:22:46 | 000,057,398 | ---- | M] (SafeNet) [Auto | Running] -- C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IPSecMon.exe -- (IPSECMON)
SRV - [2004/08/11 13:22:44 | 000,319,538 | ---- | M] (SafeNet) [Auto | Running] -- C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IreIKE.exe -- (IreIKE)
SRV - [2004/06/29 08:22:56 | 000,073,852 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (usbaapl)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\LMouKE.Sys -- (LMouKE)
DRV - [2010/11/09 22:20:58 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 02:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 02:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 02:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 20:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 20:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 20:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/05/26 18:28:23 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (saskutil)
DRV - [2010/02/19 06:53:25 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/19 06:53:25 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (sasenum)
DRV - [2009/11/06 17:26:57 | 000,018,816 | ---- | M] (RIF) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dvd43llh.sys -- (dvd43llh)
DRV - [2009/02/05 08:30:06 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008/12/25 08:08:00 | 006,301,344 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2008/04/13 10:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\61883.sys -- (61883)
DRV - [2008/04/13 10:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\avc.sys -- (Avc)
DRV - [2008/04/13 10:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\msdv.sys -- (MSDV)
DRV - [2008/04/13 10:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 10:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/09/17 14:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/05/03 12:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mxopswd.sys -- (MXOPSWD)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2004/12/05 22:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/12/05 22:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/12/05 22:05:00 | 000,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/12/05 22:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/12/05 22:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/12/05 22:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/12/05 22:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/12/05 22:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/12/05 22:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/01 00:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/22 23:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/09/17 07:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/08/25 10:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/11 12:01:40 | 000,119,864 | ---- | M] (SafeNet) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IpSecDrv.sys -- (IPSECDRV)
DRV - [2004/07/30 13:20:44 | 000,000,136 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\Crypto.sig -- (Crypto)
DRV - [2004/07/14 08:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 08:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2004/06/29 08:17:16 | 000,477,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2004/05/29 14:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
DRV - [2004/03/10 12:42:24 | 000,012,953 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\itchfltr.sys -- (itchfltr)
DRV - [2004/03/03 08:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Lhidusb.sys -- (LHidUsb)
DRV - [2004/03/03 08:50:00 | 000,014,095 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LCCFLTR.SYS -- (LCcfltr)
DRV - [2003/09/05 14:35:02 | 000,139,604 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dne2000.sys -- (DNE)
DRV - [2002/11/08 10:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/12/14 15:26:06 | 000,036,188 | ---- | M] (Deterministic Networks Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\vap.sys -- (DniVap) SafeNet WAN Miniport (VA)
DRV - [2001/08/17 11:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 11:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 11:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 11:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 11:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 10:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 10:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 10:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 10:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 10:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 10:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 10:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 10:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 10:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 10:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/02/18 10:09:56 | 000,009,312 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\hp4200c.sys -- (hp4200c)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/12/03 21:00:27 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/12/04 18:02:00 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe ()
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe ()
O4 - HKLM..\Run: [hplampc] C:\WINDOWS\SYSTEM32\hplampc.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\SYSTEM32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files\Nero\data\Xtras\mssysmgr.exe (Ahead Software)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR ProSafe VPN Client.lnk = C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\SafeCfg.exe (SafeNet)
O4 - Startup: C:\Documents and Settings\TL\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\TL\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab (Disney Online Games ActiveX Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264404150781 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264404043796 (MUWebControl Class)
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} http://mediaplayer.walmart.com/installer/install.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\TL\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\TL\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 10:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/12/04 17:54:12 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/12/04 17:54:12 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{819c1a5b-ba2a-11dc-b4a3-001111ec85dc}\Shell\AutoRun\command - "" = BOOTEX\thumbcache_131.exe
O33 - MountPoints2\{819c1a5b-ba2a-11dc-b4a3-001111ec85dc}\Shell\explore\command - "" = BOOTEX/thumbcache_131.exe
O33 - MountPoints2\{819c1a5b-ba2a-11dc-b4a3-001111ec85dc}\Shell\open\command - "" = .////BOOTEX/thumbcache_131.exe
O33 - MountPoints2\{ec4b6af1-6350-11da-afbb-00038a000015}\Shell\AutoRun\command - "" = G:\BOOTEX\thumbcache_131.exe -- File not found
O33 - MountPoints2\{ec4b6af1-6350-11da-afbb-00038a000015}\Shell\explore\command - "" = G:\BOOTEX\thumbcache_131.exe -- File not found
O33 - MountPoints2\{ec4b6af1-6350-11da-afbb-00038a000015}\Shell\open\command - "" = G:\.\\BOOTEX\thumbcache_131.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/06 20:14:07 | 000,000,000 | ---D | C] -- C:\JavaRa
[2010/12/04 19:25:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dumps
[2010/12/04 18:01:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/04 17:54:12 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010/12/03 20:33:45 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\TL\Desktop\OTL.exe
[2010/12/03 20:27:50 | 001,344,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\TL\Desktop\TDSSKiller.exe
[2010/12/02 20:50:22 | 000,000,000 | ---D | C] -- C:\gmer
[2010/11/21 16:07:42 | 000,000,000 | ---D | C] -- C:\ProcessExplorer
[2010/11/21 14:26:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/11/20 21:23:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/11/20 21:22:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/11/20 17:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/11/20 13:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/11/20 13:23:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/11/18 16:17:34 | 015,459,304 | ---- | C] (Fengtao Software Inc. ) -- C:\DVDFab8050.exe
[2010/11/10 22:03:53 | 000,000,000 | ---D | C] -- C:\ATT U-VERSE
[2010/11/08 08:14:02 | 000,000,000 | ---D | C] -- C:\FLV
[2010/11/08 08:10:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TL\My Documents\Any DVD Converter Professional
[2010/11/08 08:10:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TL\Application Data\AnvSoft
[2009/11/06 17:38:40 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\TL\Application Data\pcouffin.sys
[1979/12/31 21:00:00 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll

========== Files - Modified Within 30 Days ==========

[2010/12/06 20:18:22 | 000,206,492 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/12/06 20:18:11 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/12/06 20:17:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/12/06 20:17:51 | 3219,296,256 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/06 20:12:41 | 000,205,540 | ---- | M] () -- C:\JavaRa.zip
[2010/12/06 19:58:53 | 101,171,292 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2010/12/06 19:53:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/12/04 18:02:00 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2010/12/04 17:52:02 | 000,132,597 | ---- | M] () -- C:\Flash_Disinfector.exe
[2010/12/03 21:00:36 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2010/12/03 08:43:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TL\Desktop\OTL.exe
[2010/12/02 20:51:37 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\TL\defogger_reenable
[2010/12/02 17:20:50 | 000,288,107 | ---- | M] () -- C:\gmer.zip
[2010/12/02 17:17:34 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\TL\Desktop\Defogger.exe
[2010/12/02 12:29:14 | 001,344,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\TL\Desktop\TDSSKiller.exe
[2010/11/21 18:21:50 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\TL\Desktop\dds.scr
[2010/11/21 16:07:23 | 001,836,413 | ---- | M] () -- C:\ProcessExplorer.zip
[2010/11/21 10:48:25 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/18 16:18:23 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\TL\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab 8.lnk
[2010/11/18 16:18:23 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\TL\Desktop\DVDFab 8.lnk
[2010/11/18 16:17:34 | 015,459,304 | ---- | M] (Fengtao Software Inc. ) -- C:\DVDFab8050.exe
[2010/11/09 22:20:58 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/11/08 10:32:38 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\TL\Desktop\gmer.exe
[2010/11/07 08:51:59 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\TL\Application Data\inst.exe
[2010/11/07 08:51:59 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\TL\Application Data\pcouffin.sys
[2010/11/07 08:51:59 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\TL\Application Data\pcouffin.cat
[2010/11/07 08:51:59 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\TL\Application Data\pcouffin.inf
[2010/11/07 06:07:53 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/11/07 06:07:53 | 000,066,656 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT

========== Files Created - No Company Name ==========

[2010/12/06 20:12:47 | 000,205,540 | ---- | C] () -- C:\JavaRa.zip
[2010/12/04 17:52:22 | 000,132,597 | ---- | C] () -- C:\Flash_Disinfector.exe
[2010/12/02 20:51:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\TL\defogger_reenable
[2010/12/02 20:50:22 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\TL\Desktop\gmer.exe
[2010/12/02 20:50:13 | 000,288,107 | ---- | C] () -- C:\gmer.zip
[2010/12/02 20:50:03 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\TL\Desktop\Defogger.exe
[2010/11/21 21:29:04 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\TL\Desktop\dds.scr
[2010/11/21 21:21:46 | 3219,296,256 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/21 16:07:08 | 001,836,413 | ---- | C] () -- C:\ProcessExplorer.zip
[2010/02/01 20:27:30 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2009/11/06 17:38:40 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\inst.exe
[2009/11/06 17:38:40 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\pcouffin.cat
[2009/11/06 17:38:40 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\pcouffin.inf
[2009/11/06 17:38:40 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\pcouffin.log
[2009/07/05 08:57:25 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009/07/05 08:57:25 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009/07/05 08:57:16 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\$_hpcst$.hpc
[2009/04/26 06:03:42 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2009/01/05 14:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/12/25 08:08:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/12/25 08:08:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/12/25 08:08:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/12/25 08:08:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/10/25 16:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/08/04 09:37:18 | 000,000,273 | ---- | C] () -- C:\WINDOWS\PICKLIST.INI
[2007/08/04 09:31:33 | 000,000,301 | ---- | C] () -- C:\WINDOWS\MIREPAIR.INI
[2007/08/04 09:31:33 | 000,000,058 | ---- | C] () -- C:\WINDOWS\MITCHELL.INI
[2007/08/04 09:31:19 | 000,005,106 | ---- | C] () -- C:\WINDOWS\ODWIN.INI
[2007/08/04 09:31:19 | 000,000,754 | ---- | C] () -- C:\WINDOWS\BTI.INI
[2007/03/28 19:16:24 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/01/09 22:15:31 | 000,000,019 | ---- | C] () -- C:\WINDOWS\MSMAIL32.INI
[2006/12/23 21:25:17 | 000,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/11/28 19:30:49 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\hpgt42.dll
[2006/11/27 22:26:36 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2006/11/27 22:26:36 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2006/11/27 22:26:09 | 000,015,047 | ---- | C] () -- C:\WINDOWS\HPSETUP.INI
[2006/09/16 09:58:52 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\FixVTS.ini
[2006/04/15 11:09:07 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/03/26 14:43:23 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000A18_VTS_1.IFO
[2006/03/26 14:43:23 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000A18_VTS_0.IFO
[2006/02/16 20:58:12 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000DE0_VTS_1.IFO
[2006/02/16 20:58:12 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000DE0_VTS_0.IFO
[2006/02/16 19:58:03 | 000,000,098 | ---- | C] () -- C:\WINDOWS\VPPLAYS.INI
[2005/12/18 14:56:28 | 000,088,064 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000144_VTS_1.IFO
[2005/12/18 14:56:28 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000144_VTS_0.IFO
[2005/10/09 13:17:00 | 000,088,064 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000458_VTS_2.IFO
[2005/10/09 13:17:00 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000458_VTS_3.IFO
[2005/10/09 13:17:00 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000458_VTS_1.IFO
[2005/10/09 13:17:00 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000458_VTS_0.IFO
[2005/10/05 19:34:52 | 000,059,392 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\000005D4_VTS_1.IFO
[2005/10/05 19:34:52 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\000005D4_VTS_2.IFO
[2005/10/05 19:34:52 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\000005D4_VTS_0.IFO
[2005/10/05 19:09:53 | 000,059,392 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E00_VTS_1.IFO
[2005/10/05 19:09:53 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E00_VTS_2.IFO
[2005/10/05 19:09:53 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E00_VTS_0.IFO
[2005/10/05 10:56:05 | 000,086,016 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\000005FC_VTS_2.IFO
[2005/10/05 10:56:05 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\000005FC_VTS_3.IFO
[2005/10/05 10:56:05 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\000005FC_VTS_1.IFO
[2005/10/05 10:56:05 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\000005FC_VTS_0.IFO
[2005/09/30 19:44:41 | 000,059,392 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E58_VTS_1.IFO
[2005/09/30 19:44:41 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E58_VTS_2.IFO
[2005/09/30 19:44:41 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E58_VTS_3.IFO
[2005/09/30 19:44:41 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E58_VTS_0.IFO
[2005/09/21 19:41:41 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/09/20 17:30:35 | 000,000,023 | ---- | C] () -- C:\WINDOWS\CANDYLND.INI
[2005/09/20 16:06:11 | 000,000,068 | ---- | C] () -- C:\WINDOWS\TONKA_SR.INI
[2005/09/20 06:35:18 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2005/09/20 06:35:18 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2005/09/20 06:35:18 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2005/09/04 12:39:24 | 000,000,374 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/09/02 22:08:19 | 000,246,272 | ---- | C] () -- C:\Documents and Settings\TL\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/24 08:53:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BBCAuto.INI
[2005/07/31 15:39:14 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2005/07/25 06:19:53 | 000,001,053 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2005/07/24 05:36:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2005/07/12 20:29:00 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000AE8_VTS_6.IFO
[2005/07/12 20:29:00 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000AE8_VTS_5.IFO
[2005/07/12 20:29:00 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000AE8_VTS_4.IFO
[2005/07/12 20:29:00 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000AE8_VTS_3.IFO
[2005/07/12 20:29:00 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000AE8_VTS_2.IFO
[2005/07/12 20:28:59 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000AE8_VTS_1.IFO
[2005/07/12 20:28:59 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000AE8_VTS_0.IFO
[2005/07/12 19:38:22 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E40_VTS_1.IFO
[2005/07/12 19:38:22 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E40_VTS_6.IFO
[2005/07/12 19:38:22 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E40_VTS_5.IFO
[2005/07/12 19:38:22 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E40_VTS_4.IFO
[2005/07/12 19:38:22 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E40_VTS_3.IFO
[2005/07/12 19:38:22 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E40_VTS_2.IFO
[2005/07/12 19:38:21 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E40_VTS_0.IFO
[2005/07/12 19:37:16 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F44_VTS_6.IFO
[2005/07/12 19:37:16 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F44_VTS_5.IFO
[2005/07/12 19:37:16 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F44_VTS_4.IFO
[2005/07/12 19:37:16 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F44_VTS_3.IFO
[2005/07/12 19:37:15 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F44_VTS_1.IFO
[2005/07/12 19:37:15 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F44_VTS_0.IFO
[2005/07/12 19:37:15 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F44_VTS_2.IFO
[2005/07/12 19:35:41 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000684_VTS_6.IFO
[2005/07/12 19:35:41 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000684_VTS_5.IFO
[2005/07/12 19:35:41 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000684_VTS_4.IFO
[2005/07/12 19:35:41 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000684_VTS_3.IFO
[2005/07/12 19:35:40 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000684_VTS_1.IFO
[2005/07/12 19:35:40 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000684_VTS_0.IFO
[2005/07/12 19:35:40 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000684_VTS_2.IFO
[2005/07/12 18:45:23 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F70_VTS_6.IFO
[2005/07/12 18:45:22 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F70_VTS_1.IFO
[2005/07/12 18:45:22 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F70_VTS_5.IFO
[2005/07/12 18:45:22 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F70_VTS_4.IFO
[2005/07/12 18:45:22 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F70_VTS_3.IFO
[2005/07/12 18:45:22 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F70_VTS_2.IFO
[2005/07/12 18:45:21 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F70_VTS_0.IFO
[2005/07/10 17:46:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/06/29 19:02:09 | 000,000,137 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2005/06/29 18:58:51 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2005/06/27 20:25:32 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\TL\Local Settings\Application Data\fusioncache.dat
[2005/06/27 08:33:03 | 000,001,441 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2005/06/26 21:43:35 | 000,000,051 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2005/06/26 20:53:01 | 000,000,508 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/26 20:43:39 | 000,000,214 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/06/26 20:39:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2005/06/26 20:35:03 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS3g.DLL
[2005/04/12 16:53:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/04/12 16:51:34 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/04/12 16:21:06 | 000,000,367 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/28 05:08:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 10:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 10:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/04 02:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[1997/09/12 00:00:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ODBCMON.DLL
[1997/09/12 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/09/12 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1979/12/31 21:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

========== Custom Scans ==========


< :OTL >

< O33 - MountPoints2\{819c1a5b-ba2a-11dc-b4a3-001111ec85dc}\Shell\AutoRun\command - "" = BOOTEX\thumbcache_131.exe >

< O33 - MountPoints2\{819c1a5b-ba2a-11dc-b4a3-001111ec85dc}\Shell\explore\command - "" = BOOTEX/thumbcache_131.exe >

< O33 - MountPoints2\{819c1a5b-ba2a-11dc-b4a3-001111ec85dc}\Shell\open\command - "" = .////BOOTEX/thumbcache_131.exe >

< O33 - MountPoints2\{ec4b6af1-6350-11da-afbb-00038a000015}\Shell\AutoRun\command - "" = G:\BOOTEX\thumbcache_131.exe -- File not found >

< O33 - MountPoints2\{ec4b6af1-6350-11da-afbb-00038a000015}\Shell\explore\command - "" = G:\BOOTEX\thumbcache_131.exe -- File not found >

< O33 - MountPoints2\{ec4b6af1-6350-11da-afbb-00038a000015}\Shell\open\command - "" = G:\.\\BOOTEX\thumbcache_131.exe -- File not found >

< >

< >

< >

< End of report >

OTL LOG

OTL logfile created on: 12/6/2010 8:26:18 PM - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\TL\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.04 Gb Total Space | 10.50 Gb Free Space | 14.78% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 116.37 Gb Free Space | 24.99% Space Free | Partition Type: NTFS

Computer Name: LOFAMILY | User Name: TL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/03 21:10:20 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/12/03 08:43:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TL\Desktop\OTL.exe
PRC - [2010/11/10 19:08:04 | 000,724,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/11/10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/10/27 05:15:24 | 001,073,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2010/10/27 05:14:50 | 001,047,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:57:54 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010/10/22 04:57:38 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/10/22 04:56:56 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2009/10/23 19:34:36 | 000,827,904 | ---- | M] () -- C:\Program Files\dvd43\DVD43_Tray.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/05/01 13:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/05/01 13:35:10 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/04/07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files\dcmsvc\dcmsvc.exe
PRC - [2009/02/05 14:00:56 | 000,098,304 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2009/02/05 08:30:06 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\SYSTEM32\FsUsbExService.Exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/13 14:02:32 | 000,156,976 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2007/07/13 14:01:40 | 000,169,264 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
PRC - [2006/06/22 13:15:48 | 000,462,848 | ---- | M] (Southwest Airlines) -- C:\Program Files\Southwest Airlines\Ding\Ding.exe
PRC - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2004/12/14 01:12:02 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2004/11/11 17:50:15 | 000,212,992 | ---- | M] (Ahead Software) -- C:\Program Files\Nero\data\Xtras\mssysmgr.exe
PRC - [2004/10/14 12:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004/08/11 13:22:52 | 000,065,588 | ---- | M] (SafeNet) -- C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\SafeCfg.exe
PRC - [2004/08/11 13:22:46 | 000,057,398 | ---- | M] (SafeNet) -- C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IPSecMon.exe
PRC - [2004/08/11 13:22:44 | 000,319,538 | ---- | M] (SafeNet) -- C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IreIKE.exe
PRC - [2004/06/29 08:22:56 | 000,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
PRC - [2004/03/18 08:33:26 | 000,892,928 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\iTouch.exe


========== Modules (SafeList) ==========

MOD - [2010/12/03 08:43:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TL\Desktop\OTL.exe
MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/12/25 08:08:00 | 001,507,328 | ---- | M] () -- C:\WINDOWS\SYSTEM32\nview.dll
MOD - [2008/12/25 08:08:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nvwddi.dll
MOD - [2008/05/13 09:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
MOD - [2004/03/18 08:26:50 | 000,004,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\itchhk.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/11/10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/05/01 13:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/02/05 08:30:06 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\SYSTEM32\FsUsbExService.Exe -- (fsusbexservice)
SRV - [2008/04/07 08:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (servicelayer)
SRV - [2007/07/13 14:02:32 | 000,156,976 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2004/08/11 13:22:46 | 000,057,398 | ---- | M] (SafeNet) [Auto | Running] -- C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IPSecMon.exe -- (IPSECMON)
SRV - [2004/08/11 13:22:44 | 000,319,538 | ---- | M] (SafeNet) [Auto | Running] -- C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IreIKE.exe -- (IreIKE)
SRV - [2004/06/29 08:22:56 | 000,073,852 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (usbaapl)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\LMouKE.Sys -- (LMouKE)
DRV - [2010/11/09 22:20:58 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 02:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 02:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 02:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 20:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 20:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 20:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/05/26 18:28:23 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (saskutil)
DRV - [2010/02/19 06:53:25 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/19 06:53:25 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (sasenum)
DRV - [2009/11/06 17:26:57 | 000,018,816 | ---- | M] (RIF) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dvd43llh.sys -- (dvd43llh)
DRV - [2009/02/05 08:30:06 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008/12/25 08:08:00 | 006,301,344 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2008/04/13 10:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\61883.sys -- (61883)
DRV - [2008/04/13 10:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\avc.sys -- (Avc)
DRV - [2008/04/13 10:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\msdv.sys -- (MSDV)
DRV - [2008/04/13 10:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 10:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/09/17 14:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/05/03 12:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mxopswd.sys -- (MXOPSWD)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2004/12/05 22:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/12/05 22:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/12/05 22:05:00 | 000,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/12/05 22:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/12/05 22:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/12/05 22:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/12/05 22:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/12/05 22:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/12/05 22:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/01 00:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/22 23:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/09/17 07:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/08/25 10:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/11 12:01:40 | 000,119,864 | ---- | M] (SafeNet) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IpSecDrv.sys -- (IPSECDRV)
DRV - [2004/07/30 13:20:44 | 000,000,136 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\Crypto.sig -- (Crypto)
DRV - [2004/07/14 08:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 08:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2004/06/29 08:17:16 | 000,477,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2004/05/29 14:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
DRV - [2004/03/10 12:42:24 | 000,012,953 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\itchfltr.sys -- (itchfltr)
DRV - [2004/03/03 08:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Lhidusb.sys -- (LHidUsb)
DRV - [2004/03/03 08:50:00 | 000,014,095 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LCCFLTR.SYS -- (LCcfltr)
DRV - [2003/09/05 14:35:02 | 000,139,604 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dne2000.sys -- (DNE)
DRV - [2002/11/08 10:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/12/14 15:26:06 | 000,036,188 | ---- | M] (Deterministic Networks Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\vap.sys -- (DniVap) SafeNet WAN Miniport (VA)
DRV - [2001/08/17 11:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 11:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 11:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 11:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 11:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 10:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 10:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 10:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 10:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 10:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 10:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 10:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 10:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 10:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 10:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/02/18 10:09:56 | 000,009,312 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\hp4200c.sys -- (hp4200c)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/12/03 21:00:27 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/12/04 18:02:00 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe ()
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe ()
O4 - HKLM..\Run: [hplampc] C:\WINDOWS\SYSTEM32\hplampc.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\SYSTEM32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files\Nero\data\Xtras\mssysmgr.exe (Ahead Software)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR ProSafe VPN Client.lnk = C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\SafeCfg.exe (SafeNet)
O4 - Startup: C:\Documents and Settings\TL\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\TL\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab (Disney Online Games ActiveX Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264404150781 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264404043796 (MUWebControl Class)
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} http://mediaplayer.walmart.com/installer/install.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\TL\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\TL\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 10:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/12/04 17:54:12 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/12/04 17:54:12 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{819c1a5b-ba2a-11dc-b4a3-001111ec85dc}\Shell\AutoRun\command - "" = BOOTEX\thumbcache_131.exe
O33 - MountPoints2\{819c1a5b-ba2a-11dc-b4a3-001111ec85dc}\Shell\explore\command - "" = BOOTEX/thumbcache_131.exe
O33 - MountPoints2\{819c1a5b-ba2a-11dc-b4a3-001111ec85dc}\Shell\open\command - "" = .////BOOTEX/thumbcache_131.exe
O33 - MountPoints2\{ec4b6af1-6350-11da-afbb-00038a000015}\Shell\AutoRun\command - "" = G:\BOOTEX\thumbcache_131.exe -- File not found
O33 - MountPoints2\{ec4b6af1-6350-11da-afbb-00038a000015}\Shell\explore\command - "" = G:\BOOTEX\thumbcache_131.exe -- File not found
O33 - MountPoints2\{ec4b6af1-6350-11da-afbb-00038a000015}\Shell\open\command - "" = G:\.\\BOOTEX\thumbcache_131.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/06 20:14:07 | 000,000,000 | ---D | C] -- C:\JavaRa
[2010/12/04 19:25:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dumps
[2010/12/04 18:01:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/04 17:54:12 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010/12/03 20:33:45 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\TL\Desktop\OTL.exe
[2010/12/03 20:27:50 | 001,344,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\TL\Desktop\TDSSKiller.exe
[2010/12/02 20:50:22 | 000,000,000 | ---D | C] -- C:\gmer
[2010/11/21 16:07:42 | 000,000,000 | ---D | C] -- C:\ProcessExplorer
[2010/11/21 14:26:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/11/20 21:23:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/11/20 21:22:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/11/20 17:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/11/20 13:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/11/20 13:23:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/11/18 16:17:34 | 015,459,304 | ---- | C] (Fengtao Software Inc. ) -- C:\DVDFab8050.exe
[2010/11/10 22:03:53 | 000,000,000 | ---D | C] -- C:\ATT U-VERSE
[2010/11/08 08:14:02 | 000,000,000 | ---D | C] -- C:\FLV
[2010/11/08 08:10:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TL\My Documents\Any DVD Converter Professional
[2010/11/08 08:10:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TL\Application Data\AnvSoft
[2009/11/06 17:38:40 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\TL\Application Data\pcouffin.sys
[1979/12/31 21:00:00 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll

========== Files - Modified Within 30 Days ==========

[2010/12/06 20:18:22 | 000,206,492 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/12/06 20:18:11 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/12/06 20:17:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/12/06 20:17:51 | 3219,296,256 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/06 20:12:41 | 000,205,540 | ---- | M] () -- C:\JavaRa.zip
[2010/12/06 19:58:53 | 101,171,292 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2010/12/06 19:53:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/12/04 18:02:00 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2010/12/04 17:52:02 | 000,132,597 | ---- | M] () -- C:\Flash_Disinfector.exe
[2010/12/03 21:00:36 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2010/12/03 08:43:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\TL\Desktop\OTL.exe
[2010/12/02 20:51:37 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\TL\defogger_reenable
[2010/12/02 17:20:50 | 000,288,107 | ---- | M] () -- C:\gmer.zip
[2010/12/02 17:17:34 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\TL\Desktop\Defogger.exe
[2010/12/02 12:29:14 | 001,344,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\TL\Desktop\TDSSKiller.exe
[2010/11/21 18:21:50 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\TL\Desktop\dds.scr
[2010/11/21 16:07:23 | 001,836,413 | ---- | M] () -- C:\ProcessExplorer.zip
[2010/11/21 10:48:25 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/18 16:18:23 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\TL\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab 8.lnk
[2010/11/18 16:18:23 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\TL\Desktop\DVDFab 8.lnk
[2010/11/18 16:17:34 | 015,459,304 | ---- | M] (Fengtao Software Inc. ) -- C:\DVDFab8050.exe
[2010/11/09 22:20:58 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/11/08 10:32:38 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\TL\Desktop\gmer.exe
[2010/11/07 08:51:59 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\TL\Application Data\inst.exe
[2010/11/07 08:51:59 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\TL\Application Data\pcouffin.sys
[2010/11/07 08:51:59 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\TL\Application Data\pcouffin.cat
[2010/11/07 08:51:59 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\TL\Application Data\pcouffin.inf
[2010/11/07 06:07:53 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/11/07 06:07:53 | 000,066,656 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT

========== Files Created - No Company Name ==========

[2010/12/06 20:12:47 | 000,205,540 | ---- | C] () -- C:\JavaRa.zip
[2010/12/04 17:52:22 | 000,132,597 | ---- | C] () -- C:\Flash_Disinfector.exe
[2010/12/02 20:51:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\TL\defogger_reenable
[2010/12/02 20:50:22 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\TL\Desktop\gmer.exe
[2010/12/02 20:50:13 | 000,288,107 | ---- | C] () -- C:\gmer.zip
[2010/12/02 20:50:03 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\TL\Desktop\Defogger.exe
[2010/11/21 21:29:04 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\TL\Desktop\dds.scr
[2010/11/21 21:21:46 | 3219,296,256 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/21 16:07:08 | 001,836,413 | ---- | C] () -- C:\ProcessExplorer.zip
[2010/02/01 20:27:30 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2009/11/06 17:38:40 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\inst.exe
[2009/11/06 17:38:40 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\pcouffin.cat
[2009/11/06 17:38:40 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\pcouffin.inf
[2009/11/06 17:38:40 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\pcouffin.log
[2009/07/05 08:57:25 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009/07/05 08:57:25 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009/07/05 08:57:16 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\$_hpcst$.hpc
[2009/04/26 06:03:42 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2009/01/05 14:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/12/25 08:08:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/12/25 08:08:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/12/25 08:08:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/12/25 08:08:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/10/25 16:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/08/04 09:37:18 | 000,000,273 | ---- | C] () -- C:\WINDOWS\PICKLIST.INI
[2007/08/04 09:31:33 | 000,000,301 | ---- | C] () -- C:\WINDOWS\MIREPAIR.INI
[2007/08/04 09:31:33 | 000,000,058 | ---- | C] () -- C:\WINDOWS\MITCHELL.INI
[2007/08/04 09:31:19 | 000,005,106 | ---- | C] () -- C:\WINDOWS\ODWIN.INI
[2007/08/04 09:31:19 | 000,000,754 | ---- | C] () -- C:\WINDOWS\BTI.INI
[2007/03/28 19:16:24 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/01/09 22:15:31 | 000,000,019 | ---- | C] () -- C:\WINDOWS\MSMAIL32.INI
[2006/12/23 21:25:17 | 000,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/11/28 19:30:49 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\hpgt42.dll
[2006/11/27 22:26:36 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2006/11/27 22:26:36 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2006/11/27 22:26:09 | 000,015,047 | ---- | C] () -- C:\WINDOWS\HPSETUP.INI
[2006/09/16 09:58:52 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\FixVTS.ini
[2006/04/15 11:09:07 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/03/26 14:43:23 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000A18_VTS_1.IFO
[2006/03/26 14:43:23 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000A18_VTS_0.IFO
[2006/02/16 20:58:12 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000DE0_VTS_1.IFO
[2006/02/16 20:58:12 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000DE0_VTS_0.IFO
[2006/02/16 19:58:03 | 000,000,098 | ---- | C] () -- C:\WINDOWS\VPPLAYS.INI
[2005/12/18 14:56:28 | 000,088,064 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000144_VTS_1.IFO
[2005/12/18 14:56:28 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000144_VTS_0.IFO
[2005/10/09 13:17:00 | 000,088,064 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000458_VTS_2.IFO
[2005/10/09 13:17:00 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000458_VTS_3.IFO
[2005/10/09 13:17:00 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000458_VTS_1.IFO
[2005/10/09 13:17:00 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000458_VTS_0.IFO
[2005/10/05 19:34:52 | 000,059,392 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\000005D4_VTS_1.IFO
[2005/10/05 19:34:52 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\000005D4_VTS_2.IFO
[2005/10/05 19:34:52 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\000005D4_VTS_0.IFO
[2005/10/05 19:09:53 | 000,059,392 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E00_VTS_1.IFO
[2005/10/05 19:09:53 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E00_VTS_2.IFO
[2005/10/05 19:09:53 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E00_VTS_0.IFO
[2005/10/05 10:56:05 | 000,086,016 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\000005FC_VTS_2.IFO
[2005/10/05 10:56:05 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\000005FC_VTS_3.IFO
[2005/10/05 10:56:05 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\000005FC_VTS_1.IFO
[2005/10/05 10:56:05 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\000005FC_VTS_0.IFO
[2005/09/30 19:44:41 | 000,059,392 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E58_VTS_1.IFO
[2005/09/30 19:44:41 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E58_VTS_2.IFO
[2005/09/30 19:44:41 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E58_VTS_3.IFO
[2005/09/30 19:44:41 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E58_VTS_0.IFO
[2005/09/21 19:41:41 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/09/20 17:30:35 | 000,000,023 | ---- | C] () -- C:\WINDOWS\CANDYLND.INI
[2005/09/20 16:06:11 | 000,000,068 | ---- | C] () -- C:\WINDOWS\TONKA_SR.INI
[2005/09/20 06:35:18 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2005/09/20 06:35:18 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2005/09/20 06:35:18 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2005/09/04 12:39:24 | 000,000,374 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/09/02 22:08:19 | 000,246,272 | ---- | C] () -- C:\Documents and Settings\TL\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/24 08:53:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BBCAuto.INI
[2005/07/31 15:39:14 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2005/07/25 06:19:53 | 000,001,053 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2005/07/24 05:36:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2005/07/12 20:29:00 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000AE8_VTS_6.IFO
[2005/07/12 20:29:00 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000AE8_VTS_5.IFO
[2005/07/12 20:29:00 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000AE8_VTS_4.IFO
[2005/07/12 20:29:00 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000AE8_VTS_3.IFO
[2005/07/12 20:29:00 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000AE8_VTS_2.IFO
[2005/07/12 20:28:59 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000AE8_VTS_1.IFO
[2005/07/12 20:28:59 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000AE8_VTS_0.IFO
[2005/07/12 19:38:22 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E40_VTS_1.IFO
[2005/07/12 19:38:22 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E40_VTS_6.IFO
[2005/07/12 19:38:22 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E40_VTS_5.IFO
[2005/07/12 19:38:22 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E40_VTS_4.IFO
[2005/07/12 19:38:22 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E40_VTS_3.IFO
[2005/07/12 19:38:22 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E40_VTS_2.IFO
[2005/07/12 19:38:21 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000E40_VTS_0.IFO
[2005/07/12 19:37:16 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F44_VTS_6.IFO
[2005/07/12 19:37:16 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F44_VTS_5.IFO
[2005/07/12 19:37:16 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F44_VTS_4.IFO
[2005/07/12 19:37:16 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F44_VTS_3.IFO
[2005/07/12 19:37:15 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F44_VTS_1.IFO
[2005/07/12 19:37:15 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F44_VTS_0.IFO
[2005/07/12 19:37:15 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F44_VTS_2.IFO
[2005/07/12 19:35:41 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000684_VTS_6.IFO
[2005/07/12 19:35:41 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000684_VTS_5.IFO
[2005/07/12 19:35:41 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000684_VTS_4.IFO
[2005/07/12 19:35:41 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000684_VTS_3.IFO
[2005/07/12 19:35:40 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000684_VTS_1.IFO
[2005/07/12 19:35:40 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000684_VTS_0.IFO
[2005/07/12 19:35:40 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000684_VTS_2.IFO
[2005/07/12 18:45:23 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F70_VTS_6.IFO
[2005/07/12 18:45:22 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F70_VTS_1.IFO
[2005/07/12 18:45:22 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F70_VTS_5.IFO
[2005/07/12 18:45:22 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F70_VTS_4.IFO
[2005/07/12 18:45:22 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F70_VTS_3.IFO
[2005/07/12 18:45:22 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F70_VTS_2.IFO
[2005/07/12 18:45:21 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\TL\Application Data\00000F70_VTS_0.IFO
[2005/07/10 17:46:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/06/29 19:02:09 | 000,000,137 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2005/06/29 18:58:51 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2005/06/27 20:25:32 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\TL\Local Settings\Application Data\fusioncache.dat
[2005/06/27 08:33:03 | 000,001,441 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2005/06/26 21:43:35 | 000,000,051 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2005/06/26 20:53:01 | 000,000,508 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/26 20:43:39 | 000,000,214 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/06/26 20:39:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2005/06/26 20:35:03 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS3g.DLL
[2005/04/12 16:53:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/04/12 16:51:34 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/04/12 16:21:06 | 000,000,367 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/28 05:08:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 10:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 10:03:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/04 02:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[1997/09/12 00:00:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ODBCMON.DLL
[1997/09/12 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/09/12 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1979/12/31 21:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

========== Custom Scans ==========


< :OTL >

< O33 - MountPoints2\{819c1a5b-ba2a-11dc-b4a3-001111ec85dc}\Shell\AutoRun\command - "" = BOOTEX\thumbcache_131.exe >

< O33 - MountPoints2\{819c1a5b-ba2a-11dc-b4a3-001111ec85dc}\Shell\explore\command - "" = BOOTEX/thumbcache_131.exe >

< O33 - MountPoints2\{819c1a5b-ba2a-11dc-b4a3-001111ec85dc}\Shell\open\command - "" = .////BOOTEX/thumbcache_131.exe >

< O33 - MountPoints2\{ec4b6af1-6350-11da-afbb-00038a000015}\Shell\AutoRun\command - "" = G:\BOOTEX\thumbcache_131.exe -- File not found >

< O33 - MountPoints2\{ec4b6af1-6350-11da-afbb-00038a000015}\Shell\explore\command - "" = G:\BOOTEX\thumbcache_131.exe -- File not found >

< O33 - MountPoints2\{ec4b6af1-6350-11da-afbb-00038a000015}\Shell\open\command - "" = G:\.\\BOOTEX\thumbcache_131.exe -- File not found >

< >

< >

< >

< End of report >

ESET Scan Report

C:\_OTL\MovedFiles\12042010_180155\C_WINDOWS\SYSTEM32\drivers\etc\hosts Win32/Qhost trojan cleaned by deleting - quarantined

Thanks

#13 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:11 AM

Posted 09 December 2010 - 11:58 AM

Hi Underattacked09,

You need to run the OTL fix here, again. When you run OTL with the code in it, you need to click run FIX instead of run SCAN. Everything else looks fine to me now.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.

  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

Cleaning and creating restore points
  • Click Start, right click My Computer and select properties.
  • Select the System Restore tab then check the box "Turn off System Restore".
  • Click Apply then Ok, then restart your computer
  • Now follow these steps again, but instead of checking "Turn off System Restore" Uncheck it.
Now that you have cleaned out you restore points you need to set a new restore point
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Select "Create a restore point" then click Next.
  • Type a name under Restore point description then click Create.
Additional instructions can be found here if needed.

Note: This does not need to be done on a regular basis.

Congratulations! You now appear clean! :thumbsup:

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Keeping Windows updated
It is extremely important to keep windows up to date with the latest service pack and patches. This will
prevent you from getting the malware which uses vulnerabilities found in windows to exploit your computer.
The easiest way to do this this is by making sure that Automatic Updates are always enabled.

To do this Click on Start >> Control Panel >> Automatic updates and click Automatic (recommended) then Apply and Ok

Make sure all programs are updated
It is also possible for other programs on your computer to have security vulnerability that can allow malware
to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed
applications that are regularly patched to fix vulnerabilities. You can check these by visiting
Calendar of Updates or you can install Secunia PSI.

Install a Firewall
I can not stress how important it is that you use a third party Firewall on your computer. Without a firewall
your computer is susceptible to being hacked and taken over. Windows firewall is good for blocking inbound
connections but it does not block outbound connections. So if Malware manages to get onto your computer it
will be able to send data out when it wants. Here are some free firewalls, you only need to install one of these.

Zone Alarm
Outpost
PC Tools

After you install the third party firewall disable your Windows firewall. Go to My Computer >> Control Panel >> Windows Firewall
and choose Off (not recommended) option. Then click Apply and Ok.

Install Sanboxie
Sandboxie is a great program to help protect you against malware, working inside Sandboxie will basically
mean that, what you are doing will not make a permenant changes to your system, unless you allow it too.
So you can be surfing the web inside Sandboxie then if you happen to stumble upon a bad site and get
infected, you can simply delete the Sanbox and all is gone. Having said that, it can not be considered 100%
secure as no program can be, but it can be a great help and is an excellent program. You can find a download
link and more information about the program here.

Secure your browsing
Firefox is generally considered to be a lot safer that Internet Explorer, I would recommend that you install
Firefox and install some addons that will make the browser even safer. You can download the latest version
of Firefox here, if you already have firefox these are some good addons.

Recommended addons
NoScript
Adblock Plus
WOT

Install SpywareBlaster
SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you
from running and downloading known malicious programs. You can find a tutorial and download link here.

Use MVPS hosts file
Using a custom host file like the MVPS HOSTS file can help to block ads, banners, 3rd party Cookies,
3rd party page counters, web bugs, and even most hijackers. It doesn't use up any extra system resources
and may even speed up the loading of web pages. You can download and find instructions here.

Follow this list and your potential for being infected again will reduce dramatically.

Happy surfing :)

unite.jpg


#14 Underattacked09

Underattacked09
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 10 December 2010 - 11:38 AM

Hi Syler,

Thanks for your help. I will follow your advise. I believe you can go ahead and close this topic.

Thanks once again !!!!!

#15 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:11 AM

Posted 10 December 2010 - 12:03 PM

You're very welcome :)

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users